E-mail Forging- Sending spoofed mails

Email spoofing is the art of sending spoofed mails to the target in order to create chaos on the other end.Many criminals make use of this technology to send spoofed mails.This allows the attacker to send the E-mail from the victim's mail account without knowing his or her passwords.

Even these days we can find many vulnerable servers connected to the internet which allows unauthenticated access to its smtp ports.This allows the attacker to send spoofed mails.

The general methodology for sending spoofed mails, using telnet is described below. We can use the same method to send spoofed mails after knowing the vulnerable server.

start > run >cmd telnet 25
help
helo < domain name>
mail from : < sender's mail address>
rcpt to : < victim's mail address>

data
< message>


Countermeasures:
Always use a secure E-mail system like "Pretty Good Privacy"( PGP) for sending mails.
Digitally sign the E-mail's.
DO NOT do transactions blindly believing the E-mail service.
The most important aspect is the awareness of the user that nothing  can be done effectively against E-mail spoofing

Some Eg sites which will allow you to do Email Spoofing:

funmaza- funmailer
link 2

TIPS:
The links I provide is purely for educational purposes.

Even though you send spoofed emails it is easy to track the IP of the person sending the mails. Be Aware of that.

Create Disposable Email ID :To create a disposable email address to protect your privacy online. If you need to give someone your email address, or need to sign up to a website which requires an email address, but you don't wish to reveal your identity then use this free service for receiving emails. Simply signup instantly, give them the disposable email address and you'll be able to read every email they send in complete privacy. ( use it at your own risk) click here to get one.

The HOSTS File - Do DNS Spoofing

Every OS has a hosts file. I know the idea is not clear yet....Let me explain once..

During the 70s all the domain name to IP address was contained in a single file called the HOSTS.TXT file. A single for only a few hundred machines on the internet. Of course the load began to grow and eventually a different system supplanted it. The hosts file is now used primarily as a backup (or a cache) if the name servers are inaccessible.
A hosts file is an important system file which will store the information about where to find or locate a particular PC on a network.In Other words it maps the Domain or host names to the IP addresses.So now we can consider the hosts file as a local system version of the DNS.

Where can I find my hosts file?
The location of the hosts file depend s on your OS.
for Win NT/XP/2003/Vista/7 you can search in" \WINDOWS\system32\drivers\etc"

for Win 95/98/ME < system drive>\windows

for UNIX  search in /etc


The format of each entry is:
[internet address] [domain name] [alias]
209.85.135.191 hackingwithswar.blogspot.com localhost

Do not remove the localhost entry.

TIPS :

We can speedup our browsing speed a bit by adding the details of the frequently visited sites in the hosts file in the correct format.

We can block users from accessing certain sites from our system by editing the hosts file to go to the loopback addresss everytime they type the blocked address on the browser.

The administrators can spread the edited hosts file to all the systems to prevent access to blocked sites.

Ok, Now we can use the DNS spoofing to play pranks on our friends. But teach them what you did at the end of the play and be sure not to hurt them anyway , say, by directing them to some pornographic sites everytime they type google.com in their browser or so. ;)

We can also create a smart virus to overwrite the hosts file everytime

 The phishing attack can be done effectively using this method.

MAC Address Spoofing

This is the art of changing the MAC address of the network adapter of a host. This is very helpful in misguiding the investigators in the event of a cyber crime.

There are two methods to spoof  the physical address of the host

Method 1:
start > run >  cmd > ipconfig/all

 Now you can analyze the data displayed on the screen to find out with which network adapter you are connecting to the WWW.Please take a note of it.

The next step is to download a tool named Etherchange.This is more of a command line application.
 Run this tool from the command prompt.( I do not believe in spoon feeding even that procedure to you so find it out  yourself )

Now read all the instructions shown in the screen and change the MAC address of your network adapter.


Method 2:

This method is a little complex when compared to Method 1.Here no softwares are there to assist us in spoofing.Also we are doing some simple registry edits.So be careful while dealing with registry of your PC.

Hey nothing to worry here... I was just kidding... so lets see Method 2

start > run > regedit

Now a screen will pop up... Now you are in the registry editor.

Browse the registry for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}

We can see many subkeys under the selection. All are 4 digit subkeys

Now manually determine which key belongs to the Ethernet adapter used to access data.For this  you can search for the term "DriverDesc" key till you find the needed one.
On the right hand pane create or edit the string key named "NetworkAddress". Be sure to make the data type to REG_SZ. The value of the string must be the new MAC address.

Now disable and enable the network adapter and run the ipconfig/all ... you will notice that the MAC address of your system has been spoofed.

This concludes the MAC spoofing