How I hacked into a Telecom Network

How I hacked into a Telecom Network

TLDR; Red Team Engagement for a telecom company. Got a foothold on the company’s Network Monitoring System (NMS). Sorted reverse shell issue with tunneling SSH over HTTP.

TLDR; Red Team Engagement for a telecom company. Got a foothold on the company’s Network Monitoring System (NMS). Sorted reverse shell issue with tunneling SSH over HTTP. Went full-on Ninja when getting SSH over HTTP. Proxied inside the network to get for internal network scan. Got access to CDRs and VLR with SS7 application.


Recap: Red Team Engagement for a Telecom company. Found interesting subdomain, did a full port scan on that subdomain, found port 12000/tcp, 14000/tcp, and 14100/tcp found a running instance of JBoss (lucky me!), exploited JBoss for RCE, implemented TCP tunnel over HTTP for Shell Stability.


For detailed information, you can check out the following links:

Part 1 — Getting the RCE

Part 2 — Playing with Tunnels: TCP Tunneling

Part 4 — Getting Access to CDRs, SS7 applications & VLRs


DISCLAIMER: This post is quite lengthy so just sit back,be patient and enjoy the ride!

In the previous part, I mentioned the steps I followed and I configured TCP Tunnel over HTTP and SSH port forwarding to access port 22/tcp of NMS server from my server using port 2222/tcp. In this blog post, I’ll show how I implemented SSH Dynamic Tunnels for further network exploitation.


Stealthy SSH Access

When you’re connected to an SSH server, the connection details are saved in a log file. To check these connection details, you can execute the ‘w’ command in *nix systems.

The command _**_w_ on many [Unix-like_](https://en.wikipedia.org/wiki/Unix-like)[_operating systems_](https://en.wikipedia.org/wiki/Operating_system)_ provides a quick summary of every user logged into a computer, what each user is currently doing, and what [load_](https://en.wikipedia.org/wiki/Load_(computing))_ all the activity is imposing on the computer itself. The command is a one-command combination of several other Unix programs: [who_](https://en.wikipedia.org/wiki/Who_(Unix))[uptime_](https://en.wikipedia.org/wiki/Uptime), and [ps -a_](https://en.wikipedia.org/wiki/Ps_(Unix))_. Source: _[Wikipedia**](https://en.wikipedia.org/wiki/W_(Unix))

post-exploitation hacking red-team reverse-shell telecom-network neural networks

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

How I hacked into a Telecom Network 

TLDR; Red Team Engagement for a telecom company. Got a foothold on the company’s Network Monitoring System (NMS). Sorted reverse shell issue with tunneling SSH over HTTP.

How to Install Microsoft Teams on Ubuntu 20.04

In this tutorial, we will show you how to install Microsoft Teams on Ubuntu 20.04 machine. we can install teams using Debian installer file or by adding microsoft repository.

Neural network: what is a neural network?

Neural networks, as their name implies, are computer algorithms modeled after networks of neurons in the human brain. Learn more about neural networks from Algorithmia.

A Comparative Analysis of Recurrent Neural Networks

Recurrent neural networks, also known as RNNs, are a class of neural networks that allow previous outputs to be used as inputs while having hidden states.

Recurrent Neural Networks for Multilabel Text Classification Tasks

The purpose of this project is to build and evaluate Recurrent Neural Networks(RNNs) for sentence-level classification tasks. Let's understand about recurrent neural networks for multilabel text classification tasks.