The wonderful and evil world of e-mail The art of e-mail forging and tracing explained in one simple text This is my second article on hacking my first being the ethics of a true hacker which is available on my website at http://www.angelfire.com/co/hackethics/index.html. This article will touch on the subject of mail forgery and tracing. Please beaware any info learned this article is to be used only for the purposes of information and not wrong doing. The Mob Boss will in no way be responsible for your stupidity. Now on with the article. Now there has been several guides written about this on the internet yet a lot of people still don't understand or haven't have read about it yet. Most of the guides fail to show you how to find a willing server as well since that is the major problem these days. I. Forgery -E-mail forging, how is this done? This is quite easy to do as long as you can type and boot up telnet. Telnet is a program for connecting to remote hosts and it ships with 95/98. To run this program simply goto run then telnet or the ms-dos prompt then simply type telnet while in the c:\windows. Thats simple enough and I hope that every newbie hacker who is running windows becomes good freinds with telnet because if you want to ever want to hack your going to do it through it telnet that is for sure when you are running windows for your main operating system. Now the second step is connecting to a remote host, the computer you want to do this from. Now I will almost garuntee on your first shot you will not get to forge mail your first time because over the years sercurity has become better and sysadmins are stoping the routing of mail. Anyways, click file and then remote host. This brings up a box in which you choose a port and a host. Now for port notice that a default value of telnet is in there. Thats the equivelent of port 23. That is used to physically log into a system such as into your ISP shell account which allows you to give unix commands to one of your ISP's computers. We won't be working with that default port, the telnet one, we will be working with port 25 the SMTP port which is the port that sends out mail. This is the port which mail forging, mailbombers, and those sendmail exploits you see so much of occur on. So lets begin by choosing a host and then a port 25. Now if this doesn't work on the first computer don't get discouraged thats the best trait a hacker can display, persistance. Now when we telnet in we will be dislayed with a welcome message which will have the computer's name and hostname. It will be followed by the daemon software they are using usually sendmail, which runs on a UNIX platform and is to say the least an intruders best freind in gaining root. Now the second step is to greet the computer (they have feelings too you know): helo Dreamer.Foobar.com Then the computer will say hello and will display where they logged you from. The next thing to do is to specify a return address. For this put in any god damn thing you want, remember you are in controll muhahahahahah: mail from: President@whitehouse.gov Now if everything goes according to plan and the machine allows routing well then bingo you won the booby prize. But were getting ahead of ourselves there is still another crucial step. We have to specify a recipent which will tell us wether or not this computer wants to be our freind or not: rcpt to: Lewinsky@interns.com Now if you get a message such as, Sorry routing not allowed, well then your out of luck and move onto the next machine. But if it excepts it then you have found that trusting machine. Notice on the different machines how the message, "Routing denied", can vary in its tone and pleasentness. Anyways on to the next step the body of the message: data This tells the computer you are ready to write the message. It will then say enter your message and end by hitting enter, then a period by its self and enter. Hey Monica my place or yours? . Then it will say message excepted for delivery. Just enter the command exit and it will close you out of the system. Its thats simple. -What the hell is this any use for? This is one of those most basic and helpful hacks you can learn. Wether you aspire to be an evil criminal, or in the words of Carolyn Meinel, a whitehat hacker then you need to know this. It gives you some practice in a command line atmoshpere where all the real hacking takes place, very little is or can be done in a graphical windows interface. Now the other thing this is good for is if you are a eagar beaver when it comes to socail engineering. The wonderful things that could be done with an e-mail appearing to be from system administration. Another handy thing is that this can be used as an impressive trick to show your freinds who are clueless in AOL la la land. They'll find this very impressive. If you have ever used a mailbomber maybe you'll remeber it asking for a server and it allowed you to send e-mail from any address. This is all because it uses the same princible that we have learned today. As you can see this is quite useful for a variety of things and is something every ispiring hacker should learn. -WHAT THE FUCK, It won't let me route or something? Ok now, calm down. The reason is because the sysadmin at the computer you were trying to telnet into and forge from is smarter then the average bear. But this is the MOB BOSS your talking too so of course I'll give you ome hins on how to find open boxes. First of all don't attempt this on any military computers all you 31337 hacker buffs, unless you enjoy be interogated (though I should write an article on that). Now after you narrow that down try to forget about goverment computers like courthouses and state agencies. Although there are some good boxes its a unnesscary risk. Your best bet will definitely be *.edu servers. Colleges and Universitys have the most lazy sercurity although I have found some very sercure computers at those places of learning. A good place to start looking is on a search engine such as altavista (www.altavista.com). From there, pour yourself a big cup of coffee and prepare for some searching. Look up unversities and colleges. There are so many variations you can do, its pathetic. Now make a nice long list of them and then once you have a fair amount hosts start telneting. This might be a happy or discouraging moment but no matter what don't give up. Persistance will beat all, at least most of the time. Take a look at the versions of sendmail, those computers that are paying off are usually old dusty versions huh? Anyways I have found this the best way to look. Now these can be used for a variety of purposes. Mailbombing and mail forging alike but under all cirumstances be sure not to use one server too much. This can piss of a sysadmin royally especially if you and a buddy are being idiots and using his computers to mailbomb constantly. If you do idiotic things like this expect your isp to find out and kick your ass off. Now since good isp's are hard to come by these days this might be a royal pain in the ass so watch yourself. Now once you have a few computers which route go trade with freinds who do the same or in chat rooms. Expect that they'll want something in return though. Nothing is free. II. Tracing e-mail -Whats the point? Well ever want to get revenge on that spammer or the schmuck who bombed you well tracing the messages back to the idiots isp is a good start. Now also I have had many attempts on my accounts with trojans and viruses but once I spotted the mini intruders I traced it back to the isp and informed his sysadmin. Never had anything else from him again hahahahahahaha. Also its the best way to scare a stalker or an abuser. Those threatening e-mails may leave some people helpless but we are hackers so we take action. The hunted becomes the hunter. This can all be don by turning an e-mail and tracing it. -Ok sounds good so how is it done? First step is to check out the full header. I am way too lazy to tell you how to do this because its in the manual but I'll tell you right now on web based e-mail the option for full headers is usually in options although on hotmail I hit reply and the header is right there. Ask your tech support people if you can't figure it ou yourself. Anyways in that header there is a variety of info there that we want to know. There are two main things you want to know though. The biggest is going to be mail received from thing. Its here where you want to look for an ip address. One you have that its time to DNS that. If you have a shell account goto it and do nslookup ip addy. Once you get the servers name you'll do a whois query. Hopefully your target has a small isp or university account. If this is true you will know his state and possibly town. Using this info casually in an e-mail to him will make him worry. Also you will know have the power to inform the sysadmin of the ip addy and exact time it was sent. This is so simple yet very few people do it. My suggestion is to look at all full headers you can. It will give you addresses to telnet into look around and will also give you the power to know exactly who the son of a bitch is. Now if you want to be really slick you might have one of those yahoo accounts and will be informed immediately of any new mail which was just sent then you'll have his current ip hahahahaha. This might be the perfect time to attack. teach the guy a lesson if you must or turn him in its up to you. Practice this techniques you never know when it'll come in handy. This article has been written by THE MOB BOSS aka Mafia_man777 Co-edited by Dragoonx This has been a publication written by THE MOB BOSS, he is in no way responsiple for the accuracy or results from the use of info in this article. anything done is totatly done at the users discretion. THE MOB BOSS in know way or form supports, aids, particapates in the act of criminal hacking or phreaking. Any ideas, beliefs, and information gathered in all publications published by THE MOB BOSS is strictly for informational purposes only. THE MOB BOSS copyright 1999 all rights reserved