E-mail servers are usually prepared to receive several hundred e-mails a minute. When volumes like these are coming, administrators need to automate a checking process, to make sure these e-mails are not spam, or contain viruses. To this end, when two e-mails come in, they are scanned simultaniously, and not done in interation. You can imagin if say, gmail or hotmail attempted this, they would have customers waiting days at a time to receive their e-mail.
You would have to try very hard to find an e-mail server that checked incoming e-mails in a queue. Because of this, a security hole exists that can cause a denial of service condition.
The less-than-elegant way of implementing this is to open five or six of your e-mail client of choice (preferably eudora, outlook, or anything not webbased). Compose an e-mail in each client, with an attachment. I would recommend an attachment larger than 500K, but under a megabyte, but this is up to your experiment. This attachment should be a zip file, and possibly contain several levels of zip'd files (a compressed, compressed, compressed, compressed file). This takes signifigant CPU power to scan this file. This is because any good virus scanner will go several depths (usually three) into a compressed file to find potentially malicious files. Usually, it's not a big deal as it comes and goes in a second or two. However when your five or six e-mail clients send out this attatchement in tandum, the CPU load is extremely heavy. In 2003, it was rare that it took more than two simultanious e-mails with such attachments, before an incoming server needed rebooting. I believe after a few minutes of testing, an attacker would resume where I left off two years ago.
A more elegant version of this would be to write your own client that will send an attachment. I'm still working on that, and I'll post it once I do it.
If the human body was never exposed to ailments, it would be impressivly vulnerable to the slightest cold. If our country was never exposed to hacking, it would be oppressivly vulnerable to cyber terrorism. With out the creation of a malicious hacking, Afganistan could have destroyed America's economy with a ping flood. This is why I encourange maclicious hacking, as an ethical practice. Without strengthening our defenses, we are weak. This site is focused on security through knowledge. I detest the fact that so many companies are being exploited because malicious hackers know their security holes before they do. For that reason, I hope to educate where the exploits lay. This isn't a 100% information base, as I only publish things I have been able to implement on myself. No credit is needed anywhere . However if you are a publisher, I would appriciate credit. I am an advocate of open source, so copy and paste and call it your own if you like. If my work is good enough for you to plagerize then that is my biggest compliment . If my work is good enough, I will be approached and asked to write more ... this is natural selection of the digital age .
Previous hacks
- VX improved
- Hacking Nokia 7610 and Nokia 3210
- Cisco VPN Client Password Decryption
- Turning perl scripts into proxies
- Hacking e-mail harvesters
- Hacking Web based applications and scripts
- Hacking Search Engines as Anonymous Proxies
- Sevenfold Project (ham, the unspam)
- Hacking Google (MET)
- Hacking Pepsi Machines
Previous Hacks
This link kills spam
spam IP addresses
These are sites I block at my firewall.
cdn2.gms1.net
gms1.net
servedby.advertising.com
advertising.com
a.tribalfusion.com
tribalfusion.com
pimpslord.com
altfarm.mediaplex.com
mediaplex.com
ad.yeildmanager.com
yeildmanager.com
doubleclick.net
isg32.casalemedia.com
casalemedia.com
Two very recommended books:
. . The only hacking forum I have found worth mentioning here