Sometimes hacking is just Fun! but its sometimes bad too. So we should always be cautious while taking any action. Now you can prank with your friends by performing the SMS DOS attack on your friend mobile number by simply sending the huge number of SMS. According to researcher of International Institute of Cyber Security, SMS can be a critical vulnerability of hack any mobile.

This bomb3r tool is used for SMS DOS attack, this tool sends a large number of OTPs to the target mobile number.

Environment

• OS: Kali Linux 2020 64 bit
• Kernel-Version: 5.6.0

Installation Steps

• Use this command to clone the project on kali machine.
• git clone https://github.com/crinny/b0mb3r

root@kali:/home/iicybersecurity# git clone https://github.com/crinny/b0mb3r
Cloning into 'b0mb3r'...
remote: Enumerating objects: 12, done.
remote: Counting objects: 100% (12/12), done.
remote: Compressing objects: 100% (12/12), done.
remote: Total 1596 (delta 4), reused 0 (delta 0), pack-reused 1584
Receiving objects: 100% (1596/1596), 778.31 KiB | 960.00 KiB/s, done.
Resolving deltas: 100% (1040/1040), done.

• Use this command to enter into the b0mb3r directory

root@kali:/home/iicybersecurity# cd b0mb3r/
root@kali:/home/iicybersecurity/b0mb3r#

• Use this command to install the requirements
• pip3 install -r requirements.txt

root@kali:/home/iicybersecurity/b0mb3r# pip3 install -r requirements.txt
Requirement already satisfied: wheel in /usr/lib/python3/dist-packages (from -r requirements.txt (line 1)) (0.34.2)
Collecting fastapi
  Downloading fastapi-0.59.0-py3-none-any.whl (49 kB)
     |████████████████████████████████| 49 kB 332 kB/s
Collecting uvicorn
  Downloading uvicorn-0.11.6-py3-none-any.whl (43 kB)
     |████████████████████████████████| 43 kB 468 kB/s
Collecting aiofiles
  Downloading aiofiles-0.5.0-py3-none-any.whl (11 kB)
Collecting pydantic
  Downloading pydantic-1.6.1-cp38-cp38-manylinux2014_x86_64.whl (11.5 MB)
     |████████████████████████████████| 11.5 MB 3.7 MB/s
=================================================================================================SNIP===================================================================================================================================
Requirement already satisfied: urllib3>=1.10.0 in /usr/local/lib/python3.8/dist-packages (from sentry-sdk->-r requirements.txt (line 10)) (1.25.8)
Requirement already satisfied: h2==3.* in /usr/lib/python3/dist-packages (from httpcore==0.9.*->httpx->-r requirements.txt (line 7)) (3.2.0)
Installing collected packages: pydantic, starlette, fastapi, websockets, httptools, uvloop, uvicorn, aiofiles, rfc3986, hstspreload, sniffio, httpcore, httpx, sentry-sdk, loguru
Successfully installed aiofiles-0.5.0 fastapi-0.59.0 hstspreload-2020.7.17 httpcore-0.9.1 httptools-0.1.1 httpx-0.13.3 loguru-0.5.1 pydantic-1.6.1 rfc3986-1.4.0 sentry-sdk-0.16.1 sniffio-1.1.0 starlette-0.13.4 uvicorn-0.11.6 uvloop-0.14.0 websockets-8.1

• Now, use this command to launch the tool, b0mb3r
• This will start the service on loopback IP and on a particular port. http://127.0.0.1:8080.
• Now, open this URL in the browser

• Successfully we launched the tool.
• Now choose the country code, the enter the target number and number of SMS you want to send to victim mobile

• Now, click on start attack option.
• This will send the large number of SMS to the target number as shown below.

• In the same way, we also receive the logs files on kali console.

Conclusion

We saw on how to perform a DOS attack on a particular mobile number by sending huge traffic and most of the people use this tool for fun purpose.

The post SMS Bomber – Prank With Your Friends by Flooding SMS appeared first on Information Security Newspaper | Hacking News.

Fake text or fake SMS or fake message are the biggest threat industry is facing. All applications require an account to keep your settings, app usage. While registering through applications, they generally require mobile number for registering & returns with OTP (One Time Password). You might encounter many times you receive unnecessary OTPs from different recipients. Many times attacks/ spammers uses SMS bombing techniques to irritate or disturb their targets.

SMS bombing is a technique of sending fake messages on any mobile number. SMS bombing uses an script containing SMS Gateway APIs. It uses SMS APIs of different SMS gateways. According to ethical hacking researcher of international institute of cyber security SMS bombers utilizes different gateways. SMS gateway providers gives services of forwarding, routing & storing incoming messages. For sending messages using SMS gateway connect with SMSC centers.

Some popular SMS Gateways are :-

• You can also check free APIs & you can use in creating sms bomber scripts. Go to : https://rapidapi.com/
• Nexmo SMS Messaging
• Twillo SMS
• TeleSign
• D7SMS
• Telnyx
• MessageBird
• Click Send (IntelTech)

SMS Bomber Application :-

• There are different tools which are used in SMS bombing. BombitUP is an application used in SMS bombing.
• Download application : https://www.bombitup.net/
• Download & install BOMBitUP_v4.03.1.apk
• Enter target mobile number & then enter no. of count messages you want to send.
• Click on BOMBIT

• You can also setup delays in no. of seconds. By default is 2.5 second.

• It depends on the bombit server. But most of times messages are sent on time.
• Click on Bombit

• Above screenshot shows that 10 messages has been sent. Below shows received messages.

• Above you can see received messages on the target number.

You can checkout the SMS Bomber practical :-

As per the ethical hacking researcher of International Institute of Cyber Security there are many more ways to send fake SMS or fake messages to do social engineering attacks

The post Fake text message attack. How Prank or hack your Friends with fake SMS Bomber appeared first on Information Security Newspaper | Hacking News.