Spoofing usually refers to sending electronic mail in such a way that it looks like someone else was the one who sent it. Spoofing can also refer to any act whereby a hacker impersonates another user. Let's stick with the first, more common definition for a while, and look at some ways in which spoofed e-mail can benefit the
low-level hacker who wants to make good for himself.
One prototypical scam is to spoof an e-mail letter from the system operator. Susie User, a highly powerful person on the system, is on-line, going about her usual business. She checks her mailbox and is surprised to find a letter has just been mailed to her from the system administrator. The letter talks about how, because
of security breaches, they will now be issuing new passwords every six weeks. "Your new password is D4YUL," says S.U.'s e-mail. "You can change it yourself with the 'SET - PASS' command. Remember it! Don't reveal it to anybody! Computer security is an important issue that can not be taken lightly!"
A few moments later you notice that Susie has issued a SET-PASS command, and a few moments later you log on in her name, thus achieving her higher security privileges. It works every time! The trick is, you have to know how to spoof to do it.
Before you can spoof e-mail, you have to understand how such a thing is possible. Now, if you've ever used any sort of electronic mail program, whether on a mainframe or local BBS, you know that to send mail, the user enters basically three pieces of information: destination, subject and the body of the letter. Some mail
programs allow fur-ther complexities, such as the inclusion of other text files or programs, return receipts, etc., but let's just concern ourselves with the most primitive of mail-ing programs, as those are the ones that get the most usage. When you send electronic mail to another user, the computer automatically places a heading on top of the letter, which identifies it as having come from you. To spoof e-mail you will want to some-how change that heading, so it looks as though the letter was written by the person in charge of the system.
Usually one sends mail by running a mail pro-gram. The mail program includes a text editor and facilities to send mail to other users. But in many cases you don't have to use a special mailing program to send mail. There is usually a fundamental shell progran-uning command that allows you to send text or a file, into a file on
another user's direc-tory. This is what the mailing program does: it sends the text of your message into a file called MAIL.TXT or something similar, and when Susie U. executes her mail program, it will display the contents of the file MAIL.TXT.
As you can imagine, it is a simple task to open a text file, type in a header that looks like a header from a superuser's letter, then add your own text to the bottom of the file. Next you use the "send file" command to put this file into another user's direc-tory. Make sure the directory you put it in is one with higher access privileges than your own!
Sometimes the operating system itself foils this scheme. For example, one of the Internet protocols requires the two computers involved with the mail transfer to compose the letter headers. To spoof on the Internet, one would connect to a host through port 25, which is how e-mail is transferred to a site. Normally only two
computers connect in this way; there may be security safeguards in place, but if there are not, you can pretend to be a computer sending the commands to generate an e-mail mes-sage. This includes "mail from" and "rcpt" which establish who the sender and recipient are. Use "help" to get yourself through this.
Earlier I mentioned that spoofing is also con-sidered to be any form of on-line impersonation of another.
Many multi-user systems let users chat with each other by way of a command called TALK or WRITE, or something similar. When you issue a TALK command, a message appears on the recipi-ent's screen, saying that you wish to talk. If the other user wants to talk with you, he or she issues the TALK command also. Then
whatever you type appears on the other one's screen and vice versa. It may also be possible to filter the contents of a file onto another's screen by way of a TALK command. The hacking possibilities are endless!
One popular trick is to TALK a message like, "SYSTEM FAILURE. SHUT OFF YOUR TEW41-NAL WITHOUT DISCONNECTING TO PREVENT FURTHER DAMAGE. SYSADMIN," onto another person's screen. When they hang up, you piggy-back a ride on their account. As with e-mail spoofs, you can't actually use the TALK command to put text on another user's screen. You have to go into the source code of the TALK program, see how it writes to another screen, and use those commands. This bypasses the
safety features inherent in the TALK command. (If you use the actual TALK command to send this sample error message, the other party will see that it's you sending the message, not the Sysadmin. You have to emulate the TALK header which announces the name of the user sending text. You also want to go down to
the fundamental "send text" statements because you don't want the user to have the option of not talking with you.)
It's a recognized fact that spoofing accounts for a good majority of system security failings, mainly because they're so easy to do once you've gotten on-line and taken a look at the software source codes and manuals. Another trick relies on TALK-ing a message that an intelligent terminal will un-derstand. When you use a TALK command you aren't putting words into the OS prompt's mouth - the OS is simply putting what you type onto the remote terminal's screen. One way to get around that depends on the remote hardware. Some intel-ligent terminals have a Send or Enter escape se-quence that tells the terminal to send the current line to the system as if the user had typed it in from the keyboard. You can use TALK to send a message that contains a suitable escape sequence to do naughty things like email confidential documents back to you and the like.
Not only e-mail and TALK, but other com-mands are also known to be rife with ways they can be misused to a hacker's benefit. Anytime you come across a command which allows interaction with another terminal, study it closely to see how it can be manipulated.
Look at programs, too, to see if they can be used to communicate out of your own directory. The GNU-EMACS text editor (used on UNIX computers) allows you to send the file you are working on to another person's directory. If you happened to name that file ".login",(Under UNIX, "Jogin" is the name of the batch file that gets executed once a user logs into his or her account.) then whenever that user logged on, that ".login" batch would execute. And if part of that "Jogin" included mailing the user's secret stuff to your account, so much the better.
