Into the wild: Gaining access to SS7 - Part 1: Finding an access point

Opening thread for new comments.

1 Like

What I’ve gathered from my hour-long research is that smpp (short message p2p) servers are typically used to send a large amount of sms’s to people, usually for marketing. They vary a lot, but are usually fully functional as an smsc (short message service centers). This further implies that they are interconnected with other smsc’s and should be vulnerable to the same attacks but take everything I say with a large grain of salt :wink:

References;
https://www.smslane.com/smpp-client-vs-smpp-server/


1 Like

Also: https://berlin.ccc.de/~tobias/25c3-locating-mobile-phones.pdf

1 Like

I see you ended up in accessing a SS7 end point. However, I am not sure CISCO routers are actually SS7 capable (CISCO does not make SS7 equipments).
Furthermore, the next step would be to inject a SS7 message. there are tools available to generate SS7 messages (https://github.com/ernw/ss7MAPer; https://github.com/SigPloiter/SigPloit).
the biggest challenge would be to, once sending a SS7 message, get the response.
This would mean have a legit GT (pointless) or if a message is sent from an access point, know the address of that access point (it’s GT) and have a way to intercept the answer

2 Likes

https://ss7map.p1sec.com/ a ss7 map for network exposure
has anybody got any further than this?

1 Like

1 Like

have you guys chekked this vedio ss7

3 Likes

I had contacted him, he says we need only Hackrfone & his 100$ software to acess ss7, ( im kigroot, different device)

he,s using osmocombb that allows only to intercept 2g device and thw device needs to be arround

This was used as early as 2018, but now it is useless for operators to abolish 2G (not tried)
https://search.freebuf.com/search/?search=osmocombb#article

1 Like

have you guys checked dmshackers.net they show off that they provide ss7 services , sms inturupt , and other stuff , they even has a vedio of a myterious webpage where they login , the vedio they are showing about ss7 is almost real , but i dont know where its a stolen vedio posted by some scammers check it out guys , if you have any ideas share plz , this place is almost dead and i dont see anybody repling , its almost 18 months im going for ss7 no valuable information till now , hope oneday ill find out , and i dont want that happen when its too late cuz with the improvemnts in 4g and 5g services there are chaneces of ss7 attack being only as a history dmshackers.net

sorry the link is dsm hackers

1 Like

SS7-hacking-SMS.mp4

1 Like

@kingroot
on a better note at least ss7 attack is actually possible :sweat_smile: :sweat_smile:
in my ongoing research i have found a lot of same information interpreted in different ways, but meaning basc. the same thing…
you need access to the network.

ss7 Access -
*Already work in Telcom
*Know or have a Contact in Telcom
*Hack equi. thats con to ss7 netw. “listed above”
*or Buy access from a teclom source “best/easiest/ only option in my opinion” refer here https://www.thedailybeast.com/you-can-spy-like-the-nsa-for-a-few-thousand-bucks

This above post gives me some extremely great start points w/ out slapping it in your face lol.
and you need a GT to get any info back to you so buying access is really the only route.

So what about part 2?
Is this article still relevant and we should try that direction?

You bought from them and they blocked you?I think they are fake, because only one mobile phone number to get SMS should directly invade the operator’s server and the server coverage is very large. There is also a loophole in how much it takes to invade Instagram. But their video looks real?

TBH anybody selling something on telegram is probably a scam.

1 Like

Can’t agree more …

100% scam. i managed to get the link of two of the pages from their video with slowmo lol. it’s crappp

http://phpstack-357187-1259762.cloudwaysapps.com/form-2.html
http://phpstack-357187-1259762.cloudwaysapps.com/form-3.html

@ghxt

hey who know http://ss7rental.com/??? scam or legit??