Email Spoofing Tutorial

Email spoofing is the creation of email messages with a forged sender address. It is easy to do because the core protocols do not have any mechanism for authentication. It can be accomplished from within a LAN or from an external environment using Trojan horses.

1. In this tutorial, I going to show you how to send phishing email by using fake email account. Before we start, you need to know most of the email service provider will filter the forged email to the spam folder. In order to bypass this authentication. We need to send from a live web server and with an Registered/Exist Email in order to make the email sent become trusted source and show Non-Spam folder (Inbox).


2. First of all, download the Email Scripting File from HERE. .


3. Now Proceed to www.000webhost.com to register an account by order Free Hosting.


4. Fill in your personal information.


5. Then wait for your account status from building to active. When it is active, click the Go to CPanel link.


6. Before we access to FTP manager , we must first Change Account Password.


7. After that, select the Getting Started Information button then File Manager. Key in your Password  then redirect to file-manager page.


8. Click into the public_html folder and Upload the extracted zip folder that you downloaded just now. (3files)


9. Change the permission of those 3 files to 755.


10. Finally, you can open the sendmail.php page in your file manager.

11.  Fill in the form and send.
12. Results output:
GMX Mail
Yahoo Mail

Google Mail



***Important***
Use this email form with your own responsibility, The author are not responsible to all the activity that done by readers.

Why failed?
  • The reason that I used 000.webhost as email server is for teaching purpose, the email will be sent unsuccessfully or delayed due to FREE web hosting. 
  • FromEmail doest not exist.
  • The webhost administrator have detected your illegal webpage and blocked the outbound traffic.
  • Use your own high specification server to ensure everything run smoothly. 
Countermesure
  1. Please do not provide any sensitive information such as login ID and Password to "Admin" via email.
  2. Choose services from the secure email service provider such as Gmail. 
  3. Once does not trust any "Admin" in the email. 
  4. Use DomainKeys Identified Mail for your company email domain to prevent hacker use it for spoofing.
To make your life easier, you can directly use this link to spoof. https://anonymousemail.me/

Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)