Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Tracking the Source of an Email

  1. #1
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Here is nice little tutorial on tracking the source IP of an email (this only works when the source of the email was Microsoft Outlook/Outlook Express as they encode the IP in the Message ID field).

    Based on the header data:

    Message-ID: <000701c89564$0115a292$cc4fb2bc@kagscc>

    "kagscc" is the hostname of the source computer.

    Break out the important portion (bolded between last $ and @):

    cc 4f b2 bc

    Reverse by octet and convert from hex:

    bc = 188
    b2 = 178
    4f = 79
    cc = 204

    Source IP address is 188.178.79.204

    Caveats:

    1. Unless the message ID or original IP was spoofed (possible), this is the IP of the computer that originally sent the email.
    2. If the email was sent using a private email address behind a router, you will get the private email address, which isn't exactly helpful.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  2. #2
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    I copied the previous post to its own thread; please feel free to add any tips or tricks on tracking email. I will add to the thread as I can.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  3. #3
    Junior Member
    Join Date
    Nov 2007
    Posts
    33

    Default

    nice, thanks for the tracking the source info, Extremley helpful!!

  4. #4
    Just burned his ISO
    Join Date
    Apr 2008
    Posts
    13

    Default

    That's awesome! Thank you.

    Something I've found to be semi-useful in the past is the free web-mail service by:

    w w w .bigstring .com
    They have an option in there where after you send an email from your account and it is viewed by the other party, you can see the IP address they viewed the email from. The email service also gives you the option to "masquerade" as another email you own (it will send a verification email to the other account you have to click on before it will let you do this.) Unfortunately, most email providers will mark your messages as spam if you do this.

    The service, if nothing else, is interesting to tinker with and experiment. If anyone else know of another service like this, please list it as well.

  5. #5
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  6. #6
    Senior Member
    Join Date
    Feb 2008
    Posts
    681

    Default

    Thank theprez98... I was going to copy and paste this very useful trick into a text file, as reference... but now I won't have to
    [FONT=Courier New][SIZE=2][FONT=Courier New]hehe...
    [/FONT][/SIZE][/FONT]

  7. #7
    Junior Member
    Join Date
    Jul 2006
    Posts
    45

    Default

    How do i convert to hex format from octet.

    Searched goggle and can't find a answer.
    ______________
    Tarmac Terrorist

  8. #8
    Junior Member
    Join Date
    Apr 2007
    Posts
    57

  9. #9
    Just burned his ISO
    Join Date
    Apr 2006
    Posts
    9

    Default

    How do I view the msg header in hotmail or outlook? I can't see this bit "Message-ID: <000701c89564$0115a292$cc4fb2bc@kagscc>"

  10. #10
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by Si2006 View Post
    How do i convert to hex format from octet.

    Searched goggle and can't find a answer.
    If you're using Windows, simply use the scientific calculator.

    Otherwise, there are many, many such conversions tools online.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •