No Next Item No Next Conference Can't Favor Can't Forget Item List Conference Home Entrance    Help
View Responses

Grex Cyberpunk Item 89: Vmb Hacks
Entered by cryotek on Wed Sep 30 02:48:48 UTC 1998: 

VMB HAcks

7 responses total.


#1 of 7 by cryotek on Wed Sep 30 02:57:43 1998: 

Anyone knows how to hack some Voice Mail accounts??

#2 of 7 by madjest on Wed Sep 30 11:44:39 1998: 

yup just use a varaiation of a war dialer
it should work

#3 of 7 by tyr on Tue Oct 27 19:32:01 1998: 

On that note, has anyone (any VMB hackers that is) ever messed around on Audix
Systems, I find them most fascinating (I think they're my favorites).
Tyr

#4 of 7 by cryotek on Sat Nov 7 10:23:07 1998: 

variation of a war dialer?? like what?? i have been using war dialers but are
they capable of scanning vmb's ?? my main problem lies in cracking the vmb
id's and box passwords and i am looking for a good program that would
sequentially or randomly try a number that would be a possible password
combination for me to be able to take over a box.

#5 of 7 by morpheus on Wed Nov 11 07:13:53 1998: 

no, you can't use wardialers to scan vmbs, unless

  1) you site and manually listen for "Mailbox ...", which would 
probably get rapidly dull, or
  2) you simply get access to the computer that the sysadm configures 
this shit on, and set up a brand new box. (Rather than hacking the pin 
on a box).

I prefer the latter technique.

Now, some information to help you with the latter technique:

Audix voicemail systems (which are usually attached to a 
lucent/definity switch) have a dialup that is one exchange higher than 
the phone numbers they control, so for a company that has its 
switchboard and vmb's in exchange 298, the computer dialup would be 
299xxxx. The last two digits are often 13. So, for a company with 
numbers in the 298 exchange, you could scan 299xx13 for carriers. 

The prompt typically looks like that of a UNIX system. It MAY say 
something along the lines of Keyboard locked... if you get in, it will 
say something like 
******************
THIS IS AT&T/LUCENT PROPRIETARY, AND FOR AUTHORIZED USERS ONLY. USE OF 
THIS SYSTEM IMPLIES CONSENT TO MONITORING.

IF YOU ARE AN UNAUTHORIZED USER, YOU WILL BE PROSECUTED, FOUND GUILTY, 
AND PLACED IN A PRISON, WHERE YOU WILL BE ANALLY RAPED BY A GUY NAMED 
BUBBA, SO DON'T HACK HERE UNLESS YOU HAVE PLENTY OF PETROLEUM JELLY, 
AND ARE GOOD AT GIVING ORAL SEX TO AN OILY MEXICAN GUY NAMED "JESUS" 
WHO MAKES SHANKS IN SHOP. WE ARE CURIOUS, HAVE YOU EVER SEEN THE MOVIE 
"BLOOD IN, BLOOD OUT?" IF SO, THAT IS WHAT WE ARE AIMING TO CONVEY WITH 
THIS WARNING. YOU WILL HAVE A SORE ASSHOLE IF YOU ARE NOT A STARCH-
COLLARED TYPE WHO MAKES $116,000 PER YEAR FOR TYPING A FEW COMMANDS 
EACH DAY. WE LIKE STARCH-COLLARED TYPES, AND CONSEQUENTLY DUB THEM TO 
BE AUTHORIZED USERS. TO RECAP: IF YOU ARE NOT AN AUTHORIZED USER, WE 
BANISH YOU TO THE FIREY DEPTHS OF HELL. IN THE NAME OF THE FATHER, THE 
SUN, AND THE HOLY HOST, AMEN. 
***********

It is safe to ignore this warning. The programmers only put it only put 
it there to let you know that you have succesfully hacked the system.

The terminal emulation used is kinda funky. vt-100 may work, though. 
Typically, in menues, keystroke commands are Control-X, Control-C, 
Control-Y, and Control-R. Everything is menu based (well, almost) in 
terms of account creationg.

Passwords are often left to defaults, of which there are several. One 
account just to let you see how the system is set up is browse/looker 
(or maybe that is a definity default, i really don't remember).

Yeah, Audix is nice, quite sophisticated, but very complicated. I know 
some sysadm's who have never had to use all of the available options.

Also pretty common is Rolm PhoneMail. Rolm has dialups that are 
typically in the same exchange as the numbers being controlled. They 
typically end in 99. This rule of numbering goes for ROLM CBXs, for 
Rolm PhoneMail and OSLs.

I have never run across a default password on a rolm (except once, when 
they were doing a cut over to a new software version and hadn't change 
the passwd yet).

ROLM doesn't have the cute little interfact that AUDIX does. But, the 
nice thing about Rolm PhoneMail is that will often allow unlimited 
tries. The older phonemail systems only had a password that you needed 
to enter, but the newer ones require login and pass. This really isn't 
any harder to hack, though, as the login will be something along the 
lines of tech or operator... etc. (once again i don't really remember, 
but it won't be too hard to hack). On these newer systems (i think 
software version is like 5.1 or greater... if that is  the right format 
for revision numbers) it gives like 6 password tries per accountname 
before presenting an error message. At that point you just re-enter the 
accountname and start hacking again.

On a side note, unless you are an idiot, if you ever see an option like 
"ANI Enable? ............................ NO" on a rolm or **** ANI 
OPTIONS ***** on an Audix, please don't change it to yes/enabled.

#6 of 7 by cryotek on Wed Nov 18 08:19:46 1998: 

thanks for that advice! hope that one is applicable too in my country, have
read a lot of phrack backissuses lately and have found out about some
techniques as well. i already have a number and a box for a vmb system but
still i have to crack the pin. well have to spend my time doing so and hope
i dont lose my sanity on this one... hehehe...

#7 of 7 by cryotek on Mon Dec 7 04:59:20 1998: 

Anymore ideas are welcomed..

Response not possible - You must register and login before posting.

No Next Item No Next Conference Can't Favor Can't Forget Item List Conference Home Entrance    Help

- Backtalk version 1.3.30 - Copyright 1996-2006, Jan Wolter and Steve Weiss