|
How to hack call- back verification systems
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
How to hack CBVs (Call-back Verification Systems)
a T?C production
??????Morpheus??????
Many BBSs today use "Call Back Verification Systems" to verify new users,
as opposed to having to voice verify all the new users. Most of the BBSs
running the CVBSs are the mainstream boards, and are often run by shitheads
on a power trip, but sometimes it is useful to have accounts on these types
of system, and I'll tell you how to go about doing this...
All of the verifiers I've seen worked like this:
1) User logs on / CBV is called
2) CBV displays text telling the user what to do
3) CBV hangs up
4) CBV dials users number
5) User answers phone with an ATA
6) BBS usually has a delay, then asks for the user's password
7) User enters his/her password
8) BBS upgrades user
The way the hacker tricks the CBV is by calling the BBS before the BBS dials
out. This is accomplished in different ways... depending on the remote setup.
1) If the BBS's modem is set to answer the phone automatically, then all you
have to do is call before the CBV dials out... you should get a CONNECT
string, and you're on... (note: this doesn't always work, you may need to try
a few times)
2) If the BBS program answers the phone manually, (ie the modem is set to S0=0)
you'll need to do it a little differenty. If the BBS's modem is not set to
look for a dialtone, you can dial like this:
ATDXXX-XXXX;
wait a little bit and you should hear the remote modem try and dial
then send an ATA after it's done dialing, and it will think you answered.
3) The last method is the one you need if the BBS is set up with X2 or X4 (or
X6 or X7 on an HST). You need to have a second phone line. You proceed just
like you would under method 2, except the remote modem will never dial, it
will just picking up and returning, because there it gets no dial tone. So,
all you need to do is use your call confrence button (if you don't have one,
make one) while the other line is on hook... that will send the remote
modem a dial tone, and it'll dial. Answer the phone like you would in #2.
Conclusion
This is a really simple procedure, and it shows that the CBV are almost
totally worthless. But, if you ever want access on a board running one, and
don't want to give your real phone number, this is the way to go. If you
know of any ways of preventing this, please tell us... There's an antidote
for every cure. <grin>
To contact T?C (The Omega Company) for submissions/comments/etc,
The Magna of Illusion
201/579/6927 HST/V32bis
NUP: Hypnos
|
|
