Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: eudora bug used to send spoofed mail

  1. #11

  2. #12
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    TS im not saying the quality of the post is great... but the conversation that followed, for the most part was good.

    i just did a forum search for "eudora" from the beginning of 2004 and did not find anything close. i didn't find this post helpful nor did i find it offensive. i've spoofed mail in the past to my friends as im sure many here have. last year i sent one to my boss from saten@hades.com telling him i was awaiting his arrival. the year before i sent one as GWBush extolling my owe virtues and expressing the hopes that i was being well taken care of. BFnD!

    as i see it as we have/had a new member who was getting negged to **** for posting (his first post) something quite innocuous. thats just my opinion... which comes from wishing AO was as active as it used to be.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  3. #13
    Junior Member
    Join Date
    Jun 2005
    Location
    Richmond, VA
    Posts
    5
    It's a lot easier to do that by just telneting to port 25 on the SMTP server and doing something like this:

    HELO fakedomain.com [domain to pretend to be sending from]
    MAIL FROM:<fakeaddress@fakedomain.com> [fake From: address]
    RCPT TO:<user@realdomain.com> [real destination address]
    DATA
    From: "I'm fake" <fakeaddress@fakedomain.com> [fake From: name and address]
    To: "Anything" <anything@anything.com> [has no effect, just shows in To: field]]
    Subject: whatever
    [any other headers you want to add]
    [Body of message here.]
    .
    QUIT

    Still, if you came up with that Eudora thing on your own, I think that's pretty good. Just check around to make sure you haven't reinvented the wheel before you go announcing it.

  4. #14
    Junior Member
    Join Date
    Jun 2005
    Posts
    12

    Unhappy

    Thanks josby for your comment
    But josby it is not that easy as you are describing.Can you tell me even a single smtp mail server that is ready to accept all those smtp commands without those annoying errors "relaying denied" etc .The main problem comes up as soon as one issues the "rcpt to" commmand.

    I am trying to tell people at this site that I am not trying to write a tutorial on this or that.I am just pointing out the bug which i have found in the Eudora and nothing else.

  5. #15
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Can you tell me even a single smtp mail server that is ready to accept all those smtp commands without those annoying errors "relaying denied" etc
    MSN.COM, HOTMAIL.COM, AOL.COM are the first three that come to mind and this is why I don't believe that you have a clue about how all this works. When you get a relaying denied error it's because you are trying to relay...... Silly..... Why don't you just telnet directly to the mailserver of your target.... You will never, _ever_ get a relaying denied if you do that......

    Before you start telling me about SPF blocking it that's really simple too. Select a sending domain that doesn't use SPF and the receiving server _has_ to accept it becasue there is no SPF record to determine the validity of the sending IP address.

    As to calling me mannerless.... My message to you was polite, (trust me), you're just peeved because I pissed on your fireworks.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #16
    Junior Member
    Join Date
    Jun 2005
    Posts
    12
    When you get a relaying denied error it's because you are trying to relay...... Silly..... Why don't you just telnet directly to the mailserver of your target.
    what about this:
    Let us say i want to mail to myself(pushmohit@yahoo.com) then using yahoo's smtp server (smtp.mail.yahoo.com) why we get the error that authentication is required connection lost?




    Think before you post.

  7. #17
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    i stand corrected TS.

    you were right. i was wrong.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  8. #18
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    06/23/05 16:35:43 dig 221.134.238.40 @ XXX.XXX.XXX.XXX
    Dig 40.238.134.221.in-addr.arpa@XXX.XXX.XXX.XXX ...
    Non-authoritative answer
    Recursive queries supported by this server
    Query for 40.238.134.221.in-addr.arpa type=255 class=1
    40.238.134.221.in-addr.arpa PTR (Pointer) 221-134-238-40.sify.net
    % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

    inetnum: 221.134.0.0 - 221.135.255.255
    netname: SIFYNET
    descr: Sify Limited
    descr: Internet Service Provider
    country: IN
    Son, since the IP address in the header indicates the ISP as Sify.net in India I can be fairly sure that the email you sent me pretending to be Britney confessing her undying passion for my hot little bod did not come from hollywood.com.

    So.... What you are managing to do with your "exploit" is no different than the following:-

    telnet mx.yahoo.com 25
    mail from: Britney@hollywood.com
    rcpt to: pushmohit@yahoo.com
    data
    Subject: Hey gorgeous
    Since your exploit isn't an exploit at all and doesn't carry any security implications whatsoever the ******* I promised you on friday has been withdrawn on the grounds that you are lame

    luv Brit
    .
    quit



    Learn before you spout rubbish
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #19
    Junior Member
    Join Date
    Jun 2005
    Posts
    12

    Talking

    What you are managing to do with your "exploit" is no different than the following:-

    telnet mx.yahoo.com 25
    mail from: Britney@hollywood.com
    rcpt to: pushmohit@yahoo.com
    data
    Subject: Hey gorgeous
    Since your exploit isn't an exploit at all and doesn't carry any security implications whatsoever the ******* I promised you on friday has been withdrawn on the grounds that you are lame

    luv Brit
    .
    quit

    Yet the message id points at the sify.net only

  10. #20
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Mohit:

    My name is Napoleon Bonaparte
    My Home address is 123 High Street, Mytown, USA
    My hair color is blue
    My nick on AO is Tiger Shark

    Who am I?

    I am identified by the _only_ piece of information that I haven't "spoofed".

    Your message ID is irrelevant as is your britney@hollywood.com and the rest of your header since there is a piece of information that doesn't fit with the rest... Your IP address. Your trick won't fool anyone with any knowledge at all.

    Now, forge the IP address to point to a computer in the netblock of hollywood.com and you are onto something.... Otherwise it's just a silly game.....

    What aren't you getting about all this?

    This is no better than the fact that queued messages on a IIS SMTP server are held in the queue in text format.... Editable text format. By blackholing the DNS to my IIS server I can hold up all the messages so they become queued. Then I can edit the messages including the headers and save them back to the queue. Then I can fix the DNS server and kick off the queue again. They will be delivered in their "fixed" form..... But the address of the sending SMTP server will still show in the final headers.... What was the point?

    There is _no_ security implication to this..... It's a prank.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •