Send spoofed emails with telnet
You can send spoofed emails (i.e., emails with a fake source address) if you can establish a telnet session with an email server. (Before continuing, go here if you need to brush up on your telnet knowledge).
If you don’t know the host name of an email server, you’ll have to find one using a utility like dig or nslookup.
For dig, the command to find email servers for a domain (e.g., hotmail.com) is:
dig @[DNS_server_name_or_IP] hotmail.com MX
The output of this command is as follows:
; <<>> DiG 9.3.2 <<>> @184.108.40.206 hotmail.com MX ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17095 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;hotmail.com. IN MX ;; ANSWER SECTION: hotmail.com. 3600 IN MX 5 mx3.hotmail.com. hotmail.com. 3600 IN MX 5 mx4.hotmail.com. hotmail.com. 3600 IN MX 5 mx1.hotmail.com. hotmail.com. 3600 IN MX 5 mx2.hotmail.com. ;; Query time: 157 msec ;; SERVER: 220.127.116.11#53(18.104.22.168) ;; WHEN: Sat Dec 31 19:28:50 2011 ;; MSG SIZE rcvd: 109
As you can see, the four email servers for the domain hotmail.com are mx1.hotmail.com, mx2, etc.
To use the deprecated nslookup command, a few additional steps are required.
1. Open a command prompt, type
nslookup, hit Enter.
set query=mx, hit Enter.
3. Type the name of the domain,
hotmail.com, hit Enter.
4. You should see the following output:
> set q=mx
hotmail.com MX preference = 5, mail exchanger = mx4.hotmail.com
hotmail.com MX preference = 5, mail exchanger = mx1.hotmail.com
hotmail.com MX preference = 5, mail exchanger = mx2.hotmail.com
hotmail.com MX preference = 5, mail exchanger = mx3.hotmail.com
mx1.hotmail.com internet address = 22.214.171.124
mx1.hotmail.com internet address = 126.96.36.199
mx1.hotmail.com internet address = 188.8.131.52
mx1.hotmail.com internet address = 184.108.40.206
mx1.hotmail.com internet address = 220.127.116.11
mx1.hotmail.com internet address = 18.104.22.168
mx1.hotmail.com internet address = 22.214.171.124
mx1.hotmail.com internet address = 126.96.36.199
mx1.hotmail.com internet address = 188.8.131.52
mx1.hotmail.com internet address = 184.108.40.206
mx1.hotmail.com internet address = 220.127.116.11
mx1.hotmail.com internet address = 18.104.22.168
mx2.hotmail.com internet address = 22.214.171.124
mx2.hotmail.com internet address = 126.96.36.199
mx2.hotmail.com internet address = 188.8.131.52
mx2.hotmail.com internet address = 184.108.40.206
mx2.hotmail.com internet address = 220.127.116.11
mx2.hotmail.com internet address = 18.104.22.168
mx2.hotmail.com internet address = 22.214.171.124
mx2.hotmail.com internet address = 126.96.36.199
mx2.hotmail.com internet address = 188.8.131.52
mx2.hotmail.com internet address = 184.108.40.206
mx2.hotmail.com internet address = 220.127.116.11
mx2.hotmail.com internet address = 18.104.22.168
mx3.hotmail.com internet address = 22.214.171.124
Let’s choose mx4.hotmail.com.
1. Open your command prompt and type: telnet mx4.hotmail.com 25 (if you don’t know what the ’25′ stands for, you should definitely read this). Alternatively you can start by typing telnet, hit Enter, and then open mx4.hotmail.com 25.
2. You should see the following output:
Connected to mx4.hotmail.com.
Escape character is '^]'.
220 BAY0-MC4-F1.Bay0.hotmail.com Sending unsolicited commercial or bulk e-mail
to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.microsoft.com/en-us/anti-spam.mspx.
3. Type helo and hit Enter. You should see the following output:
250 BAY0-MC3-F20.Bay0.hotmail.com (126.96.36.199) Hello [188.8.131.52]
4. Next type MAIL FROM: email@example.com, hit Enter. You should get the message, ‘Sender ok’.
5. Next type RCPT TO: firstname.lastname@example.org, hit Enter. You should get the message, ‘Recipient ok’.
6. You can optionally include an email subject with: SUBJECT: Testing spoofed email with telnet.
7. Now type DATA <email body contents>.
8. Lastly you type . (a single period) and then hit Enter. You should get the message, ’250 Mail accepted’. Now type QUIT and hit Enter.
9. Check your inbox for the spoofed email you just sent.
If you found the content of this article helpful and want to expand your knowledge further, please consider buying a relevant book or two using the links below. Thanks!