How to Forge Email with Windows XP Telnet
Want a computer you can telnet into and mess around with, and not get into trouble no matter what you do to it? I've set up mytechbroker.com (206.61.52.33) with user xyz, password guest for you to play with. Here's how to forge email to xyz@techbroker.com usingtelnet. Start with the command:
C:\>telnet techbroker.com 25Connecting To Techbroker.com
220 <techbroker.com> Service ready
Now you type in who you want the message to appear to come from:
helo santa@techbroker.comTechbroker.com will answer:
250 <techbroker.com> host ready
Next type in your mail from address:
mail from:santa@techbroker.com
250 Requested mail action okay, completed
Your next command:
rcpt to:xyz@techbroker.com250 Requested mail action okay, completed
Your next command:data354 Start main input; end with <CRLF>.<CRLF>
Newbie note: <CRLF> just means hit return. In case you can't see that little period between the <CRLF>s, what you do to end composing your email is to hit enter, type a period, then hit enter again.
Anyhow, try typing:
This is a test..250 Requested mail action okay, completedquit221 <techbroker.com> Service closing transmission channel
Connection to host lost.
Using techbroker's mail server, even if you enable full headers, themessage we just composed looks like:
Status: RX-status: N
This is a test.
That's a pretty pathetic forged email, huh? No "from", no date.However, you can make your headers better by using a trick with the data command. After you give it, you can insert as many headers as you choose. The trick is easier to show than explain:
220 <techbroker.com> Service readyhelo santa@northpole.org250 <techbroker.com> host readymail from:santa@northpole.com250 Requested mail action okay, completedrcpt to:<script language="JavaScript"><!-- var name = "cmeinel"; var domain = "techbroker.com"; document.write('<a href=\"mailto:' + name + '@' + domain + '\">'); document.write(name + '@' + domain + '</a>'); // --></script>250 Requested mail action okay, completeddata354 Start main input; end with <CRLF>.<CRLF>from:santa@deer.northpole.orgDate: Mon, 21 Oct 2002 10:09:16 -0500Subject: RudolfThis is a Santa test..250 Requested mail action okay, completedquit221 <techbroker.com> Service closing transmission channel
The message then looks like:
from:santa@deer.northpole.orgDate: Mon, 21 Oct 2002 10:09:16 -0500Subject: RudolfThis is a Santa test.
The trick is to start each line you want in the headers with one wordfollowed by a colon, and the a line followed by "return". As soon asyou write a line that doesn't begin this way, the rest of what youtype goes into the body of the email.
Notice that the santa@northpole.com from the "mail from:" command didn't show up in the header. Some mail servers would show both "from" addresses.
You can forge email on techbroker.com within one strict limitation.Your email has to go to someone at techbroker.com. If you can find any way to send email to someone outside techbroker, let us know, because you will have broken our security, muhahaha! Don't worry, you have my permission.
Next, you can read the email you forge on techbroker.com via telnet:
C:\>telnet techbroker.com 110
+OK <30961.5910984301@techbroker.com> service ready
Give this command:user xyz+OK user is known
Then type in this:pass test+OK mail drop has 2 message(s)
retr 1+OK message followsThis is a test.
If you want to know all possible commands, give this command:
help+OK help list followsUSER userPASS passwordSTATLIST [message]RETR messageDELE messageNOOPRSETQUITAPOP user md5TOP message linesUIDL [message]HELP
Unless you use a weird online provider like AOL, you can use thesesame tricks to send and receive your own email. Or you can forge email to a friend by telnetting to his or her online provider's emailsending computer(s).
kopia23