Chat with
Hackers

How to Defend
Your Computer 

The Heretic! 
A Hacker Thriller

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests 

Hacker Links 

Hacker
Wargames 

Meet the 
Happy Hacksters 

Help for 
Beginners 

Hacker 
Bookstore 

Humor 

It Sucks 
to Be Me!

How to Commit
Computer Crime! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

More email forging...

Some of these computers have very good security, making it hard to have serious fun with them. But others have very little security. One of the joys of hacking is exploring these computers to find ones that suit ones fancy.

OK, so now that we are in Morris Worm country, what can we do with it?

********************************
Evil Genius note: Morris used the “DEBUG” command. Don’t try this at home. Nowadays if you find a program running on port 25 with the DEBUG command, it is probably a trap. Trust me.
********************************

Well, here's what I did. (My commands have no number in front of them, whereas the computer’s responses are prefixed by numbers.)

 helo santa@north.pole.org
 250 callisto.unm.edu Hello santa@north.pole.org
 mail from:santa@north.pole.org
 250 <santa@north.pole.org> ... Sender Okay
 rcpt to:cmeinel@nmia.com
 250 <cmeinel@nmia.com> ... Recipient Okay
 data
 354 Enter mail, end with "." on a line by itself
 It works!!!
 .
 250 Mail accepted

What happened here is that I sent some fake email to myself. Now let's take a look at what I got in my mailbox, showing the complete header:

Here's what I saw using the free version of Eudora:

 X POP3 Rcpt: cmeinel@socrates

This line tells us that X-POP3 is the program of my ISP that received my email, and that my incoming email is handled by the computer Socrates.

*****************************
Evil Genius Tip: email which comes into your email reading program is handled by port 110. Try telnetting there someday. But usually POP, the program running on 110, won’t give you help with its commands and boots you off the minute you make a misstep.
*****************************

 Return Path: <santa@north.pole.org>

This line above is my fake email address.

 Apparently From: santa@north.pole.org
 Date: Fri, 12 Jul 96 12:18 MDT
 
But note that the header lines above say "Apparently-From" This is important because it alerts me to the fact that this is fake mail.

 Apparently To: cmeinel@nmia.com
 X Status:

 It works!!!

Now here is an interesting fact. Different email reading programs show different headers. So how good your fake email is depends on part on what email program is used to read it. Here's what Pine, an email program that runs on Unix systems, shows with this same email:

More how to forge email -->>

 
Carolyn's most
popular book,
in 4th edition now!

For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Email:
Visit this group

My SQL for Free
 

Return to the index of Guides to (mostly) Harmless Hacking!

© 2001 Happy Hacker All rights reserved.