A Guide To A New Generation Of Phreaking [PART TWO]

All you've ever wanted to know about Phreaking. Many of the actions described in these tuts are illegal. They are presented for informational purposes only.
Post Reply
User avatar
Net Battle Bot
Owns you
Posts: 1816
Joined: Fri Jun 04, 2004 6:44 am
Location: Groom Lake

A Guide To A New Generation Of Phreaking [PART TWO]

Post by Net Battle Bot » Tue Feb 22, 2005 7:22 pm

Code: Select all

-=::A Guide To A New Generation Of Phreaking::=-
[PART TWO]
-=::Written and Researched by Decimalz::=-

Welcome to part 2 in my series on phreaking.
This issue we will look at the Old & Ancient art of war dialing,
More Mobile Fun,  Australian Dial up Points of access
And some interesting truths about telstra field technicians.

"...carrying human voice over copper wires is impossible, and even if
it was possible, the thing would have no practical use."
-From a newspaper editorial in the 1870's


[contents]
War Dialing
-Definiton
-Tools
-What next
Dial-up ISP Section
-Points Of Access Locations and numbers
-Hiding your CID(Caller ID) from your ISP
Telstra Payphone Mischief
-75% Full Coin Slot Problem
-Out Of Service For Fun & Profit
MOBILES
What To Do when You See a Telstra Employee
Conclusion
Resources used - bibliography
[/contents]

-=::War Dialing::=-

"...In most countries, it is not a crime to dial phone numbers"
-Stated by a spokesman for ISS (Internet Security Systems)

NB: If you are familiar with war dialing you will not benefit from reading the following section.

(Definition)
"WTF is War Dialing?"
War Dialing is the 'forgotten' art of using a computer program known as a war dialer
To call a given  range of phone numbers. The scanner looks and records
numbers that the computers modem connects to. Todays war dialing junkie 
is usually looking for pabx's and dial-up ISP numbers. War Dialing is the
predecessor of the new found hobbie of 'War Driving'(search google for more info cause theres tons of tutorials that explain it in great detail).


"So WTF is a war dialer"
war dialer n. A cracking tool, a program that calls a given list or range of phone numbers and records those which answer with handshake tones (and so might be entry points to computer or telecommunications systems). Some of these programs have become quite sophisticated, and can now detect modem, fax, or PBX tones and log each one separately. 
The war dialer is one of the most important tools in the phreaker's kit.
These programs evolved from early demon dialers.

TOOLS
::FREEWARE::
In my opinion a phreakers best friend is a war dialer, and theres no better friend
then THCs' "THC-SCAN v2.00". I have been using it for 2 years now and it has yet 
to disappoint me, except for the few days when i was learning to configure my
modem so it would work. All the numbers that are contained in the text below have been
found by me using THC SCAN 2.00. Available from the THC website http://www.thc.org/releases.php


The other favourite tool loved by phreakers is TONELOC. 
I have tried it with out that satisfying results. I think it is more of an american
influenced war dialer.
Available for download from:
www.securityfocus.com/tools/48 

Creators Site and ToneLoc main page: 
http://www.paranoia.com/~mthreat/toneloc/ 

::MONEYWARE::
PhoneSweep is apparently "The Wardialer of Choice for Security Professionals"
Ive Never used it in a real life scenario, Only the demo download version, but i have read some good reviews on it.
http://www.sandstorm.net/products/phonesweep/

BTW: @stake  released 'TBA' a war dialer for the palm pilot. 

::WHAT NEXT::
So you've got the tools, started scanning, found some numbers and
you want to know what you can do with them. Well crank out your terminal application
(I'm using BitWares BITCOM, You may have to use hyper terminal;( ) put in the number and see what happens, if it is a fax number you will get alot of gibberish dump on the screen before the connection is terminated by the host, if your lucky(meaning you have connected to a modem) you will most likely be greeted with a banner that looks similar to the one below. 

AT&F&C1&D2
OK
ATE1S0=0
OK
ATDT97570400
CONNECT 57600
 
Welcome to....
          NetServv Mar River Terminal Server
        ( any problems mail support@netserv.net.au )C
           WARNING: It is a criminal offence to:
        i.  Obtain access to data without authorisation
  ii. Damage, delete, alter or insert data without authorisation
User Access Verification
 
Username:decimalz
Password:********

or depending on what program you used to dial into the modem, you
may be greeted with something like this.

CARRIER 28800

PROTOCOL: LAP-M

COMPRESSION: V.42BIS

CONNECT 38400
              ACCESS IS RETRICTED TO AUTHORISED PERSONNEL ONLY

This is NOT a PUBLIC system. Access is Permitted only to persons who have 
received the prior authorisation of the company or its affiliates.This system 
shall only be used for the purpose and in accordance with the computer and
telecom security standards authorised by the company management, and not
otherwise.

UNAUTHORISED ACCESS MAY RENDER THE USER LIABLE TO PROSECUTION
Card id:1800633047


Nows the part where you enter your legit password. Or the illegal part, 
where you write a script for you terminal appliction that brute forces passwords.
Im currently Working on a brute forcer using bitcoms scripting engine.
 


-=::Dial-Up ISP Section::=-

"I think there is a world market for maybe five computers." - 
Thomas Watson, chairman of IBM, 1943 

Points Of Access Locations and Numbers:
PLEASE NOTE: that the following dial-up ISP numbers are Australian.
Also these numbers are not illegal untill you gain un-authorized access
to the ISP's system.

WA (Main Points of presence):
 
Albany: (08) 9842 0000 
Broome: (08) 9192 0300
Bunbury: (08) 9791 0100
Busselton: (08) 9754 0000 
Carnarvon: (08) 9941 0600 
Collie: (08) 9734 0100
Denmark: (08) 9848 0000 
Derby: (08) 9193 3010 
Esperance: (08) 9071 9000
Exmouth: (08) 9949 3100
Geraldton: (08) 9921 0100
Hedland: (08) 9172 9400 
Kalgoorlie: (08) 9026 3000
Karratha: (08) 9183 5800 
Katanning: (08) 9821 3010 
Kununurra: (08) 9168 4010 
Mandurah: (08) 9581 0400 
Manjimup: (08) 9771 7000
Margaret River: (08) 9757 0100 
Meekatharra: (08) 9980 0000 
Merredin: (08) 9041 0000 
Moora: (08) 9651 0000 
Mount Barker: (08) 9851 3000 
Narrogin: (08) 9881 9000
Newman: (08) 9175 8200 
Northam: (08) 9621 0000 
Perth: (08) 9421 0990 
Tom Price: (08) 9143 8200

WA (Alternate Points of presence):
 
Goldfields region: 019 8308 444 
Great Southern region: 019 8308 666 
Kimberley region: 019 8308 880 
Midwest region: 019 8308 333 
Peel region: 019 8308 555
Pilbara region: 019 8308 777
South West region: 019 8308 881 
Wheatbelt region: 019 8308 222

All other States National number:
 
019 8333 7143

IPrimus:

8432 2000

NetServ:

97540700

::Hiding your CID(Caller ID) from your ISP::

These days with all the security measures and scares around ISP's are starting to log
Their clients caller identification number(your phone number). This is a safety measure ISP's take when they are worried about a certain client who might know a bit to much, well enough to know how to connect to there phone number through a computer application.
Lucky for us there is a number that can prevent your ISP from detecting your CID.
all you have to do is put 1831 in front of the ISP number for example if i want to dial 
the national ISP number but dont want them to detect my CID i would put
18310198308881
in my dial-up internet connection window or in my bitcom phonebook.
Also to force send the blocking number you must use 1832 instead of 1831.

-=::Telstra Payphone Mischief::=-

::75% Full Coin Slot Problem::

Recently I obtained a nice X2 repair and maintenance manual.
It out-lines a possible flaw in the payphone that allows free calls
to be made if the Coin Box is 75% Full.

A WA field technician discovered this flaw while fixing an X2.
He pressed redial as a coin was stuck half emerged from the
coin entry slot. It produced a humming sound and connected him to a mobile
number - without any money or credit ever being established. He later
found out this was caused by the 75% full coin box and somehow having a coin touching
the inside of the coin slot confused the phone into connecting you for free.
One thing that is not mentoned in the manual is why the phone produced the humming sound?

Well, now you know why MTMS checks to see how full the coin box is!!!


::OUT OF SERVICE FOR FUN & PROFIT::
To make an X2 / X1 read Out Of Service on the LCD is not as tedious
as everyone has presumed in the past. The other day someone ask me 
how does one go about performing this 'miracle'. To be honest
I had never tried to get the phone to read OOS, so I thought why
not and wandered down to my closest X2.

Within 5 minutes I had the phone Reading Out of Service.

In another 5 I had the LCD screen blank (not illuminated either) 
But Still had dial tone purring gently in the background.

TO make the phone read out of service: 
*Pick the handset up off the reciever
*Hold the follow on button down
*Hold the recievers end call button at the same time
*You should hear the phone confusing it self.
*Within 5 seconds of holding both buttons down
the phones LCD screen will read 'Out Of Service'
*Hang up the handset on the reciever and notice that 
Out Of service will stay displayed on LCD untill the hand set is lifted.

TO make the LCD screen go blank:
*Perform all steps from above.
*pick up the reciever as it is still
reading 'Out Of service'
*As soon as you pick up the reciever and the LCD goes blank
Hold down the 1 on the dial pad.
*The whole phone should go lifelessly blank (LCD unilluminated, no text either)
*Place the handset on the reciever
*If you are worried that you have broken the phone.
Don't. as soon as someone lifts the handset from the reciever the phone will
turn to normal. 

Oh by the way MTMS is alerted when you make the phone go blank.
The beauty about that is it doesnt call MTMS untill the phone
is restored By the lifting of the handset form the reciever.


-=::Mobiles::=-
"How can I send porn through the email, with out the guys in perth seeing it."
-local police man who was interviewing me, in relation to an attempted unauthorized access
of a computer system.

Nokia Codes:
James bond trick:
If you short-circuit the left middle and right pins on the bottom of the phone with all connections touching each other, the Nokia software hangs! The profile "Headset" will be activated. Before you do this just activate the "Automatic Answer" in the headset profile and set the ringing volume to "Mute". Now you can use your phone for checking out what people are talking about in a room. Just place it under a table in a room and call it. The phone receives the call without ringing and you can listen to what people are saying.

Improve call quality:
To activate EFR (Enhanced Full Rate) Enter the code - *3370#
This improves call quality but decreases batterylife by about 5%
To deactivate it, Enter the code - #3370#

Clock Stopping
To check weather your SIM Card supports clock stopping type - *#746025625#

THE REBOOT TRICK
This should work on all software versions of the 6110.
1. Go to the Calendar (Menu-8)
2. Make a note or reminder.
3. Enter some text into the edit box.
4. Hold "Clear" until the whole text is cleared, then press "Back".
5. Press "0". The main screen will now be showing but a space appears on the screen. (you can't see it)
6. Enter 4 digits (e.g. 1234).
7. Use the down arrow to move the cursor to the left side of the numbers and the space (Down arrow twice).
8. Now enter 6 digits and press the call button.
Wait for a few seconds, the screen should start to flash and reboots. It should alsowork on other menus like the "Profiles" menu

-=::What To Do When You See A TELSTRA employee::=-

Telstra employees are the dirty, unhygienic animals that work in deep pits of dirt 
all day. When you see a telstra employee inside one of these holes with a tent over him, run to his car( bound to be unlocked) and raid it for his Field technician guide( trust me, He wouldve brought it), which contains the golden secrets that have been hidden from man-kind by a corprate monster known as telstra. 

Thanks and Acknowledgements: @ HiTB and SigmaX


-=::Bibilography::=-

http://www.aca.gov.au/ australian communications authority

http://www.accesscomms.com.au/ - carrier info 

http://www.cellphonehacks.com/ - name says it all

http://forum.hackinthebox.org - forum

http://nokiatone.ifrance.com/ - secret codes

http://www.sigmax.org - irc

http://phone-losers.org - usa phreaks

http://www.google.com (inurl: cache) =))

http://neworder.box.sk - forum

http://www.sandstorm.net/ -phonesweep

http://www.paranoia.com/~mthreat/toneloc/ -toneloc

www.cheyenne.com/ - bitware 

http://www.thc.org/

http://apb.insomnia.org/

Quotes taken from various sources....
###############################################
Decimalz@mail.com

LP# (08) 97554548 @ Amblin Caravan Park (Ask for b0champ :))

#IRC

Dalnet    -   #hackinthebox #australia

Austnet   -   #ausphreak #phreak #perth

Datawhore -   #thejack

#Phreaktac / The Jack - Bulletin Board System

telnet://211.28.72.94/

Respect 











 











EOF



Without practice one cannot prove; without proof one cannot be trusted; without trust one cannot be respected.

Post Reply