A Beginners Guide to 800 Scanning By: Matrixx For: ISCABBS telnet: bbs.isca.uiowa.edu Along time ago when I started my career as a phreaker /hacker I had a lot of help and there were alot of people willing to show me the ropes. Well it's now 1994, and the files I that I read are either out-dated or invisable. The only chance that an aspiring young phreaker has is to find someone willing to help them. Fat Chance. Like I said, this is 1994!!! This file is for the little guy, the LAMER as we so lovingly refer to them. It is was not written as a submission for PHRACK and is certainly not going to enlighten you if you are not new at this sort of thing. Why did I even bother to write this file? Well, I have seen the phreak community turn into something that I was ashamed to be a member of, and then finally it almost killed itself, because so many of it's members were not only full of shit, but they would actually stab each other in the back. Today, there is still a few honest, trustworthy phreaks, but few of us will bother helping out anyone. This is not a very good way to preserve the species. I am writing this file to hopefully encourage a NEW breed of phreaker that won't someday annhilate itself. A word to the initiates; If this is your FIRST attempt at bettering yourself, know this. There is much more to phreaking then what this file will tell you. In the same vein there is much more to the so called "UNDERGROUND" then just phreaking. You should attempt to learn more everyday, you should do your own work and not just copy what other people give you. You should NEVER destroy something that isn't yours. And above all, your reputation is all you have, don't ruin it. So without going any further into Hacker-Ethic's lets get on with the information, and if someday you become referred to as "Elite"...remember where you started...OK? Everyone is lame at something. --Getting Started-- Grab your phone, look at it, could you comfortable hold it for hours at a time? If not you may wish to get a better phone. My favorite is a Speaker Phone. Some people use Operator head sets. Some people have their computer dial the number. I would reccomend "HANDSCANNING" because no matter how good you think "toneloc" is, it still can't detect a VMB. --When to Scan-- After business hours Pacific standard time is usually best, I myself wait a few hours even after that, but if you are on the east coast and not into staying up (very) late just wait till after business hours (5 or 6 o'clock) EST. Chances are, if you don't wait until after these house you are going to miss a LOT of good stuff, esp answering machines that people leave purchasing orders (and credit card info) on... --Choosing Your Prefix-- Oh, you don't know what a prefix is? Well it is the middle 3 digits of a phone number. I.e. XXX-555-XXXX. Got it? Good. Ok now you will need to find one. Whats so hard about finding one you ask? You need choose a prefix that hasnt been scanned to death like 222-333-444...etc. You need to find a WORKING prefix, this may sound stupid, but some of the stories I have heard would keep some of you laughing for weeks. Anyway, this is how you tell if you have found an ACTIVE prefix. Dial 1-800-XXX (XXX = you prefix) wait about 7 seconds, if you hear some tones then you have an inactive prefix. Find a new one. --Scanning-- There are many ways to scan, ranging from sequential to zen. For now stick to sequential, you can either start at the bottom and go up, or you can start at the top and go down...You could even start in the middle, but always...ALWAYS remember where you started, you may run into a prefix filled with good shit...you wouldn't want to backtrack...nothing sucks more then finding the same thing over and over again. Lets say you start at 800-xxx-0000, then naturally the next number dialed would be 800-xxx-0001. Simple eh? *** 1994 UPDATE *** Apparently some people are scared of getting call backs from those people like AT&T. I personally only know of like 3 people who have ever been bothered, but I sure there are more. If you should happen to get a call back, don't worry, the most they can do is have your 800 service to the 800 numbers they lease blocked. No bigger, no one company ownes more then 1/5 of all 800 numbers. (If it's AT&T make sure you point out that if you try to call their "800-CALL-ATT" number you BETTER be able to connect, because their commercial says you can reach it from ANY phone. Some ways you that may give you extra insurance against callbacks from overy security minded idiots, is to do variations on your sequential scanning. (i.e. 0000, 0010, 0001, 0011, 0002, 0012) or to have your computer generate a list of numbers from 0000-9999 in random order and print it out. But like I said it's no biggie, you can make up all kinds of stories to tell someone if you get called back, like "I'm trying to get some statistics on how many numbers per 800 prefix is being used, and for what for my statistics paper.", "I'm trying to get my name on alot of mailing lists, so I can create a database of users to sell my products to, and since you actually MANUFACTURE and SELL machines to other companys, I thought it was LEGAL to call numbers sequentially if you intend on selling something. (IT IS!) Be creative, don't be afraid, and don't be afraid to lie. *** END OF UPDATE *** There are 10,000 numbers per prefix. That's alot of numbers to dial. You can probably do about 100 numbers in under 1/2 an hour. That's about what I personally average. Some people try to do 500 a night, but that makes for a pretty boring night, and a sore finger/ear. Some tips for making your scanning go faster is not to let the phone ring more then FOUR times. If something doesn't answer in 4 rings, it's probibly not any very usefull, or interesting. Also, if you find someone else who is a TRUSTABLE friend, and who also scan's you can split up the scanning, but make sure you are not scanning the same stuff, assigne "Blocks" of numbers for each person to scan. (i.e. you do 0000-0500, and he does 0501-1000). Then you BOTH make copies of EVERYTHING you find, and share it with each other. But make sure it's a GOOD friend, that's not going to hold out on giving you some of the good stuff!!! **Treasures** These are SOME of the things you will probably run into: Answering Machine (old) The old machines are mostly useless, they either can not be accessed from a remote loaction, or they can not be reached at all. Just forget these. They are, as far as I know...useless. There is one really excellent way of determining if your answering machine is useful. During the outgoing message hit keys 1-0 and then * and #. Then after the beep do the same thing again. If the machine doesnt respond or hang up on you, then you have found either an old machine, or a useless one. I think I'm being redundant here.... --Answering Machine (new)-- Some people might tell you that these are useless too, these people are wrong, you can do many semi-usefull things with them besides listen to other peoples messages. You can make it into your own personal message center, you can even take it over...of course your outgoing message probably wont last more then a weekend, so don't expect the world. The best way to hack these things is to just hit 1-2-3-4-5-6-7-8-9-*-9-# and then reverse it. Do the same thing after the OGM (Out Going Message) For some strang reason, most of the machines I find that have a 1dc (One Digit Code) usually have the passcode of "3". That's right just hit "3" and the machine lets you in. MOST access codes are pretty simple, shit like "123" "111" "321", but don't spend all day hacking these fuckers, they are not THAT usefull. (Unless it's a machine that people are likely to leave there credit card info on...(i.e. mail order places)) --FAX Machine-- This sounds alot like a computer carrier, but there is a difference and it is easy to tell the difference when you look for it. What you could do is go through any phone book, and look in the yellow pages section and then find a business with a FAX machine, call it and listen. An interesting note, Some FAX machines if they recieve no transmission they then will connect to a computers modem. Computer Carrier-- These are almost always good for trade, they could be anything. To quote Ren Hoark (of Ren and Stimpy) "Maybe something good, Maybe something bad, I guess we'll never know..." Until you get more expierence in the field, you should either TRADE these numbers for something you want, give them out, or keep them, but by no means, call over and over and over and bang away, this is useless and should be avoided. Download some more files on how to recognize Unix/VMS/etc... --Backdoor-- These are great for trading, nobody likes to admit it, but if you have a way to call 1-900-BLOWMEE for FREE they would love to get their hands on it too. (Pun intended!) These things are great and are kinda rare. Chances are that if you found one you will find at least 5 more in that prefix. If you plan on logging on to an "ELITE" BBS volunteer the information in your new user feedback...tell the sysop you found it and only he and you know about it. He will more then likely give you decent access, especially if he is under 19. Not only are there 1-900 sex line backdoors, there are 1-800 sex operator backdoors (these sometimes require a PIN) and lots of stuff from Lottery Info, to lines that when you call, all you have to do is leave your name and addres and they will mail you a cookbook or some shit like that. If you get a backdoor that lets you do "administrator" things do NOT fuck up their setup, or give the information to someone who might. These systems usually cost alot of money, and destroying just to destroy is the 9'th level of repulsive. --Voice Mail Box's-- That's VMB if you want to sound like you know what you are doing. There are MANY different types of Voice Mail Box's and there are text files for just about every type you will run into. I will ATTEMPT to give you a crash course in VMB hacking. INDENTIFICATION: A voice mail box, will sometimes act just like an answering machine until you start hitting those all important MF (Multi-Frequency) tones. (1-9, etc...) You will be prompted to do something else depending on what key you hit. Sometimes you will be asked for "the mailbox in which you would like to leave your message, sometimes you will be asked for your mailbox and passcode. Sometimes, it will tell you to re-enter your something or other. What you would basically look for is options OTHER the entering a passcode. Don't be afraid to hang up and call back to try something new. System Spex: Next you will need to find out how many digits a box number is. This is usually easy but CAN be a pain in the ass. Something to always remember is SLOW AND STEADY. Press 1 wait 2 wait 3 until you get some sort of system message. Use this same method for finding out how long the passcode is. In MOST cases you can just hit 1234 and it will give you the next system message, so you don't always have to go slow, in fact it is pretty rare, but don't foget it. Most VMBs rarely have more then 5 digit box's. Next: Find a Valid box. You know one that doesn't ask you to enter another mailbox number but instead says "leave a message" or some such shit. What you should look for is an EMPTY one. One that isn't currently being used by someone on the system. How to enter your passcode: There are mainly two different systems. 1. While listening to the box's outgoing message a key (usually # or *) will prompt the "enter passcode" message. 2. During the original outgoing messgage a key (again # or *) will give a "Enter YOUR mailbox number" followed by a "Enter YOUR passcode" message. HINTS ----- Many systems have DEFAULTS and they are usually 0000 or 1111 or 1234 or many systems use the same number as the mailbox for it's passcode. Sometimes they increment or decrement it by one. Many systems also have mailbox's at 9999 or 9998 that have ADMINISTRATOR functions. If you find on of these, either don't piss with it or be very careful. But remember you can trade these for some decent stuff. You will notice I used 4 digit examples above. If the system only allows 3 digit passcodes, then naturally use a 3 digit version. The same goes for 5 digit. Use your brain a little. --Private Branch Exchange-- You would be surprised how many "veteran" phreakers don't know what PBX is short for. What it essentially is, is this: Remember in high school when you made a call home from the office? You had to dial 9 before your home number? You went through a PBX. When a company or group has an internal phone system they usually set it up so that with the touch of one key they can reach