Using PuTTY - Undercover Hacking
Easy webmail hacking with putty
I’ve decided to give you a little tutorial on hacking and playing around with mail servers. This should work at school, work, home (if you’ve got a server) and, well, just about any website that has a mail server.
I discovered this kindof stuff by messing around with it, so for all of those people who ask “omg liek how do u hax?” Here’s your answer: “very carefully.”
So, this tutorial will basically teach you how to spoof emails.
Now, the first thing you’re going to want to do is find your target mail server. I have no doubt that if you’re here and reading this, you’re probably still in high school. So, go to your school website. See the URL? put ‘mail.’ instead of ‘www.’ Unless you’re at some extremely tech-savvy school, this is most likely their mail server address. Now you’ve got your mail server.
For this tutorial, I’ll be using my own high-school’s mail server. The base address is www.cysd.k12.pa.us. So, the mail server is mail.cysd.k12.pa.us.
Now, there are two ports on which to enter a mail server. Port 25 [SMTP] and port 110 [POP3].
I’m going to show you how to enter on port 25, because many of you would simply love to send an email to all of your teachers saying how you deserve A’s on all of your work and how if they don’t give you A’s they’ll be fired. That being said, we can get started. I’ll be using a tool called PuTTY to get in. This program will basically emulate the Telent client, but with a few extra goodies. You can get it here.
The first thing you need to once you have PuTTY is connect. The configuration should look something like host: mail.cysd.k12.pa.us. Port 25. The Telnet button should be chosen (if it changes it back to port 23, just set it to 25 again).
Now that you’ve filled in your info, it’s time to cannect. Just hit the open button.
Once you’re here, you can start to send commands. The first command you’re going to send is going to ‘introduce you’ to the mail server. This is the HELO (not spelled wrong) command. However, being the complete rebel non-conformist that I am (lol), I use the EHLO (again, not spelled wrong) command afterward. This will list other commands that you can use, such as VRFY (verify that a mailbox exists). Now, type HELO (no angle brackets). It may give you a “502: Command not implemented” error. This is normal. Then type EHLO (again, no angle brackets) This should yeild a bunch of commands like VRFY and 8BITMIME.
I’m not going to go into the commands that are listed from the EHLO command in this tutorial.
Now, the next step is to pick a target. For example, Mr. Dude is the C++ teacher at my school, and his email is firstname.lastname@example.org.
This is not a crucial step, but should be taken anyway:
I need to make sure he’s in the system. To do this, I’ll use the VRFY command. Type VRFY . It should give you a 252 code back. This means that the mailbox exists for that user, and that mail can be sent to them.
FUN FACT: Some mail servers don’t implement this command, and use a dummy VRFY command instead. This basically returns a 252 for anything you type.
Now that you have a target mail address, you can send mail to them. Type MAIL FROM: whatever_name_you_want@your_base_server. For example, I would type MAIL FROM: Your_Friendly_Neighborhood_Hacker@cysd.k12.pa.us <— notice there’s no ‘mail.’
Then you need to fill in your target address. This uses one of two commands. My school’s mail server uses the RCPT TO command, others use the MAIL TO command. I would try the RCPT TO first. If this doesn’t work, try the MAIL TO. One of them should work. So, type RCPT TO:
FUN FACT: Most internal mail servers, such as schools, do not allow relaying. This means you *might* only be able to send mail within the school.
After the RCPT TO command, it should return a 250 success code. If not, there’s something wrong. Now it’s time for your actual message. This will use the DATA command.
Type DATA by itself and hit enter. The server will return a message telling you that, when you’re done your message, to put a ‘.’ on a line by itself. The ‘.’ will tell the server that you’re done and to send it.
If you want, you can set a subject first. To do this, type: Subject: then PRESS ENTER TWICE. You MUST press enter twice or the line will be part of your message.
Now, type up your message and put a ‘.’ on a line by itself. As soon as you press enter, it will send the message off into the que and send the message as soon as you close the connection. To do this, type QUIT. All done.
FUN FACT: Some servers allow the wildcard character in the addresses. Try VRFYing ‘*’ to see. If it works (and it’s not a dummy VRFY command), you’ll be able to send mail to everyone in the domain.
So, here’s the quick overview.
Connect via PuTTY. Type HELO <– might have to do twice if first time fails. [returns 250 success code]
Type EHLO [a list of commands is produced]
Type MAIL FROM: [returns 250 success code]
Type RCPT TO: [returns 250 success code]
Type DATA [returns a message about the ‘.’]
Type Subject: <– HIT ENTER TWICE!
Type your message
Type ‘.’ on a line by itself [puts message in que]
Type QUIT [closes connection]