==Phrack Inc.== Volume Two, Issue 20, File 8 of 12 Metal Shop Private's -- Social Engineering ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This was a subboard similar to the Phreak/Hack Sub but it concerned the art of social engineering or bullshitting to get information. 1/27: CAROT/RC-MAC Name: Phantom Phreaker 46 Date: 2:46 am Sun Apr 26, 1987 The numbers before/after CAROT are the generic and version.. for instance 2CAROT3 is CAROT 2, generic 3. The highest I have seen is 2CAROT4, but there are probably more. Also a number that refers to a CAROT system could also be it's particular number, if there is more than one in a particular area. RC-MAC (Recent Change Memory Administration Center) is a place where a clerk enters information into an electronic switching system via a Recent Change terminal. The information changed can be a variety of things, but things like Class of Service, CCF's, EA Interlata Carriers (called a PIC, Primary Independent Carrier, I believe, something along those lines), etc. Data that is to perform Recent Changes upon an ESS switch is screened by a computer system called RMAS (Remote Memory Administration System) for validity. RMAS is generally running under a unix OS. A few actual Recent Changes look something like this: RC:LINE;CHG: ORD XXXXXXX TRC ! That is an RC upon a line, to change something. The TRC is TRaCe, I think, and the ! is needed for some reason. You can also have: RC:MLHG;CHG: (RC upon a Multi Line Hunt Group); RC:MPTY;TWPTY: (RC upon a Multi Party line, a 2 party line) Oh yeah, those examples I typed in might be wrong, I don't memorize them or anything so don't sue me if they aren't right. Also they are for a 1AESS. Phantom 2/27: Bah.. Name: Phantom Phreaker 46 Date: 2:54 am Sun Apr 26, 1987 (Sorry to post two in a row...) Hatter, RC-MAC does have COSMOS access, at least they have a login prefix assigned as 'RECENT CHANGE', which is RCxx, where the xx is two numbers. Theyy don't seem to logged on that often though. Some other systems they may have access to include RC/V, Recent Change annd Verify, I don't understand RC/V that much, but RC/V has channels into electronic offices, just like RC channels. RMAS is access to an RC channel. PS-I'm open for corrections..I'm not 100% sure about all this shit either. Phantom 3/27: Bell Security Name: Knight Lightning Date: 7:14 pm Thu Apr 30, 1987 What would you have to do and who would you have to call and what would you have to say etc to find out about anything being on your line that you didn't want (hint hint)? :Knight Lightning 4/27: (3232232 Name: Doom Prophet 21 Date: 4:57 pm Fri May 01, 1987 Try your CO (they would know if a DNR was there of course), or for CLID marked numbers, your SCC switch controller. They won't always read you the CT06 though (heh).. 5/27: Yeah but Name: Knight Lightning 2 Date: 10:17 am Sat May 02, 1987 Who would you say that you are, why would you be calling, and what would you ask to find out if it was there? :Knight Lightning 6/27: RC-MAC Name: Mad Hatter 51 Date: 3:12 pm Wed May 06, 1987 RC-MAC.. are they any good for engineering? If so, for what? Thanks... Also, what are the functions of MMOC? -Hatter 7/27: RC-MAC Name: Taran King 1 Date: 5:58 pm Wed May 06, 1987 The Recent Change Memory Administration Center is the place at which orders are put in to do changes to subscriber lines, etc. It is a very useful office, but this all depends on what you want to get done. I believe they have access to RC terminals (makes sense anyway...) so you could get then to complete any RC transaction that you wished to have done provided that you've got a good excuse. Hope that helps a bit.. -TK 8/27: CT reports Name: Control C 8 Date: 9:07 pm Wed May 06, 1987 Here's something you may be intrested in: Report Reason for Report ------ ----------------- CT01 To print information pertaining to a line trace requested by an input message. CT02 To indicate that this message contains information pertaining to a line trace requested by an input message. CT03 To indicate that an interoffice or outgoing seven-digit call has been placed form a directory number to another directory number. CT04 To indicate that the incoming call has been placed to the indicated directory number from a trunk. The trunk network number (TNN) is given. Translation information for the called directory number or the terminating directory number indicated that a trace should be made of all calls to this number. CT05 Indicates thatan outgoing ten digit call has been placed from directory number to another directory number. A check of the Calling Line Identification (CLID) list indicates that a trace of all calls to this ten-digit number should be made. CT06 To print the contents of the CLID list in response to input message CI-LIST or as the result of an error being detected in a CLID entry by audit 32. The audit will remove the directory number in which the error was found. If CLID list in printed in responce to a TTY message, then it will be a priority of SCHED and an 'A' will print out with the header. If CLID list is printed as a result of an error found by the audit an 'M' will print out with the header since it will be a priority of MAN. If anyone want to know any other output reports let me know.. Control 9/27: SCCS Name: Mad Hatter 51 Date: 11:18 am Thu May 07, 1987 What is the difference between SCCS and TSPS SCCS? Is it that TSPS SCCS is used by TSPS only? That sounds logical, but I wasn't sure anyway. Anyone ever hear of Network Administration? What are they good(used) for? Questions, questions, questions.... -Hatter 10/27: NAC/CT0X reports Name: Phantom Phreaker 46 Date: 10:58 pm Thu May 07, 1987 Network Administration is also known as the NAC, Network Administration Center, also called Dial Assignment. They are located in the BOC building, I believe, along with the LAC (Loop Assignment Center) and SSC (Special Service Center) and a few others. The NAC basically deal with new lines being put in, they do things like figure out how to evenly distribute the number of lines so there won't be any shortage, and things like that, it's similar to the LAC but I don't know any big differences in the two right now. Ctrl C, where did you get the CT0X message summaries? Pretty good info though, but I can say that I have only seen a CT06 (when I pulled it up), a CT04, and a CT03 message. CT04 ID's a TNN (as he said) connected through the destination ESS to a particular DN. It can then be determined the general area of where the call is coming from from the TNN. But there is differences if you are calling over interoffice trunks (local calls) or tandem trunks, or long haul, or inter-LATA... Phantom 11/27: Offices, systems Name: Doom Prophet 21 Date: 5:21 pm Tue May 12, 1987 Ok, for all you D00ds, here's some really hot classified information on Telco offices and the systems they use for maitenance functions. If you run into a problem engineering, simply say you are from any of the following offices. I will go into a brief description of each below. Enjoy! FUCK-Facilities Utilization Control Kitchen. A really hot office. They keep backups of all systems per a LATA, or in special cases, the entire BOC area, along with user logs and passwords. They use the CUNTLICK system to interface with SHIT, explained momentarily. They ar difficult to reach as no one knows their number, and anyone calling it has to enter a special queue dispenser where he enters routing information to reach the FUCK ACD. The FUCK technicians answer as normal subscribers and you have to tell them a codeword. PENIS-Plant Engineering Network Information System. Used by the PMS to deal with outside plant details and layout maps. CUNTLICK-Computer Utilities Network In the Control Kitchen. Used to sensor with SHIT. SHIT-Supreme Hardware Inventory Totals. Self explanatory. CRAP-Customer Repair Analysis Service. They use PENIS to supply PMS with info. PISS-Primary Intertoll Switching Servicemen. Corrdinate classes 1 through 4 toll offices and monitor the STP's. BITCH-Building Installation Table Channel. Used by SHIT technicians to obtain new switch and office status. SCAB-Switching Cable Analysis Burea. They work with PMS for trunk testing and maintenance. The systems they use are FART and DOPAMINE. Well, that's about all! Oh, don't forget BASTARD (Box Accessible System To Aid Real D00ds). A special in band NPA with full OSC support for blue boxers to experiment within legally (only operating in special areas). That's all! Hope it helped!!!1 12/27: MORE!! Filename: c:msgs\A-26730.1 Name: Phantom Phreaker 46 Date: 7:29 pm Tue May 12, 1987 You forgot a few: DOGSHIT-Division Operations Group SHIT (see above post). DOGSHIT is like SHIT, except that DOGSHIT is in a division. CATPISS-Centralized Automatic Tandem Priorities Interexchange Support System. Self-explanitory. BEER-Bell Electrical Engineering Research COOL-Computerized Operations On Loops Ah well, mine weren't near as good but at least I tried. Phantom 13/27: Yet still more... Name: Taran King 1 Date: 8:58 pm Tue May 12, 1987 Hey now, hey now, that was sheer incompetence...leaving out the following! BOOGER - Bell Operational Office for Generation of ESS Reports. Self Explanitory STAN - Spanish Tacos And Nachos. This support group, Californian based, maintains food services for all superior employees (all employees). NATE - Nacho And Taco Emissary. This department secretly interfaces STAN with the rest of the network due to the STAN group's inability to fit in with society. **Due to divestiture, NATE and STAN are no longer part of the network** IL DUCE - Not an acronym, but the janitorial services department of the network. PUMPKIN - Peripheral Unit Modulator Phor Kitchen Installations of NATE. This group is in charge of interfacing kitchen activities through Project Genesis. See RAPE. BRRR-RING - The official word for the sound an AT&T phone makes receiving an incoming call. BANANA - Basic Analog Network Analog Network Analog (No wonder they went digital!!!). RAPE - Red Afro-PUMPKIN Enthusiast. This group, led by Peter, cheers IL DUCE while he sweeps the floors. SCOOP - Secondary Command Output Only Procedure. This converts all text to lower case. It is a function used in most Bell computers along with LEX. LEX - Lengthy Explanitory Xlations. This program, found alongside SCOOP, converts all lowercase text, from SCOOP, into upper case and 40 columns surrounded by "$"s. ** Warning! Never leave SCOOP and LEX running simultaneously or you will surely cause L666 to occur. ** L666 - The warning message generated by computers indicating endless Loops of conflicting jobs. This also indicates that everything is fucked. See LOKI. LOKI - Life Over-Kill Inscentive. If you find this error message on your computer, do not reboot the computer, but be sure to reboot something (HINT HINT!). This is a work of fiction. Names, characters, places and identities are either products of the author's imagination or are used ficticiously. If you notice any resemblence to actual events or persons, living or dead, don't come to us. Bill and Taran Feeling obnoxious Feeling 7-UP Banana flavored Using the Randy-Voice-Machine (Ha ha!) P.S. Bill says, "Hi" to his Uncle Al. 14/27: Who Could Forget...... Filename: c:msgs\A-26724.1 Name: The Disk Jockey 13 Date: 7:10 am Wed May 13, 1987 SNATCH-Senses Nodes And Traps Code Hackers TITS-Telephone Involved in Tandom Skipping PUBIC-Plastered Uniforms Brought Inside Co......an employee infraction RAD-Recieve Ananlog Department DISC-Deadbeats Instinctively Scanning for Carriers LAP-Local Area Payphone Or use the codewords that Linemen and Telco employees use.... This Means This -------- ----------------- "OHFUCKNIGS" "I'm trapped in a phone booth in a black neighborhood" "FIDOFUCK" "A customer's pet dog has me trapped up a pole" "HOMEBONE" "I got laid while doing a customer's installation" "SNOOZEBOX" "I'm sleeping, bust saying I'm fixing little green boxes" The list goes on...... 15/27: Phrack 15 Name: Knight Lightning 2 Date: 5:42 pm Wed May 13, 1987 Looks to me that between the multitude of humorous posts on subs 2 and 4 we need another Phrack joke issue. :Knight Lightning 16/27: Where were these when? Name: Mad Hatter 51 Date: 6:11 am Fri May 15, 1987 Where were these ancronyms when Phrack 13 was out? None the less, I'm only posting this to say "Banana" to Bill... -Hatter God damn line noise! One more thing, don't expect to talk to me voice for a while(week), I "had an accident", and the result was 6 stitches in my inner upper lip... Hiho.. 17/27: Ok Name: Doom Prophet 21 Date: 4:49 pm Fri May 15, 1987 Howdy Dowdy, if you like them, buffer them and save them for a rainy day, or put them in a future issue (or a section of PWN to illustrate the great great users of MSP and our |ool senses of humor in a world full of manual brained users who try to out elite each other consantly for no real reason . ^Forgot the period up there. The Chinese men would show worm movies out of their penises onto the wall, which really wasn't a wall, but a little girl who would blow her nose and discover her horror at seeing specks of blood in her snot, and the TV screen would dance around the green bean on the couch, which was itself watching TV out of a reflection his eyes which were glassed over from toxic fumes emanatinng from his oven, which came from the TV antenna before it came out his ass at 5 am. >From blind eye sees all, sort of 18/27: 800 Numbers.... Filename: c:msgs\A-26685.1 Name: The Mad Hacker 47 Date: 10:57 pm Fri May 15, 1987 A Dumb Question: Is there anyway that you can do anything to 800 numbers? I.e. MB's, etc. Can you CNA an 800 Watts or do you have to locate their regular number(Should they have one). I ask this because Fallwell shoudl burn! The Mad Hacker 19/27: 800's Name: Lucifer 666 43 Date: 2:07 am Sun May 17, 1987 I imagine that you would have to get the POTS number from X-tended 800 services and then get the SCC for the POTS... Maybe the 800 number could be taken down for a while or disconnected by getting the AT&T office that handles 800 maintainence... L666 20/27: 800`s Name: Phantom Phreaker 46 Date: 1:31 pm Sun May 17, 1987 I don't know if I posted this or not, but not all 800 numbers terminate in a POTS number, some of them are in the format of (NPA)+1XX+XXXX, and these are the kind that are only dialable via the actual 800 number, or by someone using a blue box to trunk off a number within an NPA (toll office actually) that is subscribed to that 800 number. I had someone get me some translations once from a toll office in 617, you can get them by typing certain commands directly into the switch, something like: TEST-DSIG-INWATS-NPA NXX XXXX. ^D That's not right, but it's close. Phantom PS-MSP is almost as messy as Randy says. 21/27: Change numbers Name: Mad Hatter 51 Date: 8:18 pm Mon May 18, 1987 Is it possible to change your number by engineering an office? If so, which one? My guess would be RC MAC, but then again, what do I know? Bell Techie 22/27: Whats... Name: Slave Driver 58 Date: 10:27 am Tue May 19, 1987 NSAC? Steve Driver stupid definitions welcome, but so is a real one...thanks..| 23/27: NSAC...? Name: Phantom Phreaker 46 Date: 9:38 pm Tue May 19, 1987 Did you mean NESAC by any chance? I've never heard of NSAC but it probably exists, there are a bunch of telco offices that end in 'SAC' such as MSAC, ESAC, NESAC, and OSAC, and probably others I can't remember. I'll look around and see if I can find NSAC anywhere. Phantom 24/27: Offices Name: Doom Prophet 21 Date: 6:57 am Fri May 22, 1987 Well Phantom, OSAC isn't a Bell or AT&T office, it is a system for operator services support (I guess it stands for something like Operator Services Assistance Center). From there a person can get information for certain time periods on entire TSPS sites, such as how many calls were placed, etc, and a traffic analysis for day or night reports. The CLLI code is listed with the report I believe. CMAC is similar to RC-MAC (or so I thought) because when I was trying to get an 800 translation, the PBX attendant at the RTM in 312 referred me to them. They then asked me what switch it was for (the Xlation) and apparently misundererstood my request (I guess they thought I was asking for a DN or trunk translation). MSAC is for installation and testing of WATS lines butt don't give out Xlations (policy by the sound of it although it was probably just me). I have heard differently, soo I'm not sure on tht last one (MSAC's purpose, which I have been told NSAC does instead). Since 800's have gottenen 'advanced' I suppose the offices for testing could be on a national level, although MLT equipment when testing a number that has been reported as an 800 somehow accesses the actual translation or non standard BTN automatically. The A8FSC probably does WATS testing also, along with NASCAR (mainly used for traffic analysis from toll centers of 800 terminations to make sure the completion level is up to standard). TK, where is the ACP physically, just in the 4E itself? Do you know how the NCP receives incoming messages (the same as an initial message on CCIS, or CCS) and in what format? Also, what data links run to and from the NCP? Hope someone can answer my questions.. Doom 25/27: Sorry Name: Doom Prophet 21 Date: 7:02 am Fri May 22, 1987 To leave another post, but before anyone starts having a fit, I know the standard places for obtaining Translations, so please don't leave a thousand corrections on how the RTM has nothing to do with Xlations (I agree). Acttualy it was someone at the RWC who referred me to CMAC and not the RTM, I can't remember clearly anyway. 26/27: Shit... Name: Taran King 1 Date: 7:10 am Fri May 22, 1987 I don't have further specifications on the NCP database accessed from the ACP