Hack With SMS | SMS Spoofing like Mr. Robot!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

do you want to learn how to spoof or send sms's with any sender name I'm Zaid from Z security and in this video I'm going to show you how easy it is to do this but before we start make sure you show me some love by liking the video and sharing it subscribe to the channel if you haven't done so already and click on the Bell so that you get notified every time I publish a new video now before we start this video I just want to apologize for not publishing videos for the last few months but if you follow me on social media then you know that I've been very busy with the master class and with publishing my newest bug Bounty course that's why I couldn't make any videos for YouTube but anyway to stay updated with what I do follow us on social media because I share micro updates in there and we even have a tick tock there now so if you like Tick Tock you can go ahead and follow us there also before we jump into the video I would like to thank our sponsors Le node the node is a powerful and easy to use cloud provider they're giving you our followers a hundred dollars free credit if you sign up with the links below so you can use this free money to create machines on the cloud that will always be on and always connected to the internet so you can use this to do so many things such as hosting your own web applications own files and much more I actually covered hosting your own VPN with the node previously and I also covered cracking WPA really really quick literally in seconds using their powerful gpus the video links are in the description if you're interested and like I said use the link in the description to get 100 free credit with them thanks again the note for sponsoring this video but going back to our topic SMS spoofing it is very very useful and can be used in so many scenarios all you have to do is send a message as a sender that the target person will interact with and from there you can get the target person to do anything you want for example you can get them to download and install an application if you're pretending to be a boss or a friend you can get them to click on a link if you're pretending to be again a friend or a company that they work with and then from that link you can either hook them to beef so the link would be a malicious website or you can even ask them to log in so the link could be a login form to some kind of a website and the example that I'm going to show you later on I'm going to be sending a message as Google and I'm going to be telling the user that their account got locked and they need to click on a link to restore that account once they click the link they will get a form made by Google so it's not suspicious at all and in that form I'm going to ask them for their security questions and then from there I could go ahead and recover the password for the account using the security questions so the possibilities of this are endless and they actually even showed it in Mr Robot when Elliot was stuck and the manager of the facility was getting suspicious of him so his friends sent her a message printed in to be her husband and told her that he is in the hospital he needs her so she left Elliot alone and he continued the attack that he was doing in that episode not only that SMS proofing is very useful it's actually very easy to do because setting or changing the sender ID is a feature that a lot of SMS gateways support and it's used by a lot of marketing companies and even by the service providers themselves so all we have to do is find an SMS gateway that allows us to change the sender ID now previously this was very easy because pretty much all the SMS gateways allowed you to do this twilio used to be my favorite but they actually became very very strict and they asked for so many sensitive documents in order to allow you to do this therefore I did a bit of research and the one that I came across is provided by a website called octopush I'm not sponsored by this website at all I actually had to pay for it myself now using octopush is very very easy it's actually like using any other website first of all you're gonna have to register so you're gonna have to find the registration button or the link or right now they actually call it try for free so you're gonna have to click on that it's going to take you to the registration page you want to fill up your email your password phone number and sign up it might take you through one or two more steps to do that but this part of the process is very very simple so I'm not going to cover it right now once registered you want to go back to the home page and log in and just put the username and the password that you signed up with once you log in you're gonna notice at the top that you have zero credits which means that you can only send test messages which comes with very little freedom and they do not allow you to set the sender name which is what we want to do therefore you're going to have to click on that which will take you to this order page where you can add credit to your account so you can do a pay as you go as you can see in here or you can click on credit in Euros which will allow you to specify the amount of credit that you want to add to the account I'm going to set it to custom and I'm gonna set the value to 30 because that is the minimum amount of credits that you can top up your account with I'm going to click on order and this will take you through a checkout process again I'm cutting this process because it involves inputting private information and it's actually very very simple so I don't want you to get bored just seeing me filling in information to purchase credit once you add the credit you're going to see it in the order like so and we're just going to scroll down and fill up the rest of the information and I'm gonna click on complete order to complete the order as you can see the order is complete at the moment but I still don't have my credit on the top right because it actually takes a bit of time for your credit to appear in this platform so I actually took several hours for me until I saw the credit on the top right of the platform and now that my credit is applied to my account here on the top I can actually go ahead and use the services offered by this website including the fake sms's so to do that I'm going to go on a new campaign and I'm going to click on SMS as you can see this is very easy to use and very intuitive first thing you want to put your message in here and as I usually say in my social engineering courses you need to keep in mind the person that you're pretending to be so if you're pretending to be a friend of the target then make the message friendly if you are pretending to be a service on the internet then make the message more formal and so on so anyway we're doing this for testing and I'm gonna send a message to my own phone pretending to be Adrian which is a friend of mine so I can just say for example hey Zaid check out this new game that I made and then put a link to the game so assuming this is an Android backdoor and I cover this again in my courses we're pretending to be a friend of mine sending myself a message saying look at this game that I made and then because this is coming from a person that I know and actually does program I might actually download this game and install it and as a result the hacker will be able to gain full control over my phone that's not part of the video that's why I'm just putting any website in here just to get the idea across what we want to cover in this video is how to spoof sms's so that they look like they're sent from any other person next we need to set the audience or the person that we're going to be sending this message to so I'm going to click on keyboard so I can use the keyboard to input the phone number and I'm going to just type the phone number of the Target and finally we're going to set the sender so this is the main thing that we're covering in this video how to spoof the sender name so you can set this to any name you want for example you can set it to Instagram you can set it to my husband you can set it to my friend you can set it to any name that you think the target will interact to or will do what this person tells them so in this case we're just doing a test and we're gonna set it to Adrian because we're pretending that Adrian is sending me a game that he made and once you're happy you're gonna click on confirm in here to send the message now it's showing us a warning saying we're sending this message without testing it but that's fine I'm going to say validate without testing it's going to give you a summary of what you're doing you can see a preview of the message in here you can see the sender name this is the name that we are spoofing and if you're happy with all of this click on send and the message should be delivered to the Target now it could take a few minutes for the message to be delivered so be a bit patient some platforms like video are actually a bit faster but like I said they really tightened up their verification process to the point where they actually requested me to submit government documents and all of that and even though I'm doing this for testing purposes I just did not want to share sensitive information with that platform so just to show you how believable and how great this is right here I have two messages both from Adrian the one on the top is actually a real conversation that I was having with Adrian and I just added a test message in there and the second one is the fake SMS that we just sent as you can see so let me first click on the real one and just have a look on the top and on the layout so this is what a real conversation with Adrian looks like and if I go back and click on this poofed SMS as you can see it looks very similar to the conversation or to the layout that we had and the real conversation with Adrian so this is very very believable and as I said the possibilities of using this are endless because you can simply use it to get a person from one place to another you can get them to go and do an action like downloading a malicious file you can get them to click on a link and locate them similar to what I showed you in a previous YouTube video you can get them to click on the link and get them hooked to beef similar to what I show in the master class so it really just depends on you and your imagination another example here I sent a message that appears like it's being sent from Gmail and the content of it is telling you that the account has been compromised and locked and it's asking you to click on a link to restore it and I included a Google forms link so this link even though it's shortened it's actually a link to a form created by Google so it's very very believable and in that form you can ask them their security questions and use these security questions to gain access to their account or again this link could contain a malicious page with a beef hook or it could contain a fake Google login page with https enabled with a really nice domain again that's covered in my master class and that way you'll gain access to their account so like I said the possibilities are endless it really just depends on you and your creativity on how you want to use this and that's pretty much it let me know in the comments if you know of an SMS gateway that works better than octopush and don't forget to like the video subscribe and hit the Bell to get notified every time I publish a new video

Info

Channel: zSecurity

Views: 348,570

Rating: undefined out of 5

Keywords: Cyber Security, Ethical Hacking, Hacking, Pentesting, SMS, Spoofing, Text Message, Text Message Spoofing, Hack with SMS, SMS hacking, how to hack with sms, hack phone with sms, hack accounts with sms, hack account, sms hacking

Id: umPqpgbCSHY

Channel Id: undefined

Length: 11min 31sec (691 seconds)

Published: Sun Nov 20 2022