Manual Mailing

E-mail was one of the major headlines in newspapers all over the world when the Internet was young. You where actually able to send a letter to the other side of the world in a matter of seconds instead of days! This service became extremely popular, and only from 1999 to 2000 the number of inboxes in the world was doubled. Billions of e-mails are sent everyday, but as this service is definitively one of the most popular benefits of the Internet, it is also the most exploited one.

E-mailing is divided into two parts, sending and receiving. These are managed by two different services, in some cases to entirely different servers. We will be describing each service, the SMTP and POP one by one.

Sending Email

Spam is not the only form of exploit that email is vulnerable to. As the SMTP (Simple Mail Transfer Protocol) isn’t password protected, it’s extremely easy to abuse. And that’s not all of it, most SMTP services doesn’t require a address validation either, which means that anyone can connect to the SMTP server, and send an email from whatever email address they want. We’ll show you how.

SMTP runs on TCP port 25 by default. We will use telnet to connect to the mail server. Telnet is an application meant for remote login to different systems, and it can be found in tons of *nix systems and windows (windows\telnet.exe or winnt\system32\telnet.exe) the easiest way of opening telnet in windows is by going to the start menu>run and type “telnet”. (Without the quotes of course). The look of telnet is different depending on the windows version you run, but it works the same.

TIP:
You should enable local echo if it isn’t. Local echo will display what you type, and don’t wait to get it returned from the server. From windows 9x, go to terminal>options or something, you’ll find it. In windows nt/xp/2k, telnet is a command prompt program, so open telnet and type “set LOCAL_ECHO”

The hostname of the SMTP server is often something like smtp.domain.com or mail.domain.com .You will need this hostname (or the servers IP address). Most ISPs provide a mail service, so if your ISPs URL is www.tiscali.com, a good guess of what the hostname of the SMTP server might be, would be smtp.tiscali.com or mail.tiscali.com

If you don’t have any SMTP server available, simply run a port scan on a large IP range, for port 25.
To connect to the SMTP Server, simply go to the start menu>run and type:

telnet hostname/IPadress 25

In our case:

telnet smtp.tiscali.com 25

when you get connected, you will see a message like this one

220 somemailserver.somedomain.com ESMTP Service (6.0.053) ready

(The hostname have been censored)
The line we just got is called a daemon banner, and provides us with information on the server operating system, and daemon version (A Daemon is the service itself).

Next thing we need to do is to introduce ourselves. Either type “helo” or “helo hostname” (in this case “helo somemailserver.somedomain.com”). This will enable the commands we need to send email.
You will get a line like this

250 somemailserver.somedomain.com

Or some other text, in example “Greetings” “Nice to meet you” or some other stuff. You'll understand when you got it right, and that’s what counts.

Next, we need to configure who we want to send from. The command we will use is the “mail” command, and the syntax varies a bit from server to server, here are two examples. At least one of them will work:

mail from:name@domain.com
or
mail from:<name@domain.com>

You may replace the address with whatever you want. Some newer servers have some relaying restrictions and other stuff that may stop you from sending from whatever address you want, but it isn’t worse than finding another server. The mail will get there anyway. You should get a response like this if you made it right:

250 MAIL FROM:<name@domain.com> OK

Now, we have to configure who we want to send the mail to. This is also very easy.
Again, the commands vary.

rcpt to:name@domain.com
Or
rcpt to:<name@domain.com>

You should get some response like this if you did it right:

250 RCPT TO:<name@domain.com> OK

That wasn’t to hard was it?
Now that we have configured the sender and receiver of the mail, we can start writing the mail. Simply type:

data

And you would get some response like this

354 Start mail input; end with <CRLF>.<CRLF>

Now simply type whatever you want. You should start with the subject. Simply type

subject:Whatever subject you want. Spaces allowed.

When your mail is finished, type “.” (That’s a period yes.) on a line by itself and the mail will get sent. Then type

quit

to disconnect from the server.

TIP: You may type “help” to get the servers commands listed. Play around with them, and learn even more

You may have noticed, when configuring Outlook or any other E-mail program, that it doesn’t only asks you for your email address and server information. It also has a box that says “Display name”. Whatever you type in here will be displayed as your name when people receive E-mail sent from you. Another thing. Why does outlook ask you for both your email address and the server information? Wouldn’t it be enough to know what server to send from? No. The program needs information on what E-mail address it will send from when doing the command

mail from:<name@domain.com>

So basically, whatever you type in this box will be allowed, and work. So actually, with doing a new configuration, you can send anonymous emails directly from your mail client, instead of connecting to the mail server through telnet. This can be very useful if you want to send convincing, fake email with html included, as this is much more work doing manually.

So why didn’t I just tell you this in the beginning?
Because this tutorial is named “Manual mailing” and you wanted to know how to do it. It was just a tip. So stop asking stupid questions. Wait. I asked the question….Ok whatever.

Receiving Email

As earlier mentioned, E-mailing is divided into to parts. The receiving part is not so different from sending. Its at least not harder to handle manually. The biggest difference from the SMTP service I can think of in the moment is that this service is password protected. POP stands for Post Office Protocol and runs on port 110. Therefore, all we have to do to connect ourselves to the
POP (Or POP3, just a newer version) server, is doing this command:

telnet pop.host.com 110

So if your pop server address is pop3.email.com, You would have to type

telnet pop3.email.com 110

And if you get successfully connected, you will get some response looking like this:

+OK POP3 server ready (6.0.053) <someadress@email.com>

Now, send your username with the following command. If your username is “newbie” then the command would be

user newbie

Then you would get a message like this

+OK Password required

And that’s exactly what we are going to do, send our password. If your password is “iamcompleten00b”, you will have to type

pass iamcompleten00b

And you should get logged in, according to a message looking as simple as this one:

+OK

Now the following commands should be very easy to handle. Type

list

To list all your emails. To read your email type

retr #

(replace # with the number of your email)

To delete it, type

dele #

(Guess what to do with #)

And to disconnect from the server type

quit

Now, as I told you earlier, POP is password protected. This is because it contains a mailbox full of personal messages, that we wouldn’t want anyone to read. DOOOOH..
But. To make POP a bit more interesting to learn about, There is cracking programs that cracks the password of pop accounts. Just do a google search for “Pop 3 crack” or go to the tools section at http://cyberspirit.isuber1337.com/ where you can find a pop3 cracker. (Not made by me or anyone else at the site, so it should only be used in educational way, not to harm or crack any other servers in any way)

That’s about it for the manual mailing. Now you should be able to both read and write email without any mail client, just with a regular telnet client that you can find on any windows box. I hope you had a pleasant ride; we are looking forward flying with you again.

-CyberSpirit airlines 2003-
http://cyberspirit.isuber1337.com/

                   ==========================================