HOW TO BYPASS OTP WITH ss7 ATTACK

HOW TO BYPASS OTP WITH ss7 ATTACK

HOW TO BYPASS OTP

HOW TO BYPASS OTP

BYPASSING OTP?

OTP IS MOSTLY A 4/6 DIGIT NUMERICAL/ALPHANUMERIC CODE USED AS ANOTHER WAY OF AUTHENTICATING A USER ALONG WITH THE CREDENTIALS.

STONE AGE
People used to just enter their email and pass to log in.

It still is there for the majority of sites but some have 2FA[OTP] as optional and some have it mandatory.

WHY OTP??

BECAUSE PEOPLE CAN HACK/CRACK YOUR EMAIL/PASS EASY

WITH OTP EVEN IF THEY CAN, THEY WON’T BE ABLE TO LOGIN

WHAT IS THE OTHER WAY AROUND THIS?

There are tons of other ways to bypass OTP but the most popular and a bit of HQ is SS7 Attack.

So Where were we:

SS7 Tunneling/Attack = Same as MITM but operates on telephonic communication rather than data/wifi communication. Those who got no idea what MITM

Now Why is SS7 HQ

Because global telephonic communication runs on it.
Old Protocol but hasn’t been changed much.

What Tools are needed for this Attack?

A Linux OS and SS7 SDK[They’re on the Internet]

The Inside Workaround?

Take an Example: Our Freind Robbin is having some cash piled up in his bank account…Forget it…FBI gonna bust my ass for this example.

Our friend robbin got an app on his phone which lets him log in to his account after entering the credentials and an OTP generated on Real-Time.

We as usual get the credentials by hacking/cracking

But when we tried to log in to the app using just the email/pass it generated the OTP[Take an example of Hotstar or BLockChain or anything that requires OTP].

When there is some kinda communication via our phone to any other service over the Network, Our Unique Phone address is stored in HLR[Home Location Register] and it acts as a medium to transmit data…See what I learned in “Wireless Communication” is coming in handy right now. The Engineering guys would know if they had the subject taken.

Ok to be straight. The phone sends data to HLR and checks the unique address of our mobile device,

Then from there, the HLR sends the request to VLR[Virtual Location Register – It temporarily stores our mobile info till connection time out].

SS7 Fakes VLR Address and put the hacker’s machine address in it. So, basically, we are tricking the system into believing our address to be the user’s address we need to get the OTP from.

Now you know what, HLR will transmit the details to the fake VLR and hackers gonna get all the details flowing in and out of the victim’s mobile phone

For further tutorials hit me up in my dm

You can also buy instant:

GET ANYTHING FROM G2A FOR FREE

Cashapp Money Transfer Click here

Paypal Money Transfer Click here

Western Union  Money Transfer Click here

Venmo Money Transfer Click here

Bank Money Transfer Click here to Contact Us

Leave a Reply