How To Send Disguised (forged) E-Mail.... The Normal Disclaimer.. To begin with I would like to say that I do not condone any type of illegal activity that can be done with the knowledge you will get from this file. I will not be held responsible if you get booted of the net. Now that thats done with on to the file. There is nothing special about this text file..There are a few already written on the same subject but I Figuered I would give a detailed example of how to execute this hack perfectly, give out the ability to find your own servers, show the many options you have with this hack, and I will also provide a list of servers that can be used to execute this hack. ________________________________________________________________________ Sections.. I - List of servers II - Execution through your telnet client A. Complete overview III - Execution through your shell account (recomended) A. Complete overview IV - How to find your own servers A. Finding them through interNIC B. Finding them with your shell account (strongly recomended!) V - Copyright A. Shoutouts B. Inspirations ________________________________________________________________________ Section I - Server list. To begin with I will list some servers that can be used..Take your pick.. tomahawk.gate.net ns.web2010.com ns2.web2010.com strech.cyber-naut.com itis.easilink.com ns.valueweb.net These are just a few that I have. I am going to explain how to find your own later in the text so dont worry about the short list. ________________________________________________________________________ Section II - Exectuion through your telnet client. O.K. Now that you have decided what server you want to use you will have to open your telnet client (I reccomend CRT, I personally use this one). Once your client is open (again this file assumes you are using CRT) you will type in the server address and in the port section replace port 23 with 25 (once in a great while its port 19). Press enter to connect. Once connected you should see a message similar to this, 220 io. Sendmail SMI-8.6/SMI-SVR4 ready at Wed, 6 Aug 1997 17:17:20 -0400 the next line is optional although for some servers it is required or some may not allow it helo somebody@nobody.com the computer responds with, 250 io. Hello [Your IP addess], pleased to meet you This next line is to identify who the mail is from so you type, mail from:whoever@whatever.com the computer responds with, 250 whoever@whatever.com... Sender is valid. this next line will identify who this letter is to be sent to so you type, rcpt to:whoever@whatever.com the computer responds with, 250 whoever@whatever.com... Recipient is valid. next line marks the begining of your message so type data the computer will respond with, 354 Enter mail. End with the . character on a line by itself. this part is optional (I recomned using them), from:whoever@whatever.com to:whoever@whatever.com Subject:letter subject next you will type in your message..if you do not wish to use the commands above just start typing your message. "this is a test message" . NOTE: The period must be on a line by itself! the computer responds, 250 Ok your done just type in, quit Section II - A. Here is the overview of what just happened, 220 io. Sendmail SMI-8.6/SMI-SVR4 ready at Wed, 6 Aug 1997 17:17:20 -0400 helo somebody@nobody.com 250 io. Hello [Your IP addess], pleased to meet you mail from:whoever@whatever.com 250 whoever@whatever.com... Sender ok rcpt to:whoever@whatever.com 250 whoever@whatever.com... Recipient ok data 354 Enter mail, end with "." on a line by itself from:whoever@whatever.com to:whoever@whatever.com Subject:your subject you message here . 250 XAA06854 Message accepted for delivery quit 220 io. Sendmail SMI-8.6/SMI-SVR4 closing connection Connection closed by foreign host. ________________________________________________________________________ Section III - Execution through your shell account (recomended) So you have a shell account..Good! Shell accounts are very useful to the internet hacker.. Lets get started.. This assumes that you will use ns.web2010.com as you selected server and the user jeff@jeff.com (if there is even such a domain).. Why do I recomend using a shell account? Because of the extra power it gives you. Extra power means more advantage. And that is its own explination! Dial in or telnet to your shell account and login. usually you will get the "$" prompt. at this promp you will type, telnet ns.web2010.com 25 computer responds, Trying 207.124.96.253... Connected to ns.web2010.com. Escape character is '^]'. 220 ESMTP ns.web2010.com Sendmail 8.8.5/8.6.9 ready at Wed, 6 Aug 1997 17:49:37 -0400 (EDT) again this command is usually optional but some systems may require it or some may not allow it, helo jeff@jeff.com the computer responds, 250 io. Hello [Your IP addess], pleased to meet you this command lets the computer know who the message is from so you type, mail from:jeff@jeff.com the computer responds, 250 jeff@jeff.com... Sender ok this command lets the computer know who the message is to so you type, rcpt to:jeff@jeff.com the computer responds, 250 jeff@jeff.com... Recipient ok this next command is required so type, data the next few lines are optional ( I recomend using them) from:jeff@jeff.com to:jeff@jeff.com Subject:your subject type your message here . NOTE: period must be on line by itself! the computer responds, 250 XAA06854 Message accepted for delivery your done! now just type, quit Section III - A. Not very hard is it ? Now for the overview..this is what the completed process shoud look like, telnet ns.web2010.com 25 Trying 207.124.96.253... Connected to ns.web2010.com. Escape character is '^]'. 220 ESMTP ns.web2010.com Sendmail 8.8.5/8.6.9 ready at Wed, 6 Aug 1997 23:22:37 -0400 (EDT) helo jeff@jeff.com 250 io. Hello [Your IP addess], pleased to meet you mail from:jeff@jeff.com 250 jeff@jeff.com... Sender ok rcpt to:jeff@jeff.com 250 jeff@jeff.com... Recipient ok data 354 Enter mail, end with "." on a line by itself from:jeff@jeff.com to:jeff@jeff.com Subject:your subject you message here . 250 XAA06854 Message accepted for delivery quit 221 ns.web2010.com closing connection Connection closed by foreign host. ________________________________________________________________________ Section IV - How to find your own servers. This is very easy,easy,easy hacking. I wouldnt even call it hacking cause anyone who can type can find this information. Here is how its done. There are 2 options to do this.. One is with a shell account. The other is with the interNIC website. IV - A. Finding mail servers through interNIC..Well this is the long and boring way.. I am not going to go into great detail for this option cause I think its pretty self explanitory. Go the interNIC website (http://www.internic.com) Search for a taken domain. it should come up with the info on the search..see below (assuming you looked up hackers.com) you will first get a message saying "Domain name used". and there will be a button which reads"Show me whois output" click this button and this is what you get.. Here is the raw whois output for hackers.com: Hackers Haven (HACKERS3-DOM) 526 S. 490 W. Orem, UT 84058 Domain Name: HACKERS.COM Administrative Contact: Wilkinson, Ed (EW110) postmaster@HACKERS.COM (801) 225-7907 Technical Contact, Zone Contact: Secure Network Systems Hostmaster (SNS3-ORG) hostmaster@SECURE.NET tel.: 801-224-9346 Fax- - - .: 801-224-6009 Record last updated on 30-Dec-96. Record created on 02-Jun-95. Database last updated on 6-Aug-97 04:21:02 EDT. Domain servers in listed order: NS1.SECURE.NET 192.41.1.10 NS2.SECURE.NET 192.41.2.10 The InterNIC Registration Services Host contains ONLY Internet Information (Networks, ASN's, Domains, and POC's). Please use the whois server at nic.ddn.mil for MILNET Information. O.K. now that all this juicy info. is up for us its time to get the server. See the server called "NS1.SECURE.NET" well this can (most likely) be used as a mail server as well as the second server can be used (once again most likely) Thats it..Now you have yourself a mail server to have fun with.. Remember the port to be used is 25 (hardly ever but possibly port 19) Section IV - B. Finding mail servers through your shell account..This is the easiest way to do this..This is how its done. Login to your shell. from there use this comand (assuming you are looking up hackers.com) whois hackers.com the computer responds, [rs.internic.net] Hackers Haven (HACKERS3-DOM) 526 S. 490 W. Orem, UT 84058 Domain Name: HACKERS.COM Administrative Contact: Wilkinson, Ed (EW110) postmaster@HACKERS.COM (801) 225-7907 Technical Contact, Zone Contact: Secure Network Systems Hostmaster (SNS3-ORG) hostmaster@SECURE.NET tel.: 801-224-9346 Fax- - - .: 801-224-6009 Record last updated on 30-Dec-96. Record created on 02-Jun-95. Database last updated on 6-Aug-97 04:21:02 EDT. Domain servers in listed order: NS1.SECURE.NET 192.41.1.10 NS2.SECURE.NET 192.41.2.10 The InterNIC Registration Services Host contains ONLY Internet Information (Networks, ASN's, Domains, and POC's). Please use the whois server at nic.ddn.mil for MILNET Information. O.K. now that all this juicy info. is up for us its time to get the server. See the server called "NS1.SECURE.NET" well this can (most likely) be used as a mail server as well as the second server can be used (once again most likely) Thats it..Now you have yourself a mail server to have fun with.. Remember the port to be used is 25 (hardly ever but possibly port 19) ________________________________________________________________________ Section V - Copyright ======================================================================== This file is completely copyrighted (c) by CycO (http://www.nmia.com/~ricans) . It may be reused as long as the entire page stays in tact. By this I mean no changes what so ever. For more info on me or my life go to my webpage. Questions or comments about this file or about life can go to cyco@earthling.net . Until next time.... ======================================================================== Section V - A. - Shoutouts ======================================================================== Here is my list of shoutouts... Shadow Chill (http://www.shadowchill.com) Technics (http://www.tdyc.com/~technics) CrOoK (http://members.tripod.com/~CrOoK) Lynx (http://www.hpvca.com) Splatter (http://www.hpvca.com/splatter) DigitaL HolocausT uHPA TwistedinterneT ServiceS Lordz of Destruction The Dismembered Youth's Corp. AntiAol Webring Dark Error Webring ======================================================================== Section V - B. ======================================================================== Inspirations.. First of all hats off to The Guides to (mostly) Harmless Hacking..Keep up the good work! CrOoK..for giving me the idea of writing a file,that has been writin before, and making it better with all options available.. Shadow Chill for just kicking ass!! My friends,my family,and God (ofcourse) ========================================================================