Interconnectivity.

Interconnectivity is a blessing and a serious curse. The net provides us various ways to communicate with other people or other systems. Like everything else it has a downside. The reason why so many cyber criminals can get away with their obnoxious acts against humanity, is because of how the net was designed and how computers and networks function. It's almost impossible to stop misuse of services for any kind of exploitation. Whether it be the use of proxies, or hijacked servers or just bombarding mail servers, it will be with us so long we use TCP/IP. That said, we can look further and link up the offline world with the online and see how the net can reach beyond it's own limits. This is where web application security is so important. Today I like to show you a way on how to own the whole -offline- mobile phone world by abusing web application features on the net.Telecompanies.Since quite a few years, telco's began to launch Internet based text messaging for their clients. While this is an excellent service to their customers, it can be abused. Some telco's have a service where you can send a text message for free as an incentive to sign-up an account. Few will use CAPTCHA's to protect automated submission, others do not. While this can be a hurdle, it is only a matter of time to crack all CAPTCHA algorithms with the proper coding skills and OCR software. Another way to access their service is to hijack their SMS gateway. This is very dangerous, but certainly not impossible. Today we only focus on the web application layer and the short message service (SMS) they provide. Finding the telco's or their affiliates is easy. Boot up Google, and typ: http://www.google.com/search?q=free+SMSThere are more and accurate ways of finding them, but this isn't important now. We just grab the first one Google spits out. So, in my case the first that came up was: gizmosms.com. Their site looks promising, only they have a CAPTCHA that protects the service. Or do they? I looked into the source and saw that they made a very serious mistake. They embed the CAPTCHA value as a hidden form field called: "correct_value". That comes in handy! so we only have to parse out the correct value of that hidden field and we are on our way. The script below does exactly this, it connects to a website parses out the hidden field and constructs a new message and submits it. Of course, this can be done millions of times because there is no limitation. For the sake of an example and my integrity I did not send mass messages. I only sent 4 messages to my own cellphone.SMS Script<?phpsms_service('http://gizmosms.com/',true,'uk','9998889997766','haxoring sms services!');function smswrapper($url) {# generate a random user-agent.$ua =