informis/textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
278a90f7ce
textfiles/phreak/SWITCHES/pbx.phk
root@procul 278a90f7ce Initial commit
2021-04-15 13:31:59 -05:00

102 lines
6.3 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

File: PBX'S & EXTENDERS
Read 31 times
PBX's (Private Branch Exchanges) and WATS
By Steve Dahl
Because of the danger of using a blue box, many phreakers have turned to MCI,
sprint, and other SCC's in order to get free calls. However, these services are
getting more and more dangerous, and even the relatively safe ones like
metrofone and all-net are beginning to trace and bust people who fraudulantly
use their services. However, (luckily), there is another, safer way. This is
the local and WATS PBX.
There will at least 1 line going out of the PBX to the telco set up for
outgoing calls only, and there will also be at least one incoming line to the
switchboard. This is what we are interested in. Some of the incoming lines are
always answered by the switchboard operator, but some will be answered by the
PBX equipmemt. It will usually answer with a dialtone, the tone will sound
different for different systems. Some even answer with a synthesized voice!
(These are very hard to find, though.) The ones which answer with a dialtone are
easy to find if you have a modem or hardware device which can "hear" what's
going on on the phone line.
To find these fun thingies, you will have to write a scanner program which
will dial each number in a pre- fix, either sequentially or in a random order,
it really doesn't matter, and "listen" on the line for a constant sound longer
than the normal length of a ring. This could be done manually but it would take
a hell of a long time. Whenever the program finds a number that makes a
constant tone longer than a ring, it should record the number in an array or
something. Now, this number can be one of a few things. A noisy answering
machine, a sprint, MCI, etc access node, a person who yells in the fone, the
tone side of a loop (nice), possibly a carrier if your modem can "hear" tones
that high, or, hopefully, a PBX line. All your scanning should be done between
6 PM and 7 AM because between 7 AM and 6 PM, many of these numbers will be
answered by the switchboard operator. When you are checking out your results
the next day and come accross a dialtone, enter some touch-tone (TM) digits.
Depending on which type of PBX equipment and the length of the codes, after 3-8
digits it should either give a busy signal, a "reeler tone" (high-low tone), or
hang up on you, or possibly tell you you entered a bad code. Now it is time to
write a hacker for this PBX. If the codes are 3 or 4 digits, there will most
likely only be one code, but if they are 5 or more digits there may be more than
one. If there are 3 or 4, your hacker should dial the access number, wait for a
dialtone, then dial the digits and wait for a second, then dial a "1" (the
reason for this will be explained shortly), and then "listen" for a dialtone.
This would be a hacker for a system that gives a reeler tone, listening for the
dial- tone and hearing it would really mean the presence of the reeler tone and
mean that a bad code had been entered. The reason 1 is entered is to "quiet"
the dialtone" If it was a good code, 1XX or 1XXX will be valid extentions on
practically all PBX's. If your system gives a re-order or hangs up after a bad
code, forget the one and just listen for a dialtone, this will be a good code.
If there are 3 or 4 digits, they should be tried sequen- tiallly (becuase there
will probably only be one good one), if there are more, take your pick between
random and sequental. Now, when you (finally!!) get a good code, you will call
the number and enter the code and be confronted with a second dialtone. THIS IS
THE EXACT SAME DIALTONE THAT ANYONE WHO PICKS UP A PHONE IN THAT PBX SYSTEM
GETS. The reason this is important is because if they want to make an out-
going call, they will usually pick up the fone and dial 8, 9, or sometimes 7,
and get another dialtone and then make their call, local or long distance. And
you can do the same thing right now! These numbers also make a good tool to
avoid being traced on telenet, etc, it will just be traced back to the company
which owns the PBX.
Now for some phun with the PBX you have just broken into to. You can dial all
extentions directly on it (which is what local PBX'S are primarially used for
legitimately, unless the com- pany has OUTWATS lines.) The most phun extention
of all is the PA system. On some of these, you can get on the PA (intercom) and
actutually talk over it from your house! It can be on almost any extention
though, so you may have to hunt for it. On some, 797 or 1234 used to work, but
those have mostly been eliminated, not due to phreakers but because people
inside the company were figuring them out and using them!
Some PBX's don't even have security codes, you can just call up and dial 9 and
call wherever you want. On a few that I know of you enter the number and then
the code. If you want to know what these systems "sound" like, there are files
on this and other systems with long lists of WATS PBX numbers. The local ones
are much safer to hack though because you are not making a whole bunch of 800
calls which tends to get bell very pissed. Also, I have actually found modems
and other wierd things on some exchanges of PBX's, it might be worthwhile to
scan the numbers inside the PBX once to see what you find.
An important safety note: if you heavily abuse a TBX and make many outgoing
calls on it, after a few weeks (or whenever their fone bIll shows up!) it is a
good idea to lay off of it for a couple of months or so because they could get a
trace on it easilly, just like 800's. They will usually just change the code,
though. One more interesing note, I once found a PBX which had a direct link-
up to sprint! So by dialing 8 I got a line to sprint, no access codes, just
area code and number. It's phun to phuck up sprint and have them not know who
the hell you are or where the hell you are!!
If you have any comments, suggestions, corrections, or questions, leave
e-mail to Steve Dahl on any major phreak board, I will be happy to reply.
Steve Dahl
5/1/84
This phile is copyrighted 1984 by Steve Dahl and is not to be re-posted
without the author's consent! And I'm not kidding!!
[Courtesy of Sherwood Forest ][ - (914) 359-1517]
Call The Works BBS - 1600+ Textfiles! - [914]/238-8195 - 300/1200 - Always Open

Reference in New Issue View Git Blame Copy Permalink