_________ SWAT MAGAZINE ISSUE FIFTEEN: MARCH 1999 __________ / \___________________________________________/ \ / Getting a PBX \ / By: -=The Firestarter=- \ ----------------------------------------------------------------------- This article was destined for last months issue, but I just wanted to test my theory that "if a PBX get's used to call all over the world then it dies very soon", before I published this. Well I was right to an extent. All the time on newsgroups I see people saying "How do I get free calls" and everytime they get flamed, and people insist that's all people want nowadays and there not interested in learning about phreaking, but personally I couldn't care less, so what if all they want is free calls to anywhere in the world, ok I know quite a bit about phreaking but I mainly used what I have learned to call all over the world. Ok just imagine that you need to call somewhere really badly, but you don't want another £50 on your phone bill (while I never pay for calls like that, somebody out there might) or you may just want a free internet connection for a while. I'm about to describe a very simple flaw in the Meridian Mail systems (I've heard that it affects 1 in 10 systems). Ok if we assume that most direct dial systems have an outdial then there's a place you could start, but I'm not going into that one as I have already covered it in a previous issue. But what about those systems that aren't direct? to hack out a box on each one that you find would take ages, and the chances of it having an outdial are pretty slim. So if you have a list of say 30 systems that aren't direct dial, more like an answering machine for the company, then we can start by checking them for this little exploit. First off you dial into the system, it will pick up and start to play the pre-recorded message. Now simply hit 09 # if your lucky then it will connect you for free. * For UK systems always try an 0800 number, if a UK system has an out dial then you can use it to call anywhere in the world. If the system is a US one, try any number you can think of, if you get any message other than "That number cannot be reached from this service" then your in luck. I tend to go for UK systems since there outdials can call anywhere in the world, the downside to this is that if you call from your house you will almost certianly get busted if you make very long calls to far flung places, but in my experience, occationaly using it to dial into your ISP is ok, (well ok I would probably get busted, hell I could make a small firm go bust in one night). US systems are of equal importance though, a free and anonymous internet connection is vital to all of those hackers, carders, warez traders, etc in the UK. US out dials (most of which are only local or 1800 outdials, I have never seen a US outdial that has given me international calls) will always last longer, they seem to last from between 1 and 6 months (for me), that's based on being online for between 4 and 6 hours a day. UK outdials will usualy only last for a month or so (depends how often the company get's billed), that's based on phone calls to Canada lasting 4 hours. Although Brakis did find an interesting way to get international calls via a US local outdial, he would simply call AT&T and tell them to place the call for him. So now it's time to scan for your meridian mail systems, do this any way that you want. Well have fun and don't get caught. That little exploit again is: 09 # Yep a large article for such a small exploit, but I got board and decided to write a load of stuff that might have some relevence.