PaulDotCom mailing list archives

Spoofing emails

From: rbutturini at epictn.com (Russell Butturini)
Date: Mon, 11 May 2009 16:42:06 -0500

I would like to see this too...Probably would be a beneficial review for
the whole list!

 

 

From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Dimitrios
Kapsalis
Sent: Monday, May 11, 2009 4:37 PM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] Spoofing emails

 

Can someone send an example of how to do this using metasploit's mailer?
Im new to metasploit so still learning!

On Mon, May 11, 2009 at 3:18 PM, MV <mvharley2 at gmail.com> wrote:

fire it my way please 

 

On Mon, May 11, 2009 at 9:23 AM, Robin Wood <dninja at gmail.com> wrote:

I built an app recently that takes a html page and a text page and
then puts them together into an email. You can put whatever you want
into either section.

If people want it I can try to dig it out.

Robin

2009/5/11 Rob Fuller <jd.mubix at gmail.com>:

Metasploit's mailer works really well, and you can craft the email

however

you like, make templates, etc.. yaml ;-)

On Mon, May 11, 2009 at 10:56 AM, natron <natron at invisibledenizen.org>
wrote:


On Sat, May 9, 2009 at 11:10 AM, Adrian Crenshaw

<irongeek at irongeek.com>

wrote:


220 mx.gmail.com <http://mx.gmail.com/>  ESMTP 70si2094099rnb
helo me.somepalace.com <http://me.somepalace.com/> 
250 mx.gmail.com <http://mx.gmail.com/>  at your service
MAIL FROM:<irongeek at iirongeek.com>
250 OK
RCPT TO:<irongeek at ggmail.com>
250 OK
DATA
354 Please start mail input.
<snip>


Anyone know of any tools to help you build html emails for this

purpose?

I currently doing it in a cheating way, but it works well.  I'll

craft an

email in Outlook to make it look exactly how I want, then forward it

to my

gmail account.  Gmail has a "show original" tab that allows you to

see the

full source of the email.  Copy and paste into a text editor, modify

fields

to your wishes, then paste it into the DATA section as shown in

irongeek's

email.  This allows you to easily imbed images (it handles all the

MIME

base64 + references stuff automatically for you).

On a related note, I've noticed that if you set the MIME fields in

the

email, all of the configurations of Outlook I've run into will

display what

is in the DATA section of the email rather than who it is actually

sent

from/to (in the MAIL FROM: and RCPT TO: sections).

Often times email servers will allow you to spoof the MAIL FROM:

address

to appear to come from someone internal (MAIL FROM:
it-department at company.com), but even if they don't, you can set the

From

field inside the DATA section to "it-department at company.com" and

that's what

outlook will display.  You have to view the headers to realize that's

not

who it came from, which of course no ever does.

These kinds of tricks are incredibly useful for social engineering.

Regards,
N

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com <http://pauldotcom.com/>



_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com <http://pauldotcom.com/>

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com <http://pauldotcom.com/> 

 


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com <http://pauldotcom.com/> 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090511/b6d96e60/attachment.htm

Current thread:

Openwrt and Cellphones Cody Dumont (May 08)
- Spoofing emails Nathan Sweaney (May 09)
  - Spoofing emails Adrian Crenshaw (May 09)
    - Spoofing emails natron (May 11)
    - Spoofing emails Rob Fuller (May 11)
    - Spoofing emails Robin Wood (May 11)
    - Spoofing emails MV (May 11)
    - Spoofing emails Dimitrios Kapsalis (May 11)
    - Spoofing emails Russell Butturini (May 11)
    - Spoofing emails Robin Wood (May 11)
    - Spoofing emails Noah (May 13)
    - Spoofing emails Jason Wood (May 13)
    - Spoofing emails Jim Halfpenny (May 14)
    - Spoofing emails Robin Wood (May 14)
    - Spoofing emails Jason Wood (May 14)
    - Spoofing emails Jim Halfpenny (May 14)
    - Spoofing emails Sam Buhlig (May 14)
    - Spoofing emails d4ncingd4n at gmail.com (May 14)
    - Spoofing emails Jim Halfpenny (May 15)

(Thread continues...)