HOWTO: Bypass Email Filters

HOWTO: Bypass Email Filters
@ HOW-TO -> Windows Oct 04 2005, 07:57 (UTC+0) s0journist writes:
Email service is consistently ranked as the most important line-of-business application running on corporate networks. Downtime is punctuated by the vacant stares of executives and nervous twitching of management.

While email earns the adoring worship of office workers worldwide, there is another side to this seemingly benevolent service. The very application that connects us to customers, clients and the outside world, also delivers evil to our inboxes. Email is the biggest supplier of viruses into corporate networks. No amount of user education and written policy can overcome the temptation to peek at a message titled "FW: FW: FW: FW: RE: Angelina Jolie nekkid!~!!"

Administrators must attempt to secure networks against malicious attachments, spam and other email uglies. Gone are the days when educated users pushed text email back and forth with Pine. It is no longer enough to simply run antivirus on all the servers and desktops.

Even small business networks require server-side antivirus software. Some of the better applications include virus scanning, spam filtering and a feature called Sandboxing.

Sandboxing performs application layer filtering on incoming and outgoing messages. In particular, it can strip email attachments from messages. Better suites decide on whether to allow attachments to hit a user's mailbox by reading its file extention. Others simply strip all attachments. On a simpler level, some companies (and home users) only allow plain text emails.

Sandboxing goes a long way toward staving off viral infections. Many of the most notorious virii that have spread via email used Visual Basic Script for their payloads. Simply stripping all .vbs files that enter the mail server would stop the spread of nightmares like Melissa and I Love You. Many administrators have also banned .exe and .zip files from passing through their servers.

Security isn't the only issue that mail administrators have to tackle. Keeping up with the hungry storage requirements of users is also a challenge. Setting limits on maximum size for email messages helps with this endeavor. A coworker, for example, recently emailed a 600MB ISO of a Linux distribution because he was too lazy to FTP it.

All this protection comes at a price. Sometimes we need to send a file through email, but either our organization or the destination filters the message or attachment. How can I push a file through email without installing a bunch of software or begging some tired administrator to change the filtering software?

Using a few simple programs already loaded on every windows machine (yes, all the way back to Windows 3.1), we can pass executables, pictures, scripts and any other data in a mail-filter-friendly format.

The key is that every mail client and server accepts plain text. Pasting an executable as text into the message body will send it straight through the gateway software and into the mailbox of the remote user.

This would be a much shorter article if we could just throw a .txt extension on a file, open it in Notepad and paste it into the body of a mail message. Unfortunately, many file types don't deal with the conversion very gracefully.

Any program or data can be safely converted and shipped as text using three windows utilities that are present in every release of the operating system. Notepad, Wordpad and Object Packager will do the trick nicely. The only downside is file size.

Object packager was designed to embed data and programs into documents using Object Linking and Embedding (OLE). It packages any data format and allows it to be pasted into other documents.

To run Object Packager go to Start>Run, type in "packager" and hit enter. This brings up the small two-pane interface. Object Packager has a lot of features that won't be covered here, such as choosing pretty icons, making embedded, single-click batch files, etc. This article will focus on the job at hand: get a program email friendly.

To package the program we are preparing to paste into email, go to the File menu and select Import. Browse to the target file and click Open. This will put an icon representing the program in the left pane of the utility. Select Copy Package from the Edit menu. We are now done with Object Packager.

Next open Wordpad (Start>Run>wordpad). Paste your packaged utility into a new document. You will see an icon of the utility appear on the page. Double-clicking on the icon will run the program. You can actually load all your favorite utilities into a Wordpad document and run them all from inside the open file.

Wordpad uses Rich Text Format as its native format. RFT supports OLE, which is how you can run the program from inside the document. However, not all mail servers will support RTF, so we need to covert the document once more before transporting it.

Save your document to the hard drive and rename it from SomeFile.rtf to SomeFile.txt. We need to do the conversion as a rename, not Save As within Wordpad. Changing the file extention preserves all the RTF formatting. We don't want to actually downgrade the character encoding, just make it nice and clean for transport.

Now open the file in Notepad. You will see header information followed by page after page of hexidecimal. At the remote end, this hexidecimal will be used to recompile the program. Select all of the text and copy it.

Create a new email message and paste the text into the body of the message. Hit send and you've slipped past the filters that keep executables from passing through the server.

To get the program back into its orignal format, copy all the text from the body of the message and paste it into Notepad. Save the file as SomeFile.txt. When saved, rename it SomeFile.rtf. Open SomeFile.rtf in Wordpad. Inside the document you will see the orginal program. You can either run the program from Wordpad or cut and paste it to a folder on your hard drive.

The drawback to this method is the file size. The text version of the file will be many times larger than the original file. For example, winver.exe (a file in your system32 folder) is 5.5k. winver.rtf is 28k. If your server has size limitations, you may need to send an application accross multiple emails. The good news is, text is easy to break up and reconstruct. This makes size restrictions another use for this method.

Sojournist AT undernetwork DOT com