The Hacks of Mr. Robot: How to Send a Spoofed SMS Text Message

How to Send a Spoofed SMS Text Message

Welcome back, my rookie hackers!

As most of you know, Mr. Robot is probably the best hacker TV show ever! This is a great show about a cyber security engineer who is being enticed to hack the very corporation he's being paid to protect. This show is so good, I began a series to demonstrate how to do the hacks he uses in the show.

The Spoofed Text Message in Episode 5

In episode 5, when Elliot is able to social engineer his way into the Steel Mountain's state of the art, "impenetrable" storage facility, a manager gets suspicious and begins to escort him out of the building before he can implant the Raspberry Pi (which we made in the last guide).

He intends to place the RP inside the network to manipulate the HVAC system to raise the temperature in the storage facility and destroy the tapes that contain the records of 70% of the world's consumer debt, including student loans. At the very moment that she is about to escort him to the elevator and out of the facility, she receives a text message from her husband that is urgent and distracts here. The text message did not actually come from her husband, but rather from one of Elliot's f/society comrades.

In this tutorial, I will show you how Elliot's comrades at f/society were able to send the Steel Mountain manager an urgent, spoofed text message that appeared to come from her husband indicating that he was at the hospital and had a serious health issue.

On the show, Elliot's f/society comrades use Kali to send the spoofed SMS, but this feature has been discontinued in recent versions of Kali. Luckily, though, it is still in BackTrack, so for this tutorial, we will be reverting to our trusty BackTrack installation (one more example that the newest is not always the best).

Step 1: Fire Up BackTrack & Start Social Engineering Toolkit (SET)

Let's begin by firing up Backtrack 5 and then navigating to Applications -> Exploitation Tools -> Social Engineering Tools -> Social Engineering Toolkit (SET), then select "set" as I have done in the screenshot below.

This will start the SET opening screen as seen below. SET is capable of numerous social engineering attacks. We have previously used SET to spear phish in BackTrack, but the one we want this time is "SMS Spoofing Attack Vector." To begin this attack, Select #7.

In the following screen we are asked whether we want "Perform a SMS Spoofing Attack" or "Create a Social Engineering Template." Select #1. Once you have made that selection, you will be queried whether you want to spoof a single number or a mass attack. Select #1 for a single number.

Step 2: Set Up a Spoofed Text Message

Here, I want to send a spoofed text message from Mary (my best friend's girlfriend) to John (my best friend) where she breaks up with him. This should rattle him a bit and give me a few chuckles as he is madly in love with her.

First, enter his phone number where it asks you "Send sms to." Then select #2 to craft a One-Time Use SMS. Finally, enter her phone number. Make certain both numbers are preceded by the "+".

Step 3: Craft the Text Message

In our final step, we need to type the message we want sent to John from his girlfriend, Mary.

"I'm so sorry John. I have met another man and he is the love of my life. I hope we can remain friends"

When you are finished typing, exit by hitting Control + C.

Step 4: Send the Message!

This will bring you to the final screen. In this screen, we will need to select the intermediary for the spoofed SMS message. You have four options here. The first is free, and as they say, it is buggy (when I ran it, SET crashed). Then, there are two for-pay options and, finally, the Android emulator.

I chose the third option, SMSGANG. They charge 3 euros for 5 messages, or about $0.65 in U.S. dollars per message. When you pay (they accept credit cards and PayPal) they send you a PIN code. After selecting #3, it will ask you for a "pincode." Enter the one SMSGANG emailed you and then your text message is sent!

Keep coming back, my rookie hackers, as we continue to show you all the hacks of Mr. Robot!

Just updated your iPhone? You'll find new features for TV, Messages, News, and Shortcuts, as well as important bug fixes and security patches. Find out what's new and changed on your iPhone with the iOS 17.6 update.

59 Comments

I can't seem to find the SMS spoof on the Kali version of SEtoolkit, do you know where I can find it? The directories are different.

I say in the article that it is not in Kali.

Actually. Now Kali has SEToolkit as well as SMS spoofing in the 2017.1 version.

Which version of setoolkit are you using? Because i think i have the latest version of setoolkit which is 7.7.2 and it has sms spoof option but it says that the module isnt working anymore because spoofmytextmessage.com has issues

Sir, I'd be forever grateful if you could help me with this. I don't understand any of it. I've been running in circles trying to figure this out and other methods out for months. Someone I don't know, lied about me and ruined my marriage. I have their number though. If only I could send one message from them to my wife, she would believe me and I could save my marriage. Please help me!!!

SMS spoofing isn't an option in my version of Kali Linux.
How can I fix this?

This is what I see:

1) Spear-Phishing Attack Vectors
2) Website Attack Vectors
3) Infectious Media Generator
4) Create a Payload and Listener
5) Mass Mailer Attack
6) Arduino-Based Attack Vector
7) Wireless Access Point Attack Vector
8) QRCode Generator Attack Vector
9) Powershell Attack Vectors
10) Third Party Modules

99) Return back to the main menu

Is there a way to enable this feature in the config files?

"Let's begin by firing up Backtrack 5 and then navigating to Applications -> Exploitation Tools -> Social Engineering Tools -> Social Engineering Toolkit (SET), then select "set" as I have done in the screenshot below."

Interesting... Do you know why SMS spoofing isn't in Kali?

Send me a link for download this

Send me a link for download blacktract or Kali Linux or any hacking version plz

Will you please let me use your setup to spoof a message and save my marriage? I'm desperate here. Someone ruined my life and one message could turn it all around. Please help me!!!

not sure Android Emulator will work in real world .there are tutorials about SMS spoofing via AE but those are only in testing environment .

I found it strange to see that BackTrack was being used, there must be a way for Kali we don't know about yet.

Or maybe those in Mr. Robot's team found it funny to use BackTrack with Kali's gnome interface, or installing a legacy version of SET just for this option. I have BackTrack along with my Hirens USB, so I can run it from there whenever I want (which I haven't yet done this year).

I don't like the fact that the only options that work are paid options.

I believe that SET removed the SMS Spoof Module around May of 2014. I checked and found that the latest release of Kali to still have it included was 1.0.6, which is obtainable from the following link.

http://cdimage.kali.org/kali-1.0.6/

I have played a bit around it and had trouble installing a functional AE device on the older version when time came to install some 32 bit modules.

I did try the SMS Spoof through SMSgang, but it did not actually spoof the number I wanted it to. It did however send an SMS text but from a random number.

-Jeff

Hi, I understood that sms spoofing wasnt in kali. But isnt it possible just to download it? It seems pretty dump to go back to backtrack just for this sms spoofing.

And another quistion, why did they remove sms spoofing like JEFF said?

where can you purchase the Samsung pin code?

that's smsgang bro, not samsung.
search them. they have a website.

lol...Thanks man.

Any idea how that actually works ?
Is spoofing SMS really that simple ?

your full of shit dude.

u r correct im new to the site but i was going to say same thing

I have no idea what I'm doing. You seem well informed. I've been researching methods for months trying to figure out what I can do. I only need to send one message, just one, and it could save my marriage. Please help me!

The SMS-Spoofing option was removed on May 30th, 2014, you would have to pull an old version of it from github or use Backtrack instead.

uhm.... does this thing work on Vietnam's phone numbers (+84)? i want to prank some enemy of mine HARDCORE

FYI using android emulator option sends sms to an open emulator on your system

Great artcle, OTW. One question that I wondered about the show is when he feels like he has to "clean out his computer" he takes out the RAM and microwaves it. Anyone know why that is necessary?

Yeah that was the stupid thing. But if you want to wipe. I'll do it with low-level format or break my HDD. The RAM is forget your datas when you turn it off your pc. Or pull out the cable from the connector.

With a cold boot attack, some portion of the ram can be accessed. If you learn advanced computer forensics, even you will be able to do that

Thanks!

I assume he is trying to destroy evidence of his hacks.

This is true but the ram is temporary and deletes all data on reset. He was on drugs during this scene and paranoia kicked in. In normal situations its not necessay to destroy ram

Hey, is it safe to pay a company with your money for a spoofed SMS? Wouldn't it reveal your identity? Maybe you could hack somebody elses Paypal account and it would help. What else could a hacker like Elliot do?

You can buy prepaid credit cards. This would probably be your best option.

But purchase them with cash otherwise ur card info is tied to the transaction on the prepaid account

If remember, about more than 8 years ago. I used Nettools app 3.1. For send fake email messages. But i really don't remember the correct program name and version. Good old times :)

i use this method , and its working for me in kali

  • thanks

Can you help me with this? I don't know what I am doing. You just might save my marriage from someone that I don't know that ruined my life with one single untrue accusation. Please help!

Hey guys

On the same episode Elliot's associate hacked and fed wikipedia with elliots false information mind telling us how he did this:D

Wikis are opensource meaning anyone can edit it. It is verified to be true info by other users and admins but usually takes time as there are alot of pages. Most teachers dont allow wiki as a reference bc they are not always accurate. Ofc not everyone knows that and takes it for truth

i think he have wiki account with more rep for his past article edits ..
and so he will create new page about elliot's with fake info .

Hello guys,
so there's no way to use SMS options in Kali with default installation

You can use a "2nd" version of SET:

  1. https://github.com/trustedsec/social-engineer-toolkit/archive/4.7.tar.gz
  2. unzip
  3. Change metasploit directory (open and edit the setconfig file and set it to usr/share)

Should now works

ps I tried to download the version suggested above but didn't work, even if the pdf manual cited the 'SMS Spoofing Attack Vector'.

ps2 You can download this version or do the same procedure with the newer ones and check if the 'option' is still there.

Hope to have helped you

Alright, so I've just downloaded the second version of SET from github from the link provided, however I'm a little confused on the steps after that. By changing the Metasploit directory, are you implying that Metasploit must be opened and used to change the directory?

What exactly does metasploit have to do with this whole process? Also, what do you mean by 'open and edit the setconfig file and set it to usr/share/'? Do you just mean to copy it to the usr/share directory? After doing this, I have no extra option for text spoofing, and no separate SET app.

Last question, when when you copy the file to the directory, are you just copying the setconfig, or the entire folder? And do you have to run a separate command to run this version of SET, or is this equivalent to a downgrade? Thanks for in advance, this is all coming from a place of ignorance, and as far as I'm concerned, installing an entirely separate operating system for the use of one tool is a silly suggestion.

Hi sir, I don't understand any of this stuff. Someone I don't know leveled accusations against me and broke up my marriage. I don't know why they would do this, it's terrible. Please help me spoof a text from their number. It just might save my marriage. Thank you!!!

Hello,
Couldn't find an answer out there so maybe you could help,
How do I specify in which country the receiving phone is in?
could you please give an example.

Thanks!

p.s.
I'm new here and very thankful I found you

SMS SPOOFING DON'T WORK ,I'M USING PARROT OS , HELP ME :(

Hello there fellow apprentice,

We would love to help you but please be more elaborative and tell us the details of the problem that you are experiencing..... A detailed question is always useful.

Hope to hear from you soon.

The_Unknown.

I am a newbie too. I don't want to learn this stuff. I just need help. Someone harassed me and my wife, lied about me, and ruined my marriage. Can you help me spoof one message from their phone number and help save my marriage? Please, please, please, help me spoof a text from their number.

BackTrack 5 gives an error saying that body is used before assignment.

Kali Linux has a SET tool for this as well now. 12/11/2016

I Don't Know What's Everyone Talking About, But I See An "SMS Spoofing" Option Right There. (Option 10)

Bro, i think this tool is "good" to use as a script kiddie , can u tell or show us a way how a real hacker would do the spoofing ?

i lost interest in this method because , anyone who see this post can perform this technique.
thanks .peace

Is it possible to use Backdoor to send a spoof sms to a premium short code?

Just use msfconsole

Wow new here! Just got the Linux basic book yesterday! Excited about this journey. I have a question about this tutorial , is there a newer up to date version of this available now ? In kali or other ? I understand there is web services available but would love to have it in kali and of course free would be great lol .

Share Your Thoughts

  • Hot
  • Latest