[ Pobierz całość w formacie PDF ]

However, many people use that Internet host computer.
Date: Fri, 12 Jul 1996 15:43:20 0400
From: santa@north.pole.org
Message Id:
Apparently To: cmeinel@nmia.com
It worked!
OK, here it doesn't say "Apparently-From," so now I know the computer ns.Interlink.Net is a pretty good
one to send fake mail from. An experienced email aficionado would know from the Received: line that this is
fake mail. But its phoniness doesn t just jump out at you.
I'm going to try another computer. Hmmm, the University of California at Berkeley is renowned for its
computer sciences research. I wonder what their hosts are like? Having first looked up the numerical Internet
address of one of their machines, I give the command:
telnet 128.32.152.164 25
It responds with:
Trying 128.32.152.164...
Connected to 128.32.152.164.
Escape character is '^]'.
220 remarque.berkeley.edu ESMTP Sendmail 8.7.3/1.31 ready at Thu, 11 Jul 1996 12
help
214 This is Sendmail version 8.7.3
 214 Commands:
214 HELO EHLO MAIL RCPT DATA
214 RSET NOOP QUIT HELP VRFY
214 EXPN VERB
214 For more info use "HELP ".
214 To report bugs in the implementation send email to
214 sendmail@CS.Berkeley.EDU.
214 For local information send email to Postmaster at your site.
214 End of HELP info
Oh, boy, a slightly different sendmail program! I wonder what more it will tell me about these commands?
HELP mail
214 MAIL FROM:
214 Specifies the sender.
214 End of HELP info
Big f***ing deal! Oh, well, let's see what this computer (which we now know is named remarque) will do to
fake mail.
MAIL FROM:santa@north.pole.org
250 santa@north.pole.org... Sender ok
Heyyy... this is interesting ... I didn't say "helo" and this sendmail program didn't slap me on the wrist!
Wonder what that means...
RCPT TO:cmeinel@techbroker.com
250 Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
This is fake mail on a Berkeley computer for which I do not have a password.
.
250 MAA23472 Message accepted for delivery
quit
221 remarque.berkeley.edu closing connection
Now we go to Pine and see what the header looks like:
Return Path:
Received:
from nmia.com by nmia.com
with smtp
(Linux Smail3.1.28.1 #4)
id m0ueRnW 000LGiC; Thu, 11 Jul 96 13:53 MDT
Received:
from remarque.berkeley.edu by nmia.com
with smtp
(Linux Smail3.1.28.1 #4)
id m0ueRnV 000LGhC; Thu, 11 Jul 96 13:53 MDT
Apparently To:
Received: from merde.dis.org by remarque.berkeley.edu (8.7.3/1.31)
id MAA23472; Thu, 11 Jul 1996 12:49:56 0700 (PDT)
Look at the three  received messages. My ISP s computer received this email not directly from
Remarque.berkeley.edu. but from merde.dis.com, which in turn got the email from Remarque.
Hey, I know who owns merde.dis.org! So the Berkeley computer forwarded this fake mail through famed
computer security expert Pete Shipley's Internet host computer! Hint: the name "merde" is a joke. So is
 dis.org.
Now let s see what email from remarque looks like. Let s use Pine again:
Date: Thu, 11 Jul 1996 12:49:56 0700 (PDT)
From: santa@north.pole.org
Message Id:
This is fake mail on a Berkeley computer for which I do not have a password.
Hey, this is pretty kewl. It doesn't warn that the Santa address is phony! Even better, it keeps secret the
name of the originating computer: plato.nmia.com. Thus remarque.berkeley.edu was a really good computer
from which to send fake mail. (Note: last time I checked, they had fixed remarque, so don t bother telnetting
there.)
But not all sendmail programs are so friendly to fake mail. Check out the email I created from atropos.c2.org!
telnet atropos.c2.org 25
Trying 140.174.185.14...
Connected to atropos.c2.org.
Escape character is '^]'.
220 atropos.c2.org ESMTP Sendmail 8.7.4/CSUA ready at Fri, 12 Jul 1996 15:41:33
help
502 Sendmail 8.7.4 HELP not implemented
Gee, you're pretty snippy today, aren't you... What the heck, let's plow ahead anyhow...
helo santa@north.pole.org
501 Invalid domain name
Hey, what's it to you, buddy? Other sendmail programs don't give a darn what name I use with "helo." OK,
OK, I'll give you a valid domain name. But not a valid user name!
helo satan@unm.edu
250 atropos.c2.org Hello cmeinel@plato.nmia.com [198.59.166.165], pleased to meet you
Verrrry funny, pal. I'll just bet you're pleased to meet me. Why the #%&@ did you demand a valid domain
name when you knew who I was all along?
mail from:santa@north.pole.com
250 santa@north.pole.com... Sender ok
rcpt to: cmeinel@nmia.com
250 Recipient ok
data
354 Enter mail, end with "." on a line by itself
Oh, crap!
.
250 PAA13437 Message accepted for delivery
quit
 221 atropos.c2.org closing connection
OK, what kind of email did that obnoxious little sendmail program generate? I rush over to Pine and take a
look:
Return Path:
Well, how very nice to allow me to use my fake address.
Received:
from atropos.c2.org by nmia.com
with smtp
(Linux Smail3.1.28.1 #4)
id m0ueqxh 000LD9C; Fri, 12 Jul 96 16:45 MDT
Apparently To:
Received: from satan.unm.edu (cmeinel@plato.nmia.com [198.59.166.165])
Oh, how truly special! Not only did the computer atropos.c2.org blab out my true identity, it also revealed
that satan.unm.edu thing. Grump...
that will teach me.
by atropos.c2.org (8.7.4/CSUA) with SMTP id PAA13437 for cmeinel@nmia.com; Fri, 12
Jul 1996 15:44:37 0700 (PDT)
Date: Fri, 12 Jul 1996 15:44:37 0700 (PDT)
From: santa@north.pole.com
Message Id:
Oh, crap!
So, the moral of that little hack is that there are lots of different email programs floating around on port 25 of
Internet hosts. So if you want to have fun with them, it's a good idea to check them out first before you use
them to show off with.
GUIDE TO (mostly) HARMLESS HACKING
Vol. 1 Number 3
How finger can be used to crack into an Internet host.
_______________________________________________________
Before you get too excited over learning how finger can be used to crack an Internet host, will all you law
enforcement folks out there please relax. I m not giving step-by-step instructions. I m certainly not handing
out code from those publicly available canned cracking tools that any newbie could use to gain illegal
access to some hosts.
What you are about to read are some basic principles and techniques behind cracking with finger. In fact, [ Pobierz całość w formacie PDF ]

Pokrewne