|
First of all;
the disclaimer:
-----------------------------
The information in this article is 'as is' and the author
can't be held responsible for any activities iof others. Spawning mail under someone elses name is illegal in most
countries and re-using someone elses code is theft. This text was
written so that this still wide spread ptroblem gets a little more
well known thus forcing webmasters to take another look at their
code.
This out of
the way; What is in this text:
------------------------------------------
Well it will explain a little trick that will allow you to
use webservers as a mailserver, enabling you to send anonymous
mail. This doesn't involve you writing a complex program and reading
true the SMTP man pages (although that wouldn't be a waste of
time), all you will need is a browser.
How do we do
that then: HTML
----------------------------
What we are going to use to build our mailng thingy is HTML
(plain old HyperText Markup Language). Some basic things you should
learn before you continue reading:
- HTML is build up with tags, that mark the beginning and
ending of code blocks Each page starts with the <HTML> tag and ends
with </HTML>
The page is then devided in a HEAD and a body, with the
<HEAD> </HEAD> and <BODY> </BODY> tags
e.g.
<HTML>
<HEAD>
<TITLE>The title of
my page</TITLE>
</HEAD>
<BODY>
this text will be
displayed on your page
</BODY>
- besides these basic tags you also have the <FORM></FORM>
tags, between these two you create a form ( a block of html code
that is considered as a whole.) Now, each part in a page has some
parameters the <BODY> for example can have a backgroundcolor, these
parameters are stated behind the opening tag of a block e.g. <BODY
BGCOLOR="black" BGSOUND="http://www.wavs.org/loonytune.wav">
My page
</BODY>
a form can be given some parameters as well
<FORM
ACTION="http://provider.com/php/callme.php/" METHOD="POST">
the action parameter is the script that will be used to
handle all those variables (<INPUT></INPUT>) in the form and METHOD
is POST or GET, POST means sending the variables to the action
script and letting it run from there on end. GET means the variables
are sent to be altered and the pages expects something in return
from the script (like a google search page GET me everything with
"Fake" and "mailer")
This actionscript will be called as soon as one presses the
SUBMIT button that's within the <FORM></FORM> tags.
'Nough crap:
lets build
-----------------------
We are going to build this fake mailer by using 'open code'
(read crappy code) on a webserver. Many Internet Solutions Providers
re-use the same script for different clients. It is even common use
that the actual scripts stay on their own servers and that the
pages on the clients server are linked to it. This is what we are
going to use. First of we need one of those client's websites where
we look for a CONTACT US form. Most sites have one of those so
finding one shouldn't be any trouble. Once you have found one of
those contact-us pages we are going to see if we can exploit it.
To do this open the source code of the page and look for
the <form> tag. What we need is a form tag that looks kinda like
this <FORM ACTION="http://www.provider.com/scripts/contact.php"
METHOD="POST">. Once we found this tag we need to look at the
lines beneath it. Many of these pages call a script (the one thats
labeled ACTION in the form tag) and send a load of variables to it
(method="POST"). NOw we have to look for a variable that states the
recipients email.
e.g. <INPUT TYPE='HIDDEN' NAME="EMAIL"
value="sales@client.com">
So here we see that one of the variables sent to the script
is the email of the recipient.
Once you have found this you know that we can use the
providers script to send our own emails.
So lets start building. First step is Downloading the
entire contact page to your disk. Once downloaded we are going to
build our lightweight mailer. Go to the downloaded page and open it
with a text editor. Once opened look for the input tag with the
recipients adress again. Now set the TYPE property to 'TEXT' and
save the page.
Open the altered page in your browser.
You will see that at new textbox has appeared with the
recipients email. Now you can type in the email of the person you
wish to send an email and fill in the other boxes. Press SUBMIT or
SEND or whatever they called the button and your email is on its
way.
There, you build a mail program within a minute.
Most of those scripts are proteced so that you can't post
the altered page on your own webserver and run it from their (domain
checking), but using the altered page from your own pc can't be
blocked.
Another common feature of those re-usable scripts is that
they read all the variables in the page and put it in the mail.
So you can create your own <input> values and delete those
you don't need, this way you can create a mail that suits your
needs a little more.
Note: Most scripts send the mail in lear text format (bye
bye virii)
Workarounds:
How do I prevent people from reusing my script?
------------------------------------------------------------
Instead of using an html page as contact form, use a client
side script that will only display the contact form if a the
HTML_REFERER is on your domain. Or you can put all client-side
variables in a client side script that functions as a buffer
between your contact-script and the page, thus making sure that the
home-user only gets to see the variables that he actually needs to
fill in.
FIn
---
See, that wasn't to hard. Now go find yourself a place to
practice.
Created by Crim3
www.HACK3Z.com
|