From: "H.M. Murdock" Subject: Breaking and entering, the hotelco way Date: 21 October 2001 12:14 Breaking and entering - The Hotel(co) way A text by H.M. Murdock III Because of my extravagant lifestyle, I am forced to commit large scale credit card fraud. I admit, I should choose to stay in cheaper hotels, but when it's someone elses CC it doesn't matter if it's £20 a night or £2000 - the only limit is your imagination, and their CC limit. Because of this fraudulent activity I spend a lot of weekend in Forté, Hilton and various other very nice hotels. You may have a hotel in your area. But is this a text on hacking/phreaking or just some nut rambling on? Yes and no. I think. You see, I want to tell you the truth, but sometimes it hurts kids. Now put your hands up against the screen, close your eyes and say "I believe, Murdock." That's right. Believe in the power of hotels, with their poor security and fun pabx systems! Now there's no point in breaking into your local B&B. They probably only have a COCOT or something. Even medium sized hotels only have small PABX systems like the Nitsuko or Toshiba ones you find in receptions. We want a Nortel or Ericsson one. Can I have it daddy, I hear you say? Yes son, you can. Find a big hotel, Forté ones are usually pretty good. Crowne Plazas are also an option. Ok, now scope out the outside. Where's the maintenance entrance? Is there a door with PABX ROOM on it? Watch it for a few days (and nights) and see when people come and go. If it's manned all the time it's probably too big for you. If people clock off at night, or even if it's largely unmanned, select your night time period, and get suited and booted for the job. Most PABX systems are either outside with a door leading directly in, in their own little building not far from the main site or inside the building itself. Where it is will dictate what you're wearing. I tend to only knock off systems with doors leading directly out of the building, as doing a runner is more difficult from the 12th floor of the hotel. O..pen...the...door... Use a lockpicking kit or get a grown up to help you. Take *pictures* of the inside. Don't touch anything. Yet. Most of you will have never been inside one before, so here's a typical layout: _______________________________________________________ | |_______| __ | |\<-- Dis is da door | | ||<-- Bin | \ Lookit all dem wires! |__|| | _______| | | | |_______ Desk -->| | | | _______________________ |_______| |Filing | | | | |Cabinet| | PABX | | |_______|_______|_______________________|_______________| Go over to where the purty wires come in and trace them back. Sometimes they'll have a number or series of numbers written down. If you can find the line that the modem's connected to, get your recording device of choice (I use a voice activated mpman mp3 recorder, you might want to use an analogue dictaphone if money is tight) and tap the line somewhere where it won't be visible. Take pictures of where all the lines come in, the stuff on the desk, the PABX itself, especially of any cards, the model number, any asset number. You'll probably find lots of info on the walls. On the desk you should find a terminal, maybe a PC, a printer (usually dot matrix) lots of bits of paper :))) and some modems. Take the numbers of the modems down, as you can use them (No little jonny at the back, you can't get on the internet from them). If the filing cabinet is locked, take pictures of the lock. Now get out (you didn't touch anything did you?). The reasoning behind this is simple. We don't want to get caught, so on your first trip look but don't touch and that way you'll just get done for breaking and entering, and you probably haven't scoped out enough time. You'll have looked at the log book of course for patterns concerning when people come in. And you'll have seen all the other gear. Don't even take the rubbish. Call me a chicken, but I'm free, and I'm free because I know how this works, and theft is a lot more difficult to get away with than b&e. Now armed with all your juicy info like PABX details, call patterns etc. it's time to go elsewhere. Find another area of the country (usually the same chain has the same family of PABX systems everywhere. Interestingly enough, I've found that hotel chains also tend to use the same brand of lock on all their doors. Which is nice. Unfortunately now larger hotels are changing to the swipe card system (same as the room cards) but I'm not going to tell you about how much fun you can have with a booking system that issues swipe cards tied to the room number (which the DN is tied to - hint hint). When you break into that PABX room we will follow a different strategy. Don't worry about making a mess,steal the trash, rip any interesting info off the walls and get that fucking cabinet open. It should contain lots of goodies like replacement hardware, manuals and confidential shit. I've yet to break into a PABX room that has a shredder. To be fair I haven't broken into *that* many but enough to know that the chances of you coming across one are roughly the same as cumming across jenna jamesons face. You may need to make several trips because of the cabinet, so do that first, but do it all in one go. Try to log on (if it isn't already logged in) at the terminal. Switch off any printing options relating to dial-in access and any logging. Print out all the data you can and steal it. STEAL IT ALL!!!!! You might want to spray paint *Anarchy Rulez* on the wall or something to make it look like kids. Once you're back at the ranch and believe me this will get reported to the police, (You were wearing a cycle helmet weren't you? You have got an alibi haven't you?) get all your gear together and go through it with a fine toothcomb. Nip back over to the first target before they call the pigs and start looking at the rooms and get that mpman back. Assuming that you know what the line speed is (it should be the same across PABX systems in the chain) and data/stop/parity you should be able to play it back through a modem that has a headset and knock something up to decode the data. You're only looking for two things - usernames and passwords. Now you totally own the fuck out of a PBX. Be proud, you've done a man's job son. But treat your new found friend with respect, for you're commiting many felonius acts just visiting him. You will notice differences between my layout and yours. You might not have a filing cabinet, or anything on the walls. Or any documentation anywhere at all. In which case find another. There are *more* subtle ways of going about this which include not breaking into a secondary pbx, but it all depends on whether you just want to hAx0r one or whether you want to get all the paper manuals, and all the goodies. I just like good old fashioned theft, and there's nothing more invigorating than ransacking a comms room on a friday night. Hopefully you should've read the manuals before going on to the system so you can work out how to switch off logging and not fuck it over, but be careful, always wear a helmet - carry something heavy in case you need to threaten to kill someone or hit them with it and never talk to strangers. -- BHM