Greetings everyone!
This is probably well known, but for the noobs here I'd like to give a tutorial on email spoofing. But you may be asking, "what is email spoofing?". Well, it's pretty simple. It's faking an email, real or fake.
It can be legit like email@facebook.com or fake like fakeemails@fakemailsunited.org
Anything is possible.
To the tutorial babies.
All you need is one basic file in PHP, which in fact, you can copy and paste.
(Note this tutorial includes, an email spammer, and faker)
Heres index.php:
<h1>Email Spoof</h1> <p><b>USE AT OWN RISK</b></p> <? // error_reporting (0); if(!set_time_limit(0)) { $limit = false; } else { set_time_limit(0); ignore_user_abort(1); $limit = true; } $log = 'log.txt'; // Log file ini_set('max_execution_time', '0'); ?> <? $ip = getenv('REMOTE_ADDR'); if($_GET['mail'] == '1' || $_GET['mail'] == '2' || $_GET['mail'] == '3') { $_POST['to'] = stripslashes($_POST['to']); $_POST['msg'] = stripslashes($_POST['msg']); $_POST['from'] = stripslashes($_POST['from']); $_POST['subject'] = stripslashes($_POST['subject']); if($_POST['to'] && $_POST['msg'] && $_POST['from'] && $_POST['tipe']) { $headers = "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/".$_POST['tipe']."; charset=windows-1251\r\n"; $headers .= "From: ".$_POST['from']; $fz=$headers; if($_GET['mail'] == '1') { mail($_POST['to'], $_POST['subject'], $_POST['msg'], $headers) or die('Cannot send the message'); } elseif($_GET['mail'] == '2') { $_POST['to'] = explode("\n",$_POST['to']); foreach($_POST['to'] as $poluchatels) { mail($poluchatels, $_POST['subject'], $_POST['msg'], $headers) or die('Cannot send the message'); } } elseif($_GET['mail'] == '3') { if(preg_match('/[0-9]+/',$_POST['kol'])) { $f = fopen($log,'a'); fwrite($f,'Message sent &'.$_POST['msg'].'& with subject "'.$_POST['subject'].'" for "'.$_POST['to'].'" from IP - "'.$ip."\"\r\n"); fclose($f); for($i=0;$i<$_POST['kol'];$i++) { $r=rand(1,10000); $headers=$fz.$r."\n"; mail($_POST['to'], $_POST['subject'], $_POST['msg'], $headers) or die('Cannot send the message'); sleep(1); $headers=$fz; } } else { echo('Incorrect (or not entered) number of messages'); } } $f = fopen($log,'a'); fwrite($f,'Message sent &'.$_POST['msg'].'& with subject "'.$_POST['subject'].'" for "'.$_POST['to'].'" from IP - "'.$ip."\"\r\n"); fclose($f); echo('<center><b><font color="green">Message succesfully sent</font></b></center>'); } else { ?> <form style="width:350px" method='post'> <? if($_GET['mail'] == '1' || $_GET['mail'] == '3') { echo("Receiver <input type='text'name='to'><br>"); } ?> Sender <input type='text' name='from'><br> Subject <input type='text' name='subject'><br> <? if($_GET['mail'] == '3') { echo("Amount of messages <input type='text' name='kol'><br>"); } ?> <br> htm -> <input type='radio' checked='checked' tabindex='1' name='tipe' value='html'> :: <input type='radio' name='tipe' value='plain'><- text<br> <? if($_GET['mail'] == '2') { echo("Receivers<br><textarea name='to' rows='10' cols='30'>abc@gmail.com xyz@yahoo.com zzz@zzzz.com</textarea>"); } ?> <br>Message<br> <textarea name='msg' rows='10' cols='30'></textarea><br><br><input type='submit'> </form> <? } } else { ?><br> <a href='<?=$_SERVER['PHP_SELF']?>?mail=1'>Send simple fake message</a><br> <a href='<?=$_SERVER['PHP_SELF']?>?mail=2'>Spam 1</a><br><a href='<?=$_SERVER['PHP_SELF']?>?mail=3'>Spam 2</a><br> <?
} If this doesn't work, its because of spacing and you should see
http://prestoapps.org/mailspoof/script.js It runs on toggle() in JS.[/font][/size]
Not much of a tutorial, more of a giveaway.[/font][/size]
Please note that email spoofing needs a website to be run on, and emails can be limited on servers, and it may not be included at all. SO check with your hosting provider.
Note this is at your own risk.
