Skip to main content

EMAIL HACKING : The story of “Congratulations you have won a lottery” like spam emails


Open your Gmail account and compose your message and save in draft
Now open this Google sheet and choose the Initialize option under the Email Tracker menu
Now you’ll have to authorize the sheet to send your Gmail messages.
Once the script is authorized, choose Email Tracker -> Send Mail, select your Gmail draft from the drop-down, enter your Google Analytics Profile ID* and hit the Send button. Your mail will be delivered to the recipient.
Now open Google analytic and find Events under the Standard Reports group
Original Source: http://www.labnol.org/


Email spoofing: The story of “Congratulations you have won a lottery” like spam emails

Mail vs E-mail
Back in old days when internet was not so common, we had to rely only on the postal/courier services. The only thing that bugs me about the traditional mail is their speed. This is when email comes. It offers numerous benefits, like its blazing fast, most of the time its free,  you can attach from pictures to videos, from management point of view you don’t have to maintain a hard folder, last but not least its environment friendly. In short, email is one of the greatest inventions of all time.
What is a spam?
I’m not that old, but again back in those dial-up connection days, there was no such thing as Gmail, most of people either used Hotmail or Yahoo mail for the emails. The problem with these two email service providers is the spams. Spams are irrelevant emails coming to you, mostly used for marketing a product/service, but they are cases where spam emails have hacked a person through social engineering attack or session hijacking. Phishing is also associated with spoofed emails, phishing is “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers“.
If you only use Gmail, you are a lucky person, because Google has got some very intelligent and sophisticated spam filtering mechanism. And frankly speaking I don’t get spams at all in my Gmail, but in case of Ymail or Hotmail … let’s just not talk about it.
What is e-mail spoofing?
In today’s article I will focus on Email spoofing. So, the first question you may ask is what is spoofing? Spoofing in simple terms is when Alice tries to be Bob. Email spoofing is when Alice sends an email to Eve but she keeps her identity to be Bob. When Eve receives an email she thinks that Bob has sent the email but it’s not. 
*PLEASE NOTE THIS TUTORIAL IS FOR EDUCATIONAL PURPOSES ONLY. GENERATING SPOOFED EMAILS OR SPAM IS ILLEGAL AND PUNISHABLE UNDER THE LAW. YOU WILL BE RESPONSIBLE FOR YOUR ACTIONS.*
Platform: Windows 7 (also works on MAC and Linux)
How to spoof an e-mail ?
There can be different ways of spoofing an email, but I am going to use “sendmail” program for it. Sendmail is a simple command line program used to send emails via SMTP protocol.
1. Go to Google and type “sendmail google code”. Open the page highlighted below.
2. This is what sendmail on google code looks like.
3. Go to the download section and download the appropriate file, as I m on windows so, I will be downloading the “.exe” file.
Open the command line and call the program “mailsend”. As soon as you type mailsend, the first thing it will ask for is SMTP server. This is a very critical part, if you don’t provide the right SMTP server your email will not be sent. You have to chose a SMTP server that doesn’t require authentication. I will be using PTCL’s SMTP server i.e “smtp.ptcl.com.pk“, this server runs on port 25.
Next in “from”, enter the email ID of the person you want to spoof, In this case I m making a spoof email of Bill Gates i.e “billgates@microsoft.com“
Provide the email id of receiver, I m giving my own email id.
Enter subject and then write your message, after you have completed your message.
Press enter, then press dot button and again press enter, a message will pop that your email has been sent.
Here you can see my inbox has got that spoofed email.
Inbox overview.

Comments

Post a Comment

Popular posts from this blog

Top 20 Tools for hacking 2018

What are Hacking Tools? Hacking Tools are computer programs and scripts that help you find and exploit weaknesses in computer systems, web applications, servers and networks. There is a variety of such tools available on the market. Some of them are open source while others are commercial solution. In this list we highlight the top 20 tools for Ethical Hacking of web applications, servers and networks 1)  Netsparker Netsparker  is an easy to use web application security scanner that can automatically find SQL Injection, XSS and other vulnerabilities in your web applications and web services. It is available as on-premises and SAAS solution. Features Dead accurate vulnerability detection with the unique Proof-Based Scanning Technology. Minimal configuration required. Scanner automatically detects URL rewrite rules, custom 404 error pages. REST API for seamless integration with the SDLC, bug tracking systems etc. Fully scalable solution.
Post a Comment
Read more

Wifi Post Exploitation on Remote PC

Hello readers! Today you will be learning about different ways to get basic service sets information of remote user’s Wi-Fi as well as current network connection information, and how to extract saved Wireless LAN profiles of remote pc after that you will be disconnecting target user’s Wi-Fi too. First Hack the Victim PC Using Metasploit ( tutorial how to hack remote pc ) after that get admin access through Bypassuac ( click here ), once you have victim’s meterpreter session run given below post exploit  one-by-one.  Get BSS information of a remote user’s Wi-Fi connection This module gathers information about the wireless Basic Service Sets available to the victim machine. e.g. this will give you SSID and other important  information regarding wireless connection. msf > use post/windows/wlan/wlan_bss_list msf post( wlan_bss_list ) > set session 5 msf post( wlan_bss_list ) > exploit From given below image you can observe that here it has found “5 networks” suc
Post a Comment
Read more

EMBEDDED BACKDOOR WITH IMAGE USING FAKE IMAGE EXPLOITER

In this article we are introducing a newly launched hacking tool “ Fake Image Exploiter ”. It is design so that it becomes easier for attackers to perform phishing or social engineering attacks by generating a fake image with hidden malicious .bat/.exe file inside it. Let’s start! Open the terminal inside your kali Linux and type following command to download it from github. Git clone https://github.com/r00t-3xp10it/FakeImageExploiter.git Once it gets downloaded then opens the folder and selects the file “ settings ” for configuration before running the program as shown the given screenshot. Now made some changes inside setting file as shown the screenshot: Here you have to declare the type of payload extension you will use to hide it inside the image. You can set any exetension among these four : ps1, bat, txt, exe.  I had set  PAYLOAD_EXETNSION=bat  similarly set  BYPASS_RH=NO   and scroll down for next configration. In same way set these two values also as show
Post a Comment
Read more