The Magic of Powershell – Email Spoofing

The magic of Powershell.

Something I’m learning more and more about as I spend more time in the IT world. Prior to my first technology job that I am in now, I had never even heard of this witchcraft. Automate everything? Sounds interesting.

But there’s also plenty of black, dark magic, and witchcraft that this Powershell stuff is capable of performing. A coworker of mine is somewhat of a Powershell enthusiast around the office. He is also a gremlin. Powershell pranks around the office have gained quite the reputation.

Leave your computer unlocked when you go to the bathroom? Expect to return to a laptop that will randomly speak dirty phrases to you randomly. Hasslehoff’d (yes it’s a verb) desktop backgrounds, spoof’d emails, and extra mouse dongles in your computer are quite the norm.

The extent to which I have been able to work with Powershell thus far in my career has been limited to Server 2012 commands – boring in comparison to it’s full capabilities. Today, I did have my first chance to exercise its capabilities.

While setting up this blog, another coworker of mine decided to exploit my lack of WordPress knowledge by installing a backdoor snippet of code so that he could have an admin log in and create users and edit my page. Very funny for all but me. Every time I made a change to my blog, he would change the theme, posts, add users, etc. I finally got past it but was still annoyed.

Introduce the Send-MailMessage cmdlet. This fun cmdlet enables a user to send emails to an email, and spoof it from another. All it takes to utilize this is knowledge of the mail server utilized by your domain’s email address.

Below is the snippet for how to use this cmdlet:

Example:

The above will send an email to georgesmith@company.com from georgesboss@company.com with the stated email subject line and body. This email will show up in George Smith’s email inbox appearing as if it came from his boss (sans signature). George would have no idea that this email didn’t come from his boss unless viewing the email properties which would show the original computer that sent the email.

Note: Spoofing emails has questionable ethical and moral implications when used in malicious ways. Use common sense for what is okay and always remember that even though IT may give you permissions to do things such as this, it doesn’t mean it’s always okay.