Tuesday, 15 February 2011

sendEmail

FUN WITH EMAIL


sendEmail in installed by default on the backtrack OS, and the options can simply be checked by typing ;

sendEmail




















Make sure your ISP does not have any problems with the use of sendEmail prior to sending loads of mails
to your roomate from MeganFox@movieworld.com ..

This is by no means an anonymous emailing method, there will always be IP address details mentioned in the email headers and you need to specify the smtp server to use.
You can specify to use the smtp server of the connection you have in place, or you can specify to use for instance the gmail smtp server.
When using the gmail smtp server however, the gmail address will be seen as the reply address.


Also, it is quite likely that some of the messages made such as the below examples will be picked up as spam..
YMMV depending on how often you test on certain addresses.


In any case, for an unsuspecting, not too savvy recipient.. it can lure the recipient to malafoid webpages or entice to open attachments etc.

SENDING BASIC EMAIL

So lets start off by creating a simple message, sending it to my gmail account using my ISP's smtp server;
(do a google on smtp servers to find the one your ISP is using)

-f   From (sender) email address
-t   To email address
-u   Subject (in quotes)
-m  Message body
-s   smtp server

I will seperate the commands partially using backslash \ as I get confused with long lines :)

It is important to note that some special characters such as an exclamation mark, can cause problems in the subject line / message line depending on single or double quotes used.

sendEmail -f megan.fox@movieworld.com -t MyEmail@gmail.com \
-u "Enjoyed meeting you at the party good-looking ;)" \
-m "We sure had a good time didnt we, cant wait to see you again .. " \
-s smtp.isp

















As received in gmail (this one got caught as being spam as I had tested it a few times in quick succession) ;

 

















Now my better half would never believe that I actually met Megan Fox at a party or that she was so thunderstruck by my charming self she thought it necessary to email me..
But hey, you get the idea ;)


USING STDIN FOR MESSAGE INPUT

If we want to be able to write a bit more in the email body, simply leave out the -m option, and sendEmail will read from STDIN, you will be prompted to enter a message after entering the command and then press Ctrl+D
(on its own line) to have it read and then sent ;
Lets use an example which the better halves will appreciate a bit more, like sending an email to your wife on Valentine's Day.. yeah...what a romantic..

sendEmail -f Secret.Admirer@secret.com -t BetterHalf@gmail.com \
-u "Will you be my valentine?" \
-s smtp.isp

You will then be presented with;
Reading message body from STDIN because the '-m' option was not used.
If you are manually typing in a message:
  - First line must be received within 60 seconds.
  - End manual input with a CTRL-D on its own line.

So type the desired message and when finished make sure you hit enter to get to a free / blank line, then
hit CTR+D ;
Roses are Red
Violets are Blue
Sugar is Sweet
And so are You !
Ctrl+D

















As received in gmail ;





















Now if that doesn't get an appreciative smile / freebie to grab another beer, then you must have really been snoring the night before..


SENDING EMAIL WITH MESSAGE PRE-PREPARED IN TXT FILE

You can also prepare a written message and have sendEmail enter this as the message body ;

nano valentine

Will you be my Valentine ?
===================
Roses are Red
Violets are Blue
Sugar is Sweet
And So Are You !

HAPPY VALENTINE'S DAY !

Save and Exit; Ctrl+X --> Y

sendEmail -f secret.admirer@secret.com -t BetterHalf@gmail.com \
-u "Will you be my valentine?" \
-o message-file=valentine \
-s smtp.isp

















As received in gmail ;























USING GMAIL'S SMTP FOR SENDING MAIL

In order to use gmail's smtp server, you have to specify your gmail username (with -xu) & password (with -xp).

An example herebelow ;

sendEmail -f DesiredEmail@whatever.com -t YourEmail@testaccount.com \
-u "Testing Gmail smtp" \
-m "Just a test for the gmail smtp" \
-s smtp.gmail.com \
-xu your.gmail@gmail.com \
-xp gmailpassword

When sending the message, the return address will always be your gmail account, also, the sent message will be stored in the gmail account being used.

Of course there are quite a few more options, adding cc's / bcc's, including attachments, etc etc.


Just a bit of fun, but goes to show that checking where certain emails come from is not a bad idea.


Especially if they include links to sites or attachments..

18 comments:

  1. good job!
    only one questions:can i send a mail to friend A from friend B without any trace?
    ex:sendEmail -f friend b @hotmail.it -t friend a @tiscali.it -u "ciao" -m "come stai" -s smtp.googlemail.com -xu myusr -xp mypasswd
    when arrive mail to friend a result:friend b @hotmail.it(myusr@gmail.com) (..)this no good!
    sorry my english!i'm italian :))

    ReplyDelete
  2. Hey there,

    No, using your gmail smtp server will result in the reply address being your gmail addres.

    You will have to be more inventive to make the email more 'anonymous'

    ReplyDelete
  3. thanks for reply!
    i'm "testing" in my LAN without mygmail,but with my isp smtp.191.it(telecom it) example:
    sendEmail -f mmm@yahoo.it -t mytelecommail@alice.it -u "ciao" -m "come stai" -s smtp.191.it (PERFECT without TRACE)
    but out of lan with another -t bbb@alice.it backtrack give me ERROR!
    many,many thanks!and sorry my language!
    i'm zimmaro backtrack-it bye

    ReplyDelete
  4. I have to admit it is not perfect, in my tests sending to friends etc. it usually gets picked up as spam.

    Will have to dig in further on how to get the email headers looking better.

    ReplyDelete
  5. ok! many-many thanks a lot ,your blog is very good,and you are one of my "teachers",seee you!

    ReplyDelete
  6. Please Tell me How can i Install or Configure SMTP & ISP on BT !!
    i"m New in this ... lol !

    ReplyDelete
  7. Not quite sure what you want to achieve.. if you just want to find out what your ISP's smtp server is, a simple google will do that for you.

    ReplyDelete
  8. Tape i want to put an attachment. email me or hit me up on hack community or just post a tutorial in their and link your blog like i do. what do you have to lose you will get some traffic

    ReplyDelete
  9. Hey enc0de,

    To put an attachment, use the -a switch as you can see in the first pic in the above post.


    To be honest, I have been looking through the forums at HC, and I dont feel it is really for me..
    I'll give any forum a whirl to see how it is maintained and what the members are about.
    At this time I have to say I much prefer the more mature aspect of the backtrack forums.

    So I have to decide to what level, if at all, I want to participate in the HC forums.

    Traffic to the blog is nice, but thats not why I do the blog.

    ReplyDelete
  10. Backtrack traffic is the best over 1000 a day from there. Oh just found a nice place to send spoofed emails and with attachment.

    http://emkei.cz/

    ReplyDelete
  11. by the way use catchy titles like I do

    TIP from a fellow blogger

    ReplyDelete
  12. The posts in the blog are there to simply show a
    given vulnerability in methods often used.

    I dont want my blog to become anything about promoting
    possibly illegal acts.

    Please keep that spirit of the blog in your comments !

    ReplyDelete
  13. What is the smtp address for gmail.????
    after following the method told by u .getting authentication error.wt can i do????

    ReplyDelete
  14. You need to follow ;

    -s smtp.gmail.com
    -xu your.gmail@gmail.com
    -xp gmailpassword

    If you getting authentication error, then your password is either incorrect or perhaps you need
    to put it in quotes ("gmailpassword")

    ReplyDelete
  15. LOL @ "At this time I have to say I much prefer the more mature aspect of the backtrack forums."

    This is the only thing I've ever seen on your blog that I don't agree with. Not about which forums you prefer, but about the maturity aspect of the Back|Track forums - there is none.

    On the other hand. I've been reading over all your posts the past few days. Lots of good stuff in here. Thanks for the good reads.

    ReplyDelete
    Replies
    1. To each his own, but I disagree with your opinion in this case..

      You want spoonfed info, sure, you can get it elsewhere.

      But 'mature' is perhaps a relative term, I am getting on in years :)
      My meaning is mainly the methods of communication.

      In any case glad you are enjoying the posts !

      Delete
  16. Gday Tape,

    Pretty much read through all your blogs, enjoyed them thoroughly :)

    I'm getting on in years too, hit the big 50 this year, good to see another gentleman interested in BT as well.

    Cheers Paul

    ReplyDelete
    Replies
    1. Heya Paul,

      Glad you liked the posts, my feeling is its good to know what
      is out there and possible.

      Without the info on this all I have to say I would be blissfully
      unaware of how the bad guys get to work..

      Stay safe and secure !

      Delete

 
Google Analytics Alternative