How to Forge Email with Windows XP Telnet
Want a computer you can telnet into and mess around with, and not get into trouble no matter what you do to it? I've set up my techbroker.com (206.61.52.33) with user xyz, password guest for you to play with. Here's how to forge email to xyz@techbroker.com using telnet. Start with the command:
C:\>telnet techbroker.com 25 Connecting To Techbroker.com
220 <techbroker.com> Service ready
Now you type in who you want the message to appear to come from:
helo santa@techbroker.com Techbroker.com will answer:
250 <techbroker.com> host ready
Next type in your mail from address:
mail from:santa@techbroker.com
250 Requested mail action okay, completed
Your next command:
rcpt to:xyz@techbroker.com 250 Requested mail action okay, completed
Your next command: data 354 Start main input; end with <CRLF>.<CRLF>
Newbie note: <CRLF> just means hit return. In case you can't see that little period between the <CRLF>s, what you do to end composing your email is to hit enter, type a period, then hit enter again.
Anyhow, try typing:
This is a test. . 250 Requested mail action okay, completed quit 221 <techbroker.com> Service closing transmission channel
Connection to host lost.
Using techbroker's mail server, even if you enable full headers, the message we just composed looks like:
Status: R X-status: N
This is a test.
That's a pretty pathetic forged email, huh? No "from", no date. However, you can make your headers better by using a trick with the data command. After you give it, you can insert as many headers as you choose. The trick is easier to show than explain:
220 <techbroker.com> Service ready helo santa@northpole.org 250 <techbroker.com> host ready mail from:santa@northpole.com 250 Requested mail action okay, completed rcpt to:<script language="JavaScript"><!-- var name = "cmeinel"; var domain = "techbroker.com"; document.write('<a href=\"mailto:' + name + '@' + domain + '\">'); document.write(name + '@' + domain + '</a>'); // --></script> 250 Requested mail action okay, completed data 354 Start main input; end with <CRLF>.<CRLF> from:santa@deer.northpole.org Date: Mon, 21 Oct 2002 10:09:16 -0500 Subject: Rudolf This is a Santa test. . 250 Requested mail action okay, completed quit 221 <techbroker.com> Service closing transmission channel
Connection to host lost.
The message then looks like:
from:santa@deer.northpole.org Date: Mon, 21 Oct 2002 10:09:16 -0500 Subject: Rudolf This is a Santa test.
The trick is to start each line you want in the headers with one word followed by a colon, and the a line followed by "return". As soon as you write a line that doesn't begin this way, the rest of what you type goes into the body of the email.
Notice that the santa@northpole.com from the "mail from:" command didn't show up in the header. Some mail servers would show both "from" addresses.
You can forge email on techbroker.com within one strict limitation. Your email has to go to someone at techbroker.com. If you can find any way to send email to someone outside techbroker, let us know, because you will have broken our security, muhahaha! Don't worry, you have my permission.
Next, you can read the email you forge on techbroker.com via telnet:
C:\>telnet techbroker.com 110
+OK <30961.5910984301@techbroker.com> service ready
Give this command: user xyz +OK user is known
Then type in this: pass test +OK mail drop has 2 message(s)
retr 1 +OK message follows This is a test.
If you want to know all possible commands, give this command:
help +OK help list follows USER user PASS password STAT LIST [message] RETR message DELE message NOOP RSET QUIT APOP user md5 TOP message lines UIDL [message] HELP
Unless you use a weird online provider like AOL, you can use these same tricks to send and receive your own email. Or you can forge email to a friend by telnetting to his or her online provider's email sending computer(s).
How to Telnet with Windows XP
The queen of hacker commands is telnet. To get Windows help for telnet, in the cmd.exe window give the command:
C:\>telnet /?
Here's what you will get:
telnet [-a][-e escape char][-f log file][-l user][-t term][host [port]] -a Attempt automatic logon. Same as -l option except uses the currently logged on user's name. -e Escape character to enter telnet client prompt. -f File name for client side logging -l Specifies the user name to log in with on the remote system. Requires that the remote system support the TELNET ENVIRON option. -t Specifies terminal type. Supported term types are vt100, vt52, ansi and vtnt only. host Specifies the hostname or IP address of the remote computer to connect to.
port Specifies a port number or service name.
**************** Newbie note: what is a port on a computer? A computer port is sort of like a seaport. It's where things can go in and/or out of a computer. Some ports are easy to understand, like keyboard, monitor, printer and modem. Other ports are virtual, meaning that they are created by software. When that modem port of yours (or LAN or ISDN or DSL) is connected to the Internet, your computer has the ability to open or close any of over 65,000 different virtual ports, and has the ability to connect to any of these on another computer - if it is running that port, and if a firewall doesn?t block it. **************** **************** Newbie note: How do you address a computer over the Internet? There are two ways: by number or by name. ****************
The simplest use of telnet is to log into a remote computer. Give the command:
C:/>telnet targetcomputer.com (substituting the name of the computer you want to telnet into for targetcomputer.com)
If this computer is set up to let people log into accounts, you may get the message:
login:
Type your user name here, making sure to be exact. You can't swap between lower case and capital letters. For example, user name Guest is not the same as guest.
**************** Newbie note: Lots of people email me asking how to learn what their user name and password are. Stop laughing, darn it, they really do. If you don't know your user name and password, that means whoever runs that computer didn't give you an account and doesn't want you to log on. ****************
Then comes the message:
Password:
Again, be exact in typing in your password.
What if this doesn't work?
Every day people write to me complaining they can't telnet. That is usually because they try to telnet into a computer, or a port on a computer that is set up to refuse telnet connections. Here's what it might look like when a computer refuses a telnet connection:
C:\ >telnet 10.0.0.3 Connecting To 10.0.0.3...Could not open connection to the host, on port 23. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Or you might see:
C:\ >telnet techbroker.com Connecting To techbroker.com...Could not open connection to the host, on port 23. No connection could be made because the target machine actively refused it.
If you just give the telnet command without giving a port number, it will automatically try to connect on port 23, which sometimes runs a telnet server.
************** Newbie note: your Windows computer has a telnet client program, meaning it will let you telnet out of it. However you have to install a telnet server before anyone can telnet into port 23 on your computer. *************
If telnet failed to connect, possibly the computer you were trying to telnet into was down or just plain no longer in existence. Maybe the people who run that computer don't want you to telnet into it.
How to Telnet into a Shell Account
Even though you can't telnet into an account inside some computer, often you can get some information back or get that computer to do something interesting for you. Yes, you can get a telnet connection to succeed -without doing anything illegal --against almost any computer, even if you don't have permission to log in. There are many legal things you can do to many randomly chosen computers with telnet. For example:
C:/telnet freeshell.org 22
SSH-1.99-OpenSSH_3.4p1
That tells us the target computer is running an SSH server, which enables encrypted connections between computers. If you want to SSH into an account there, you can get a shell account for free at <http://freeshell.org/> . You can get a free SSH client program from <http://winfiles.com/> .
One reason most hackers have shell accounts on Internet servers is because you can meet the real hackers there. When you've logged in, give the command w or who. That gives a list of user names. You can talk to other users with tht talk command. Another fun thing, if your shell account allows it, is to give the command
ps -auxww
It might tell you what commands and processes other users are running. Ask other users what they are doing and they might teach you something. Just be careful not to be a pest!
*************** You can get punched in the nose warning: Your online provider might kick you off for making telnet probes of other computers. The solution is to get a local online provider and make friends with the people who run it, and convince them you are just doing harmless, legal explorations. *************
Sometimes a port is running an interesting program, but a firewall won't let you in. For example, 10.0.0.3, a computer on my local area network, runs an email sending program, (sendmail working together with Postfix, and using Kmail to compose emails). I can use it from an account inside 10.0.0.3 to send emails with headers that hide from where I send things.
If I try to telnet to this email program from outside this computer, here's what happens:
C:\>telnet 10.0.0.3 25 Connecting To 10.0.0.3...Could not open connection to the host, on port 25. No connection could be made because the target machine actively refused it.
However, if I log into an account on 10.0.0.3 and then telnet from inside to port 25, here's what I get:
Last login: Fri Oct 18 13:56:58 2002 from 10.0.0.1 Have a lot of fun... cmeinel@test-box:~> telnet localhost 25 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... [Carolyn's note: 127.0.0.1 is the numerical address meaning localhost, the same computer you are logged into] Connected to localhost. Escape character is '^]'. 220 test-box.local ESMTP Postfix
The reason I keep this port 25 hidden behind a firewall is to keep people from using it to try to break in or to forge email. Now the ubergeniuses reading this will start to make fun of me because no Internet address that begins with 10. is reachable from the Internet. However, sometimes I place this "test-box" computer online with a static Internet address, meaning whenever it is on the Internet, it always has the same numerical address. I'm not going to tell you what its Internet address is because I don't want anyone messing with it. I just want to mess with other people's computers with it, muhahaha. That's also why I always keep my Internet address from showing up in the headers of my emails.
*************** Newbie note: What is all this about headers? It's stuff at the beginning of an email that may - or may not - tell you a lot about where it came from and when. To see full headers, in Outlook click view -> full headers. In Eudora, click the "Blah blah blah" icon. ****************
Share it to our fruends like this to share to friends and thanks
Want a computer you can telnet into and mess around with, and not get into trouble no matter what you do to it? I've set up my techbroker.com (206.61.52.33) with user xyz, password guest for you to play with. Here's how to forge email to xyz@techbroker.com using telnet. Start with the command:
C:\>telnet techbroker.com 25 Connecting To Techbroker.com
220 <techbroker.com> Service ready
Now you type in who you want the message to appear to come from:
helo santa@techbroker.com Techbroker.com will answer:
250 <techbroker.com> host ready
Next type in your mail from address:
mail from:santa@techbroker.com
250 Requested mail action okay, completed
Your next command:
rcpt to:xyz@techbroker.com 250 Requested mail action okay, completed
Your next command: data 354 Start main input; end with <CRLF>.<CRLF>
Newbie note: <CRLF> just means hit return. In case you can't see that little period between the <CRLF>s, what you do to end composing your email is to hit enter, type a period, then hit enter again.
Anyhow, try typing:
This is a test. . 250 Requested mail action okay, completed quit 221 <techbroker.com> Service closing transmission channel
Connection to host lost.
Using techbroker's mail server, even if you enable full headers, the message we just composed looks like:
Status: R X-status: N
This is a test.
That's a pretty pathetic forged email, huh? No "from", no date. However, you can make your headers better by using a trick with the data command. After you give it, you can insert as many headers as you choose. The trick is easier to show than explain:
220 <techbroker.com> Service ready helo santa@northpole.org 250 <techbroker.com> host ready mail from:santa@northpole.com 250 Requested mail action okay, completed rcpt to:<script language="JavaScript"><!-- var name = "cmeinel"; var domain = "techbroker.com"; document.write('<a href=\"mailto:' + name + '@' + domain + '\">'); document.write(name + '@' + domain + '</a>'); // --></script> 250 Requested mail action okay, completed data 354 Start main input; end with <CRLF>.<CRLF> from:santa@deer.northpole.org Date: Mon, 21 Oct 2002 10:09:16 -0500 Subject: Rudolf This is a Santa test. . 250 Requested mail action okay, completed quit 221 <techbroker.com> Service closing transmission channel
Connection to host lost.
The message then looks like:
from:santa@deer.northpole.org Date: Mon, 21 Oct 2002 10:09:16 -0500 Subject: Rudolf This is a Santa test.
The trick is to start each line you want in the headers with one word followed by a colon, and the a line followed by "return". As soon as you write a line that doesn't begin this way, the rest of what you type goes into the body of the email.
Notice that the santa@northpole.com from the "mail from:" command didn't show up in the header. Some mail servers would show both "from" addresses.
You can forge email on techbroker.com within one strict limitation. Your email has to go to someone at techbroker.com. If you can find any way to send email to someone outside techbroker, let us know, because you will have broken our security, muhahaha! Don't worry, you have my permission.
Next, you can read the email you forge on techbroker.com via telnet:
C:\>telnet techbroker.com 110
+OK <30961.5910984301@techbroker.com> service ready
Give this command: user xyz +OK user is known
Then type in this: pass test +OK mail drop has 2 message(s)
retr 1 +OK message follows This is a test.
If you want to know all possible commands, give this command:
help +OK help list follows USER user PASS password STAT LIST [message] RETR message DELE message NOOP RSET QUIT APOP user md5 TOP message lines UIDL [message] HELP
Unless you use a weird online provider like AOL, you can use these same tricks to send and receive your own email. Or you can forge email to a friend by telnetting to his or her online provider's email sending computer(s).
How to Telnet with Windows XP
The queen of hacker commands is telnet. To get Windows help for telnet, in the cmd.exe window give the command:
C:\>telnet /?
Here's what you will get:
telnet [-a][-e escape char][-f log file][-l user][-t term][host [port]] -a Attempt automatic logon. Same as -l option except uses the currently logged on user's name. -e Escape character to enter telnet client prompt. -f File name for client side logging -l Specifies the user name to log in with on the remote system. Requires that the remote system support the TELNET ENVIRON option. -t Specifies terminal type. Supported term types are vt100, vt52, ansi and vtnt only. host Specifies the hostname or IP address of the remote computer to connect to.
port Specifies a port number or service name.
**************** Newbie note: what is a port on a computer? A computer port is sort of like a seaport. It's where things can go in and/or out of a computer. Some ports are easy to understand, like keyboard, monitor, printer and modem. Other ports are virtual, meaning that they are created by software. When that modem port of yours (or LAN or ISDN or DSL) is connected to the Internet, your computer has the ability to open or close any of over 65,000 different virtual ports, and has the ability to connect to any of these on another computer - if it is running that port, and if a firewall doesn?t block it. **************** **************** Newbie note: How do you address a computer over the Internet? There are two ways: by number or by name. ****************
The simplest use of telnet is to log into a remote computer. Give the command:
C:/>telnet targetcomputer.com (substituting the name of the computer you want to telnet into for targetcomputer.com)
If this computer is set up to let people log into accounts, you may get the message:
login:
Type your user name here, making sure to be exact. You can't swap between lower case and capital letters. For example, user name Guest is not the same as guest.
**************** Newbie note: Lots of people email me asking how to learn what their user name and password are. Stop laughing, darn it, they really do. If you don't know your user name and password, that means whoever runs that computer didn't give you an account and doesn't want you to log on. ****************
Then comes the message:
Password:
Again, be exact in typing in your password.
What if this doesn't work?
Every day people write to me complaining they can't telnet. That is usually because they try to telnet into a computer, or a port on a computer that is set up to refuse telnet connections. Here's what it might look like when a computer refuses a telnet connection:
C:\ >telnet 10.0.0.3 Connecting To 10.0.0.3...Could not open connection to the host, on port 23. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Or you might see:
C:\ >telnet techbroker.com Connecting To techbroker.com...Could not open connection to the host, on port 23. No connection could be made because the target machine actively refused it.
If you just give the telnet command without giving a port number, it will automatically try to connect on port 23, which sometimes runs a telnet server.
************** Newbie note: your Windows computer has a telnet client program, meaning it will let you telnet out of it. However you have to install a telnet server before anyone can telnet into port 23 on your computer. *************
If telnet failed to connect, possibly the computer you were trying to telnet into was down or just plain no longer in existence. Maybe the people who run that computer don't want you to telnet into it.
How to Telnet into a Shell Account
Even though you can't telnet into an account inside some computer, often you can get some information back or get that computer to do something interesting for you. Yes, you can get a telnet connection to succeed -without doing anything illegal --against almost any computer, even if you don't have permission to log in. There are many legal things you can do to many randomly chosen computers with telnet. For example:
C:/telnet freeshell.org 22
SSH-1.99-OpenSSH_3.4p1
That tells us the target computer is running an SSH server, which enables encrypted connections between computers. If you want to SSH into an account there, you can get a shell account for free at <http://freeshell.org/> . You can get a free SSH client program from <http://winfiles.com/> .
One reason most hackers have shell accounts on Internet servers is because you can meet the real hackers there. When you've logged in, give the command w or who. That gives a list of user names. You can talk to other users with tht talk command. Another fun thing, if your shell account allows it, is to give the command
ps -auxww
It might tell you what commands and processes other users are running. Ask other users what they are doing and they might teach you something. Just be careful not to be a pest!
*************** You can get punched in the nose warning: Your online provider might kick you off for making telnet probes of other computers. The solution is to get a local online provider and make friends with the people who run it, and convince them you are just doing harmless, legal explorations. *************
Sometimes a port is running an interesting program, but a firewall won't let you in. For example, 10.0.0.3, a computer on my local area network, runs an email sending program, (sendmail working together with Postfix, and using Kmail to compose emails). I can use it from an account inside 10.0.0.3 to send emails with headers that hide from where I send things.
If I try to telnet to this email program from outside this computer, here's what happens:
C:\>telnet 10.0.0.3 25 Connecting To 10.0.0.3...Could not open connection to the host, on port 25. No connection could be made because the target machine actively refused it.
However, if I log into an account on 10.0.0.3 and then telnet from inside to port 25, here's what I get:
Last login: Fri Oct 18 13:56:58 2002 from 10.0.0.1 Have a lot of fun... cmeinel@test-box:~> telnet localhost 25 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... [Carolyn's note: 127.0.0.1 is the numerical address meaning localhost, the same computer you are logged into] Connected to localhost. Escape character is '^]'. 220 test-box.local ESMTP Postfix
The reason I keep this port 25 hidden behind a firewall is to keep people from using it to try to break in or to forge email. Now the ubergeniuses reading this will start to make fun of me because no Internet address that begins with 10. is reachable from the Internet. However, sometimes I place this "test-box" computer online with a static Internet address, meaning whenever it is on the Internet, it always has the same numerical address. I'm not going to tell you what its Internet address is because I don't want anyone messing with it. I just want to mess with other people's computers with it, muhahaha. That's also why I always keep my Internet address from showing up in the headers of my emails.
*************** Newbie note: What is all this about headers? It's stuff at the beginning of an email that may - or may not - tell you a lot about where it came from and when. To see full headers, in Outlook click view -> full headers. In Eudora, click the "Blah blah blah" icon. ****************
Share it to our fruends like this to share to friends and thanks
Comments
Post a Comment