Introduction: SMTP Fun

This instructable is about hacking and just messing around with the SMTP servers in general. I will show you how to use nslookup to find out what your email's SMTP server is, how to telnet into it, and how to send mail from the server to yourself or other people.

note: FUBAR stands for something along the lines of "F***** Up Beyond All Recognition

Step 1: Getting the Names & Numbers

Ok, time for nslookup! Go to Start-->Run and type in: "cmd" and press enter. When the command prompt comes up, type in "nslookup", and then press enter. The command prompt should now have stuff written on the screen about your IP address, and about your ISP (Internet Service Provider). Now, type in:

set type=mx
(your email server here)

This should display your email provider's email servers.

Step 2: Finding the Right Address and Telneting In

From the last step, you can see a lot of different stuff that looks like gibberish to the untrained eye. But fear not, for I shall help you in this time of need! First, you only want to pay attention to the block of addresses at the top that are formated in a table. Bring up the command prompt, and type in:

telnet (first address here) 25

If you get a response from the server saying something like:

220 mx.google.com ESMTP 31si4851324nfu

Then you are all set up to go to Step 3: Mail Time! If not, and you get something like this instead:

Connecting to google.com.....Could not open connection to the host, on port 25: Connect failed

Then you need to repeat this step with the next server down the list. If you have exhausted your list from nslookup, and still had no luck, then there is probably a problem with your ISP or the people on that email service don't allow inbound telntet connections. For example, I have been told that AOL users can't telnet, but I can not test it because I don't have AOL.

Step 3: Mail Time!

As you can see in the pictures, I used these commands, in this order:
helo -- this preps the server for the mail address

mail from: -- This is who it sends from.

rcpt to: -- This is who it sends to.

data -- This tells it the following is the message

From:something here }
To:something here } These are some headers.
Subject:something else here }

(message here) -- this is the message

. -- this tells the server end of data, send it now.

exit -- exit the connection

As you can see in the pictures, pressing backspace does not work very well. :(

Comments

author
account3r2 made it! (author)2012-04-21

421 Cannot connect to SMTP server 65.55.37.120 (65.55.37.120:25), connect timeout

Connection to host lost.


/\ That's what keeps happening on lots of servers I try...

author
crapflinger made it! (author)2007-07-03

this is spoofing mail...technically not the most legal thing...but if the server doesn't have it's relays turned off...then well...it's they're fault MOST public mail servers (gmail included) won't actually let you send mail from them via telnet....most of them have their relay permissions set correctly to only allow mail to be sent from specified locations (such as the server you connect to at gmail.com)....if the server doesn't recognize your IP address...it will reject the mail with "unable to forward for" kind of messages...or if you don't try to send FROM an actual email address in their system it will fail...etc......every once in a while you CAN in fact find a mail server that's not locked down...and you can send mail however you like...but this day and age...that's getting rare

author
duct tape made it! (author)duct tape2007-07-03

Ya. I used to do this all the time a few years back, but they started to pick up on the security. So far you can usually only do this stuff on third party websites.

author
Saturn V made it! (author)Saturn V2010-10-25

What kind of websites can you still do this on?

author
J-Manoo7 made it! (author)2010-09-05

Doesn't work for me,,, a little help? I attached what I typed and the result I got after I pressed the enter key. after I pressed the enter key, the telnet screen was blank for 15-20 seconds and then showed that error. -J

telnet1.pngtelnet2.png
author
duct tape made it! (author)duct tape2010-09-05

Use the mail exchange with the lowest number for preference. You used the 4th alternate, try the main one instead.

author
J-Manoo7 made it! (author)J-Manoo72010-09-07

Thanks for the suggestion, I tried it but to no avail. Am I getting this because my server is my wireless router?

author
duct tape made it! (author)duct tape2010-09-08

What do you mean by that?

author
J-Manoo7 made it! (author)J-Manoo72010-09-09

In the first picture when I type "nslookup" I don't get my web providers domain, I get my wireless router. I tried connecting to smtp.gmail.com and got a reply immediately though. However it told me I didn't have the right authentication. After testing some more later that night, I remembered I can use the "tracert" command to trace the ip address map all the way to a server. So I did:
tracert google.com
tracert yahoo.com
and looked at the similar addresses, the main ones happened to be from att.net. Then I went to this site: http://www.smtpinfo.com/smtp_servers.php and tried to used the mailhost.worldnet.att.net  and I was able to send one (yay!) except I couldn't get the subject field, the from: field, or the To: field to be filled. Even though I had to specify the MAIL FROM: and the RCPT TO: before I could send it.

author
duct tape made it! (author)duct tape2010-09-10

yeah.. gmail may have gotten better about unauthorized smtp. there are still others that allow it though.

author
J-Manoo7 made it! (author)J-Manoo72010-09-15

Any tips on getting those fields filled?

author
duct tape made it! (author)duct tape2010-09-16

When you get connected to the server try typing in 'help' or similar. Some servers are actually user friendly lol.

author
J-Manoo7 made it! (author)J-Manoo72010-09-23

I did that *feels smart-er than usually* but it only returned some of the commands. Most of them give a url that leads to some page on smtp basic rules and commands, but I don't think they are server specific. (I think GMail does the latter, if you wanna give it a shot.)

author
duct tape made it! (author)duct tape2010-09-23

Try a different webserver maybe? Let me try gmail again and I'll try to see what's up.

author
rocketkid made it! (author)2010-09-19

every time i type in "mail from:(any address)" it says connection to host lost... =/

author
jonnyboy24 made it! (author)2009-04-11

do you not have to enter a password in any of these steps in order to login to the email account??

author
duct tape made it! (author)duct tape2009-04-19

Well, you aren't actually loging in to the email account, so no. Basically all that you can do is send an email from a spoofed address. you can't read the person's email that you send it from.

author
Hack tester made it! (author)2008-07-13

Hey dude,
It was really nicei followed upto some extent,but when i enetr my email address for the mail from,I'm always getting 555.5.5.2 syntax error.i7si17877668nfh.8,wat shud i do next kindly guide me,my email address is joelovesvoldemort@gmail.com

author
John Smith made it! (author)2008-06-18

I assume you cant do this on Vista? I opened it and the nslookup didnt come up as anything

author
demonlord made it! (author)demonlord2008-06-25

Actually you can... to stop random stupid people from messing around with telnet Microsoft copied Macintosh and put a tiny line of code before the telnet. To access telnet, you basically have to put in that code (i think its something along the lines of %*S# ) and then do everything normally. I actually don't know the code itself but you could look it up on google as "how to telnet from vista"

author
John Smith made it! (author)John Smith2008-06-25

yep, thanks! i overlook google sometimes. turns out you have to manually turn on the telenet, and windows installs it for you

author
locofocos made it! (author)2008-05-24

If this still was in voting I would definitely one-up it. I had tried it a while back, but couldn't get anything in the subject, who it was from, or in the body, but I still got an email. Now I can get it to look just like a real email. Here's the content of one of mine that worked-

220 mx.google.com ESMTP i49si17476598rne.0
helo God
250 mx.google.com at your service
mail from:<God>
250 2.1.0 OK
rcpt to:<patrickboatner@gmail.com>
250 2.1.5 OK
data
354 Go ahead
from:God
to:patrickboatner@gmail.com
subject:Keep up the h good work

Hey Patrick,
How has it been down there on earth? I hope you have a good summer.
Keep up the good work, abnd I'kk be seeing you sometime soon.
Sorry for all the typos, I didn't put a backspace key on my
heavenly keyboard :) .
His Majesty,
God
.
250 2.0.0 OK 1211646734 i49si17476598rne.0
quit
221 2.0.0 mx.google.com closing connection i49si17476598rne.0

Connection to host lost.

And here's a picture from my inbox-
https://www.instructables.com/files/orig/F5K/7I26/FGL9670I/F5K7I26FGL9670I.bmp

email.bmp
author
duct tape made it! (author)duct tape2008-05-26

That is so funny! Glad to hear someone finally likes this.

author
1252429 made it! (author)2007-10-19

Rogers' E-mail sever isn't locked down yet

author
duct tape made it! (author)duct tape2007-11-07

who?

author
Tobita made it! (author)Tobita2008-05-23

roger's is a service provider

author
lukem made it! (author)2008-01-30

When i type in telnet gsmtp183.google.com 25 it says: unrecognized command. btw i have vista home premium

author
duct tape made it! (author)duct tape2008-02-01

vista doesn't have telnet built in. you have to download it from the internet. sorry :(

author
yellowsushimustard made it! (author)yellowsushimustard2008-04-13

yes it does, just go to control panel, programs and features, and click on "turn windows features on or off" on the left colum. scroll down to telnet client and cleck the box. it worked for me

author
duct tape made it! (author)duct tape2008-04-13

Oh. I remembered seeing that telnet isn't installed in vista somewhere...

author
yellowsushimustard made it! (author)yellowsushimustard2008-04-13

thats odd, are you sure? on the list of windows features that you click on it is the 6th one up from the bottom.

author
duct tape made it! (author)duct tape2008-04-14

I don't have Vista, I just had read a snip about it not being there. I didn't read the whole thing, I just skimmed, so I probably missed that. If you can find it, then it's probably there.

author
yellowsushimustard made it! (author)yellowsushimustard2008-04-16

oh, sorry

author
keastes made it! (author)2008-04-16

just a note: FUBAR is an old WWII acronym meaning Fouled Up Beyond All Repair

author
vectoralpha made it! (author)2008-04-15

try typing bash once you telnet in, it might enable backspace

author
Danny A made it! (author)2008-01-15

After i type in set type=mx
gmail.com - it comes up with **** No mail exchange (MX) records available for gmail.com

author
stratholm made it! (author)stratholm2008-01-15

Must be something with your setup because it worked for me.

author
!Andrew_Modder! made it! (author)2007-07-02

so its pretty much just a complicated way to send an anonamous email??

author
duct tape made it! (author)duct tape2007-07-02

It is kinda like forging e-mail, but ya I guess.

About This Instructable

19,708views

28favorites

License:

More by duct tape:How to make a Jacob's Ladder!SMTP FunNetcat fun!
Add instructable to: