Skip to main content

HACK OTP FROM WORKING METHODOLOGIES

Let's take an example of PayPal for this. Assume you got a PayPal account, and want to sign in. After entering your password, you receive an OTP for login on your device. You enter the code and get the access. (method)

Now, I'm a blackie and I want your riches luring in your wallet. I do know your password, but I want to bypass the OTP checkpoint. I wish to intercept it off your phone and grab it. Here's what I can try:

Interception. If I use WireShark for sniffing your traffic, I'll get encrypted UDP packets sent to the PayPal server but will not get the SMS packets as it isn't connected to your network. Earlier, SS7 attacks allowed infiltrated hackers to even sniff SMPP (Simple Message Peer-to-Peer protocol) packets with SMS text in plain, but later got patched in modern OS releases. Sad.

SMS Forwarding. Sometimes, we unnoticeably press “Ok” to pop-ups on our screen when we're operating something. This can be dangerous, as I can send a SMS-forwarding request to your phone, with a single pop-up. If you pressed “ok”, your SMSs will get redirected to me and I can simply request the OTP on my own.

Spywares. These sneaky little bundles of spies can do the work for you. As soon as the victim requests an OTP, I'd get it simultaneously through the Spyware itself. Or I may request it on my own.

LDAP Request Smuggling. OTPs come to my phone by the Lightweight Directory Access Protocol (LDAP) server. If I find a way to get a Request Smuggling attack on PayPal, LDAP server, I can send bulk requests and steal legitimate requests and their corresponding codes. But hacking an Enterprise’s LDAP server isn't cake, of course.

SIM Cloning. If I'm obsessed with your wallet, I'll take more elevated steps of performing this attack. I'll call your ISP, impersonate your identity and reissue another SIM under your name, then get the OTPs of your phone into mine.

If I'm rich enough, I can afford an IMSI Catcher or an RTL-SDR for carrying out the interception of the OTP, with great success rate, but I need to be close to your house to carry out anything of it, in the end.

You see, I need to work hard as anything to get the OTP to access your account. Visualizing it might be easy, but implementing it is an attempt to break concrete from your hands.

Though, issuing payments over cellular network is more preferred than WiFi. And giving your phone to someone random for a phone call is not preferred at all!

Comments

Post a Comment

Popular posts from this blog

Termux Socal-Box command

termux 1st lstep Apt update 2nd step Pkg install git 3rd step git clone https://github.com/samsesh/SocialBox-Termux.git 4th step cd SocialBox-Termux 5th step chmod +x SocialBox.sh 6th step chmod +x install-sb.sh 7th step ./install-sb.sh 8th step ./SocialBox.sh
Post a Comment
Read more

HOW to install darkfly

Sharma hacking What is DarkFly-Tool? DarkFly is an index of tool that will allow you to install any tool in single Click. This Tool will give you a list of the types of tools and after selecting any type, you will see all the available tools to perform that type of attack. for example: if you want to perform SMS Flooding attack, you can select the Spam category and you will get a list of all tools that will help you to perform SMS Flooding attacks . The advantage of installing this tool is that you don't have to search for a tool manually every time you wanna perform a different type of attack you can just use darkfly tool to suggest you the tools that are suitable for you. Now when you have found your tool you just have to select the tool by typing its Tool number and the Tool will be automatically installed in your Termux and you will instantly able to use it. NOTE: This post is only for educational purposes. I an...
Post a Comment
Read more

TBomb in termux

FOR MOBILES ⚠️WARNING ! DON'T USE IT FOR ANY ILLEGAL PURPOSE WE SHARE THIS ONLY FOR EDUCATION PURPOSE 🌟 How to message bombing anonymously with the help of termux 🌟  ðŸ”º Step 1 :- type ; apt update && apt upgrade  🔺 Step 2 :- type ; termux setup storage  ( give permission allow ) 🔺 Step 3 :- type ; pkg install git    🔺 Step 4 :- type ; pkg install python  🔺 Step 5 :- type ; pkg install python2  🔺 Step 6 :- type ; git clone https://github.com/TheSpeedX/TBomb 🔺 Step 7 :- type ; ls 🔺 Step 8 :-  type ; cd TBomb 🔺 Step 9 :- type ; ls 🔺 Step 10 :- type ; chmod +x TBomb.sh 🔺 Step 11 :- type ; ls 🔺 Step 12 :- type ; bash TBomb.sh  🔓 Boom one page unlock then press "Enter" the choose 1 for message bombing , choose 2 for call bombing now press code number of your country like India +91  Press enter  Then type target's number without +91 like 8**1*****910 Then press number of bombing message or calls then press...
Post a Comment
Read more