SMS, or commonly referred to as text messaging, is a protocol originally developed in the 1980s and first implemented in the European GSM mobile standard in the 1990s.
Since then it has been implemented in almost every mobile communication protocol. It allows users to send a short message (SMS) of less than 160 characters from one person to another over the mobile network. It has become a ubiquitous feature of mobile communication in the 21st century.
In today's guide we will show you how to send fake and anonymous messages, trick your friends into clicking on the link you might send them, which may contain a funny YouTube video or some link that will trap the their device.
Step #1 Download and install Fake SMS
If we want to send fake SMS messages from Kali, we can download and install Fake-SMS from github.
sudo git clone https://github.com/machine1337/fake-sms
Once the download is complete, navigate to the new directory.
cd fake-sms
Now, grant execute permissions to run.sh
sudo chmod 755 run.sh
Finally, run the script
sudo ./run.sh
As you can see below, Fake-SMS opens a screen like this with a simple menu. To send an SMS message, just type 2.
You will now be prompted for a phone number and a message as shown below. I found this number among the many SMS scams out there right now.
I entered the phone number, hit enter, and was then prompted for a message. I typed the message and then hit send.
As you can see, I was able to send the fake SMS without any problems at all! The only downside is that with this script, we can only send one fake SMS per day for obvious reasons.
We can see the Fake-SMS we sent, with any text editor.
In this case I opened it with mousepad. When we do this, we can see that it's a simple bash script. When we scroll down to lines 119-120, we can see a curl command at textbelt.com . Obviously, this script uses the specific SMS site to send text messages.
Let's see if we can bypass this script and work directly with this website.
Step #2: Use curl command to send Fake SMS
First, we need to open an account on textbelt.com. Once we open an account, we can send one fake SMS per day or we can buy licenses and get an API key to use their service more often.
Now we can create our own text messages without Fake-SMS directly by creating a curl command in Linux (since you have an API, you can use a variety of languages but the curl command is the simplest). The syntax of this command is as follows:
curl -X POST https://textbelt.com/text –data-urlencode phone='phone number with country code'
–data-urlencode= message='text message'
-d key=Your API key
I can then create a command to send a fake text message as shown below using the same information from above and including my API key (the black one I cover).
This service responds with a message detailing the success of sending my message and the number of messages left in my limit.
At this point, if we wanted to create a phishing page to steal the victim's passwords, we would follow the guide below:
Send Fake E-Mail with SETOOLKIT
ή
Guide to a Successful Phishing Attack
If we want to access the victim's camera or microphone, then we will follow the guide below:
Access devices remotely with just one click from the victim!
Summary
In a few words, we saw how we can send easy, fast and anonymous messages, how we can enrich our messages with malware infected links and phishing.
Caution: Use the above method at your own risk!
