search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.13k stars 13.97k forks source link

spoofing sms with metasploit #12829

Closed deanvin2019 closed 4 years ago

deanvin2019 commented 4 years ago

i use kali 2019 and wanted to spoof SMS using Metaploit

How'd you do it?

1.run metasploit 2.use auxiliary/client/sms/send_text 3.set all request give me under error: msf5 auxiliary(client/sms/send_text) > [-] Auxiliary failed: Errno::ECONNREFUSED Connection refused - connect(2) for "192.168.1.50" port 25 [-] Call stack: [-] /usr/lib/ruby/2.5.0/net/smtp.rb:539:in initialize' [-] /usr/lib/ruby/2.5.0/net/smtp.rb:539:inopen' [-] /usr/lib/ruby/2.5.0/net/smtp.rb:539:in tcp_socket' [-] /usr/lib/ruby/2.5.0/net/smtp.rb:549:inblock in do_start' [-] /usr/lib/ruby/2.5.0/timeout.rb:93:in block in timeout' [-] /usr/lib/ruby/2.5.0/timeout.rb:103:intimeout' [-] /usr/lib/ruby/2.5.0/net/smtp.rb:548:in do_start' [-] /usr/lib/ruby/2.5.0/net/smtp.rb:518:instart' [-] /usr/share/metasploit-framework/lib/rex/proto/sms/client.rb:54:in send_text_to_phones' [-] /usr/share/metasploit-framework/lib/msf/core/auxiliary/sms.rb:62:insend_text' what problem? please help

wvu commented 4 years ago

https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/client/sms/send_text.md

wvu commented 4 years ago

Please specify a working SMTP server. There appears to be nothing running on 192.168.1.50:25.

gituu4567 commented 3 years ago

how to establish a SMTP server on my own Machine??

bener07 commented 3 years ago

Hi, i install postgresql on my machine and start the ssh server with this: first: sudo apt install postgresql

second:

sudo apt install openssh-server [if you have already the ssh server installed you can use this command to check it]

sudo service ssh status [if is off restart the server or start it]

the start the postgresql server with this:

sudo service postgresql restart [i like to restart to make no errors]

third: start the msfconsole and do all the tinks you thit but this time on the smtpaddress set the ip address to your machine ip address you can see what is your ip address with this command:

sudo ifconfig

if this command didn't work use this:

ip addr

after do all this and setup your ssh server and postgresql you can run the exploit, if your kali linux give an error by opening the 25 port, you can open a new terminal tab and execute this command:

nc -l -p 25

and then run it again if give another error e can't help because i have that issue

d-r-lenin commented 3 years ago

Why? [-] Auxiliary triggered a timeout exception

bener07 commented 3 years ago

hi again, I did the exploit again but this time it worked, so what you can do is in the SMTP address you can set up to google SMTP server or yahoo SMTP server the SMTP from google is:

smtp.gmail.com

and set the SMTP username to your Gmail account and the smtppassword to your Gmail password just a little note the Gmail need to have the less secure app's login to enable it use this link to goo there

click here to go there

and the run it, as simple as that

TheMeanderingMoose commented 3 years ago

Hi, I've gotten it to send text messages to my phone, but the texts are showing up with my Gmail username instead of the name I select in SMTPFROM. Does anyone know how to correct this? Will I need to use my own SMTP server instead of google's for this to work properly?

azzizbl commented 3 years ago

what the SMTP and haw to create a accont SMTP

bener07 commented 3 years ago

The SMTP service, like Google, dosent need that complication you just need a e-mail account man. If you are using the Google SMTP service then you need a Gmail account if you are using the Yahoo SMTP service then you need a Yahoo e-mail account Simple as it can be.

TheMeanderingMoose commented 3 years ago

When you were using it with the Google SMTP server, did the SMTPFROM show up on the other end or was it your gmail username?

azzizbl commented 3 years ago

msf6 auxiliary(client/sms/send_text) > exploit

[] Sending text (19 bytes) to 1 number(s)... [] Done. [*] Auxiliary module execution completed msf6 auxiliary(client/sms/send_text) >

but no message received me

scorpionattack commented 1 year ago

how you did it work

dridri91 commented 1 year ago

Moi aussi @azzizbl j'ai ressu aucun message alors que l'execution a bien marché

rupokchy commented 4 months ago

Why [-] Auxiliary triggered a timeout exception

rupokchy commented 4 months ago

Hi, i install postgresql on my machine and start the ssh server with this: first: sudo apt install postgresql

second:

sudo apt install openssh-server [if you have already the ssh server installed you can use this command to check it]

sudo service ssh status [if is off restart the server or start it]

the start the postgresql server with this:

sudo service postgresql restart [i like to restart to make no errors]

third: start the msfconsole and do all the tinks you thit but this time on the smtpaddress set the ip address to your machine ip address you can see what is your ip address with this command:

sudo ifconfig

if this command didn't work use this:

ip addr

after do all this and setup your ssh server and postgresql you can run the exploit, if your kali linux give an error by opening the 25 port, you can open a new terminal tab and execute this command:

nc -l -p 25

and then run it again if give another error e can't help because i have that issue

Why [-] Auxiliary triggered a timeout exception

rupokchy commented 4 months ago

Why? [-] Auxiliary triggered a timeout exception

Bro did you solve this problem