add sms spoofing back into SET (based on multiple demands)

2025-03-03 06:47:31 +00:00 · 2016-06-22 22:35:27 -04:00 · 2016-06-22 22:35:27 -04:00 · cddb71217b
commit cddb71217b
parent 24142e665e
5 changed files with 73 additions and 2 deletions
--- a/readme/CHANGELOG
+++ b/readme/CHANGELOG
@ -6,6 +6,7 @@ version 7.2
 * changed delay time for HTA attack vector from 3 seconds to 10 seconds to allow proper loading
 * added wording when using gmail and application specific passwords
 * rewrote ms08-067 instead of being the python exploit to use the metasploit default which is much more reliable
+* re-introduced the SMS spoofing method (now option 10) - it has been optimized and reduced to only use SMSGang as a main provider. 

 ~~~~~~~~~~~~~~~~
 version 7.1.2
--- a/src/core/menu/text.py
+++ b/src/core/menu/text.py
@ -36,6 +36,7 @@ main = ['Spear-Phishing Attack Vectors',
        'Wireless Access Point Attack Vector',
        'QRCode Generator Attack Vector',
        'Powershell Attack Vectors',
+	'SMS Spoofing Attack Vector', 
        'Third Party Modules']

 spearphish_menu = ['Perform a Mass Email Attack',
--- a/src/core/set.py
+++ b/src/core/set.py
@ -1169,15 +1169,23 @@ and send the QRCode via a mailer.
                    "Else refer to here for installation: http://code.google.com/appengine/docs/python/images/installingPIL.html")
                return_continue()

-        # Main Menu choice 10: PowerShell Attacks
+        # Main Menu choice 9: PowerShell Attacks
        if main_menu_choice == '9':
            try:
                module_reload(src.powershell.powershell)
            except:
                import src.powershell.powershell

+
+	# sms spoofing module option 10
+	if main_menu_choice == '10':
+	   try: 
+		module_reload(src.sms.sms)
+	   except:
+		import src.sms.sms
+
        # Main Menu choice 11: Third Party Modules
-        if main_menu_choice == '10':
+        if main_menu_choice == '11':
            sys.path.append(definepath + "/src/core")
            debug_msg(me, "importing 'src.core.module_handler'", 1)
            try:
--- a/src/sms/init.py
+++ b/src/sms/init.py
--- a/src/sms/sms.py
+++ b/src/sms/sms.py
@ -0,0 +1,61 @@
+#!/usr/bin/env python
+
+import re
+import glob
+import os
+from src.core.setcore import *
+import httplib
+import socket
+import urllib
+
+def send_smsgang_sms(to, origin, text, pincode):
+    try:
+        params = urllib.urlencode({
+                                   "tonumber" : to,
+                                   "senderid" : origin,
+                                   "pincode" : pincode,
+                                   "iso_msg" : text,
+                                   "unicode_msg" : "",
+                                   "B2" : "Send SMS"
+                                    })
+        headers = { "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
+                    "Content-type": "application/x-www-form-urlencoded; charset=UTF-8" }
+        conn = httplib.HTTPConnection('www.smsgang.com')
+        conn.request('POST', '/sendsms.php?langfile=en', params, headers)
+        response = conn.getresponse()
+        if (response.status == 200 and 
+                re.search("Your SMS was sent", response.read())):
+            print "\nSMS has been sent.\n"
+        else:
+            print "\nError while sending SMS - ensure that you have a valid PIN.\n"
+    except Exception as e:
+        print("\nError sending SMS - printing the error message: ")
+	print(e)
+
+def launch():
+        while 1:
+        	try:
+			to = raw_input(setprompt(["7"], "Enter the phone number to send to"))
+                	origin = raw_input(setprompt(["7"], "Source/spoofed number phone"))
+                        body = raw_input(setprompt(["7"], "Body of the message, hit return for a new line. Type quit on a line to exit"))
+			goat = ""
+                        while goat != 'quit':
+                                	body += ("\n")
+                                        goat = raw_input("Next line of the body: ")
+					if goat != "quit":
+						body += goat
+
+                except KeyboardInterrupt:
+                        break
+
+                pincode = raw_input(setprompt(["7"], "Your SMSGANG pincode"))
+                send_smsgang_sms(to.rstrip(), origin.rstrip(), body.rstrip(), pincode)
+                # Finish here then return to main menu
+                print_status("SET has completed sending the initial message. Check for errors.")
+                return_continue()
+		break
+
+print("The SMS Spoofing Method will send a message from a source number that you specify and a full message that you detail within this module.\n\nNote that the current and only supported module is through a third party called SMSGang. SMSGang requires you to purchase credits which you can purchase directly from http://www.smsgang.com/. When purchasing, you will get a specific PIN that allows you to send messages as stated. You must purchase these credits before hand in order to send randomized and spoofed source text messages. Please note that you should check the legality of SMS spoofing in your individual countries in order to ensure you are in within legal compliance with all source text spoofing laws.")
+print("\n\n")
+# launch the question area
+launch()