M4phr1k's
“Wall of Voodoo"

This is the official home site of www.m4phr1k.com  

 My site is for and always has been dedicated to WHITE HAT War Dialers, PBX, and Voicemail Box testing specialists! The tools and techniques discussed here are to help you learn how to strengthen your security posture and is disclosure in full!  Techniques shown here should be used at your own risk!  

"M4phr1k" (aka Stephan Barnes)

My current role is the VP of Sales at Symosis

I was the original VP of Sales of Foundstone and left after 1.5 years post the McAfee acquisition

Pictured here are some of the best minds I have had the pleasure to work with and you know who you are.  The cumulative knowledge of this core group of people is what solidified Foundstone as a name that will forever be remembered.  Many important people have come and gone after this initial group but it is very likely that without this catalyst of chemistry initially, things would be entirely different historically for Foundstone. 

Pictured from Right to Left (all Foundstone employees of the time in July 2000 at Foundstone’s first Blackhat)

George Clute – original angel investor and Chairman of the Board

Stu McClure – CTO and President, currently doing good

Saumil Shah – Managing Principal Consultant  - by God! Currently at Net-Square Solutions

Shreeraj Shah – Principal Consultant

Kevin Mandia – Director of Forensics and IR, Currently CEO of Mandiant

AD (Alan Deane) – VP of Business Development  - so I had a few Chardonnay’s what of it?, McAfee

Eric Budke – The very first Foundstone consultant

JD Glaser –VP of Engineering

Brian Lewis – Software Development

Kurt Weiss – Education Logistics engine

Gary Bahadur (back row high standing on fountain lip 1st left) – Chief Information Officer

George Kurtz – Chief Executive Officer, McAfee

Matt Weiss – Corporate Office Manager

Clinton Mugge – Managing Principal Consultant and CEO of Symosis where we are both at now

Melanie Woodruff – Principal Consultant – hey Clazy, currently at Wachovia Financial Services

Stephan Barnes – VP of Sales (kneeling with the company rhetorically on my shoulders)

Will Chan – VP of Knowledge Management and master of words, currently in Hong Kong

Dane Skagen – Director of Education – Semper Fi! Currently at Mandiant

Jason Glassberg – Managing Principal Consultant  (back row high standing on fountain lip 3rd from left)

Chris Prosise – VP of Professional Services and Education – hey buddy! Relaxing in Stocks!

Joel Scambray – Managing Principal Consultant

Robin Keir – Senior Software Engineer and absolute wizard

_________________________________________________________________________________________________

Hacking Exposed now in its 5th Edition

OSB 0072260815 MCGRAW-HILL Hacking Exposed, 5th Edition

War Dialing, PBX, Voicemail hacking is my section – always has been since the 2nd Edition

Many thanks to Stu, George, and Joel for letting me tap the lines so to speak

Stu McClure and I at Chimay, Belgium 2006

M4phr1k's Wall of Voodoo provides additional techniques and explanations in addition to those already explained Dial-Up, PBX, and Voicemail hacking sections in the Hacking Exposed series of books.

There is a companion site for HE5

http://books.mcgraw-hill.com/sites/osborne/he5/tools.html

__________________________________________________

Hack Notes – I contributed to the chapter on War Dialing/PBX/hacking thanks to my good friend

Clinton Mugge of Symosis, formerly C-Level Security

---------------------------------------------------------------------------------------

----------------------------------------------------------------------------------------------------

Are you LOW TECH?  I am when I need to be!

Remember Procomm Plus?

Check out my HOW TO get ProComm Plus Test Drive ready for use and how to use a TYMNET 800 Connection as an example for learning how brute forcing DIAL-UP works.

Remember, War Dialing, PBX and VMB hacking still work!

Have you shut down all of those Old Backdoors that can be accessed (possibly) via SprintNet or Tymenet)?

Here is a "How To" lesson for you on how to access an 800 tymenet number.

MANUAL:

  • Use ProComm Plus or your dial program of choice PCPLUSTD ("test drive" is on my site)
  • Change the modem settings before you dial: to E-7-1 for settings parity, etc. (Versus N-8-1, which is the most common)
  • Dial whatever way you want the following number: 18005461000
  • Hit (enter) (enter)
  • Type VT100 (enter) when prompted at TERMINAL=
  • Type your local (or some valid) NPA/NXX at the "Enter your local area code and exchange" (enter)
  • Wait for @
  • Type C AAA (see what you get)

You connect by typing C and "some info" (say any three letters) and wait for a response

Here is a Hint : Phrack 42, SprintNet sections

Have Fun

See how this is done!

This is as FAR as I take you. You're on your own from here:

OR

GO AUTOMATED!:

If you really want to use my stuff you need to learn ProComm Plus Aspect Scripting anyway

Here is TYM800.ASP a neat little ProComm Plus ASP (Aspect Programming Language script) that would do this for you.

works with PCPLUSTD as an ASPECT SCRIPT FILE go to my PCPLUSTD how to section and setup PCPLUSTD

then come back HERE to see how to run the TYM800 program

---------------------------------------------------------------------------------------

PLEASE NOTE. PCPLUSTD is OLD, but VERY EFFICIENT. NEWER PROCOMM PLUS has MORE ASPECT COMMANDS (hence you can do more),

But after a while you'll believe you can get by with these early versions because NONE OF THIS is that COMPLICATED!

This simple concept is the foundation on how we Brute Force Dial Up connections!  Learn the basics and you're on your way!

-------------------------------------------------------------------------------------------------------------------

You don't need an air hammer to drive in a simple nail:

When War Dialing match the technology to the technology

When you are war dialing you might come up with a gambit of modem connections that are look odd and foreign - old school if you will.

New school communications programs sometimes provide too much clutter and noise so going back to the old school is almost surefire and steady way to succeed.

Case in point:

I have seen a router that ToneLOC caught and dumped in the FOUND.log and when using the newer ProComm Plus 32 to go back and dial it up, it could not figure out the parity and chunked up the display.

What to do? Go OLD SCHOOL: ProComm Plus Test Drive (the old demo version of ProComm Plus)

Set it up and wa-la, you are generally ready to go (caveats apply)

Here are the instructions on HOW to set up PCPLUSTD and here is the program along with one of my example scripts

-------------------------------------------------------------------------------------------------------------------

Don't forget to test PBX and Voicemail systems like Seimens and Rolm

Hacking Meridian - Background and some cool info - Thanks to a Fellow Pen Tester - Mark Rowe - click to see)

LHF (Low Hanging Fruit) Banners section updated - send me your Banners ill post and give you credit!

-------------------------------------------------------------------------------------------------------------------

LOW LEVEL TECHNIQUES will get you every time!

Stuff like KeyStroke Loggers from Keyghost.com

-------------------------------------------------------------------------------------------------------------------

Ok, Last but not LEAST, try to not let this become your System's Logo. That's why we test!

DISCLAIMER:

The contents of these pages (in one form or another from multiple BBS's to multiple ISP's to where we are today

have been maintained by myself, Stephan Barnes, aka M4phr1k

from 1985 to 2007 (present)

Has it been that long? Old Phreakers never die, the just lose a little tone ;>

Stephan Barnes (M4phr1k) can be reached at

Stephan.Barnes@mandiant.com