Title : Social Engineering
Author : various
==Phrack Inc.==
Volume Two, Issue 20, File 8 of 12
Metal Shop Private's -- Social Engineering
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This was a subboard similar to the Phreak/Hack Sub but it concerned the art of
social engineering or bullshitting to get information.
1/27: CAROT/RC-MAC
Name: Phantom Phreaker 46
Date: 2:46 am Sun Apr 26, 1987
The numbers before/after CAROT are the generic and version.. for instance
2CAROT3 is CAROT 2, generic 3. The highest I have seen is 2CAROT4, but there
are probably more. Also a number that refers to a CAROT system could also be
it's particular number, if there is more than one in a particular area.
RC-MAC (Recent Change Memory Administration Center) is a place where a clerk
enters information into an electronic switching system via a Recent Change
terminal. The information changed can be a variety of things, but things like
Class of Service, CCF's, EA Interlata Carriers (called a PIC, Primary
Independent Carrier, I believe, something along those lines), etc. Data that
is to perform Recent Changes upon an ESS switch is screened by a computer
system called RMAS (Remote Memory Administration System) for validity. RMAS is
generally running under a unix OS.
A few actual Recent Changes look something like this:
RC:LINE;CHG:
ORD XXXXXXX
TRC
!
That is an RC upon a line, to change something. The TRC is TRaCe, I think,
and the ! is needed for some reason.
You can also have:
RC:MLHG;CHG: (RC upon a Multi Line Hunt Group); RC:MPTY;TWPTY: (RC upon a
Multi Party line, a 2 party line)
Oh yeah, those examples I typed in might be wrong, I don't memorize them or
anything so don't sue me if they aren't right. Also they are for a 1AESS.
Phantom
2/27: Bah..
Name: Phantom Phreaker 46
Date: 2:54 am Sun Apr 26, 1987
(Sorry to post two in a row...)
Hatter, RC-MAC does have COSMOS access, at least they have a login prefix
assigned as 'RECENT CHANGE', which is RCxx, where the xx is two numbers. Theyy
don't seem to logged on that often though. Some other systems they may have
access to include RC/V, Recent Change annd Verify, I don't understand RC/V
that much, but RC/V has channels into electronic offices, just like RC
channels. RMAS is access to an RC channel.
PS-I'm open for corrections..I'm not 100% sure about all this shit either.
Phantom
3/27: Bell Security
Name: Knight Lightning
Date: 7:14 pm Thu Apr 30, 1987
What would you have to do and who would you have to call and what would you
have to say etc to find out about anything being on your line that you didn't
want (hint hint)?
:Knight Lightning
4/27: (3232232
Name: Doom Prophet 21
Date: 4:57 pm Fri May 01, 1987
Try your CO (they would know if a DNR was there of course), or for CLID marked
numbers, your SCC switch controller. They won't always read you the CT06
though (heh)..
5/27: Yeah but
Name: Knight Lightning 2
Date: 10:17 am Sat May 02, 1987
Who would you say that you are, why would you be calling, and what would you
ask to find out if it was there?
:Knight Lightning
6/27: RC-MAC
Name: Mad Hatter 51
Date: 3:12 pm Wed May 06, 1987
RC-MAC.. are they any good for engineering? If so, for what? Thanks... Also,
what are the functions of MMOC?
-Hatter
7/27: RC-MAC
Name: Taran King 1
Date: 5:58 pm Wed May 06, 1987
The Recent Change Memory Administration Center is the place at which orders
are put in to do changes to subscriber lines, etc. It is a very useful
office, but this all depends on what you want to get done. I believe they
have access to RC terminals (makes sense anyway...) so you could get then to
complete any RC transaction that you wished to have done provided that you've
got a good excuse. Hope that helps a bit..
-TK
8/27: CT reports
Name: Control C 8
Date: 9:07 pm Wed May 06, 1987
Here's something you may be intrested in:
Report Reason for Report
------ -----------------
CT01 To print information pertaining to a line trace requested by an input
message.
CT02 To indicate that this message contains information pertaining to a
line trace requested by an input message.
CT03 To indicate that an interoffice or outgoing seven-digit call has been
placed form a directory number to another directory number.
CT04 To indicate that the incoming call has been placed to the indicated
directory number from a trunk. The trunk network number (TNN) is
given. Translation information for the called directory number or
the terminating directory number indicated that a trace should be
made of all calls to this number.
CT05 Indicates thatan outgoing ten digit call has been placed from
directory number to another directory number. A check of the
Calling Line Identification (CLID) list indicates that a trace of
all calls to this ten-digit number should be made.
CT06 To print the contents of the CLID list in response to input message
CI-LIST or as the result of an error being detected in a CLID entry
by audit 32. The audit will remove the directory number in which the
error was found. If CLID list in printed in responce to a TTY
message, then it will be a priority of SCHED and an 'A' will print
out with the header. If CLID list is printed as a result of an error
found by the audit an 'M' will print out with the header since it
will be a priority of MAN.
If anyone want to know any other output reports let me know..
Control
9/27: SCCS
Name: Mad Hatter 51
Date: 11:18 am Thu May 07, 1987
What is the difference between SCCS and TSPS SCCS? Is it that TSPS SCCS is
used by TSPS only? That sounds logical, but I wasn't sure anyway. Anyone
ever hear of Network Administration? What are they good(used) for?
Questions, questions, questions....
-Hatter
10/27: NAC/CT0X reports
Name: Phantom Phreaker 46
Date: 10:58 pm Thu May 07, 1987
Network Administration is also known as the NAC, Network Administration
Center, also called Dial Assignment. They are located in the BOC building, I
believe, along with the LAC (Loop Assignment Center) and SSC (Special Service
Center) and a few others. The NAC basically deal with new lines being put in,
they do things like figure out how to evenly distribute the number of lines so
there won't be any shortage, and things like that, it's similar to the LAC but
I don't know any big differences in the two right now.
Ctrl C, where did you get the CT0X message summaries? Pretty good info
though, but I can say that I have only seen a CT06 (when I pulled it up), a
CT04, and a CT03 message. CT04 ID's a TNN (as he said) connected through the
destination ESS to a particular DN. It can then be determined the general area
of where the call is coming from from the TNN. But there is differences if you
are calling over interoffice trunks (local calls) or tandem trunks, or long
haul, or inter-LATA...
Phantom
11/27: Offices, systems
Name: Doom Prophet 21
Date: 5:21 pm Tue May 12, 1987
Ok, for all you D00ds, here's some really hot classified information on Telco
offices and the systems they use for maitenance functions. If you run into a
problem engineering, simply say you are from any of the following offices. I
will go into a brief description of each below. Enjoy!
FUCK-Facilities Utilization Control Kitchen. A really hot office. They keep
backups of all systems per a LATA, or in special cases, the entire BOC area,
along with user logs and passwords. They use the CUNTLICK system to interface
with SHIT, explained momentarily. They ar difficult to reach as no one knows
their number, and anyone calling it has to enter a special queue dispenser
where he enters routing information to reach the FUCK ACD. The FUCK
technicians answer as normal subscribers and you have to tell them a codeword.
PENIS-Plant Engineering Network Information System. Used by the PMS to deal
with outside plant details and layout maps.
CUNTLICK-Computer Utilities Network In the Control Kitchen. Used to sensor
with SHIT.
SHIT-Supreme Hardware Inventory Totals. Self explanatory.
CRAP-Customer Repair Analysis Service. They use PENIS to supply PMS with info.
PISS-Primary Intertoll Switching Servicemen. Corrdinate classes 1 through 4
toll offices and monitor the STP's.
BITCH-Building Installation Table Channel. Used by SHIT technicians to obtain
new switch and office status.
SCAB-Switching Cable Analysis Burea. They work with PMS for trunk testing and
maintenance. The systems they use are FART and DOPAMINE.
Well, that's about all! Oh, don't forget BASTARD (Box Accessible System To Aid
Real D00ds). A special in band NPA with full OSC support for blue boxers to
experiment within legally (only operating in special areas).
That's all! Hope it helped!!!1
12/27: MORE!!
Filename: c:msgs\A-26730.1
Name: Phantom Phreaker 46
Date: 7:29 pm Tue May 12, 1987
You forgot a few:
DOGSHIT-Division Operations Group SHIT (see above post). DOGSHIT is like SHIT,
except that DOGSHIT is in a division.
CATPISS-Centralized Automatic Tandem Priorities Interexchange Support System.
Self-explanitory.
BEER-Bell Electrical Engineering Research
COOL-Computerized Operations On Loops
Ah well, mine weren't near as good but at least I tried.
Phantom
13/27: Yet still more...
Name: Taran King 1
Date: 8:58 pm Tue May 12, 1987
Hey now, hey now, that was sheer incompetence...leaving out the following!
BOOGER - Bell Operational Office for Generation of ESS Reports. Self
Explanitory
STAN - Spanish Tacos And Nachos. This support group, Californian based,
maintains food services for all superior employees (all employees).
NATE - Nacho And Taco Emissary. This department secretly interfaces STAN with
the rest of the network due to the STAN group's inability to fit in with
society. **Due to divestiture, NATE and STAN are no longer part of the
network**
IL DUCE - Not an acronym, but the janitorial services department of the
network.
PUMPKIN - Peripheral Unit Modulator Phor Kitchen Installations of NATE. This
group is in charge of interfacing kitchen activities through Project Genesis.
See RAPE.
BRRR-RING - The official word for the sound an AT&T phone makes receiving an
incoming call.
BANANA - Basic Analog Network Analog Network Analog (No wonder they went
digital!!!).
RAPE - Red Afro-PUMPKIN Enthusiast. This group, led by Peter, cheers IL DUCE
while he sweeps the floors.
SCOOP - Secondary Command Output Only Procedure. This converts all text to
lower case. It is a function used in most Bell computers along with LEX.
LEX - Lengthy Explanitory Xlations. This program, found alongside SCOOP,
converts all lowercase text, from SCOOP, into upper case and 40 columns
surrounded by "$"s.
** Warning! Never leave SCOOP and LEX running simultaneously or you will
surely cause L666 to occur. **
L666 - The warning message generated by computers indicating endless Loops of
conflicting jobs. This also indicates that everything is fucked. See LOKI.
LOKI - Life Over-Kill Inscentive. If you find this error message on your
computer, do not reboot the computer, but be sure to reboot something (HINT
HINT!).
This is a work of fiction. Names, characters, places and identities are
either products of the author's imagination or are used ficticiously. If you
notice any resemblence to actual events or persons, living or dead, don't come
to us.
Bill and Taran
Feeling obnoxious
Feeling 7-UP
Banana flavored
Using the Randy-Voice-Machine (Ha ha!)
P.S. Bill says, "Hi" to his Uncle Al.
14/27: Who Could Forget......
Filename: c:msgs\A-26724.1
Name: The Disk Jockey 13
Date: 7:10 am Wed May 13, 1987
SNATCH-Senses Nodes And Traps Code Hackers
TITS-Telephone Involved in Tandom Skipping
PUBIC-Plastered Uniforms Brought Inside Co......an employee infraction
RAD-Recieve Ananlog Department
DISC-Deadbeats Instinctively Scanning for Carriers
LAP-Local Area Payphone
Or use the codewords that Linemen and Telco employees use....
This Means This
-------- -----------------
"OHFUCKNIGS" "I'm trapped in a phone booth in a black neighborhood"
"FIDOFUCK" "A customer's pet dog has me trapped up a pole"
"HOMEBONE" "I got laid while doing a customer's installation"
"SNOOZEBOX" "I'm sleeping, bust saying I'm fixing little green boxes"
The list goes on......
15/27: Phrack 15
Name: Knight Lightning 2
Date: 5:42 pm Wed May 13, 1987
Looks to me that between the multitude of humorous posts on subs 2 and 4 we
need another Phrack joke issue.
:Knight Lightning
16/27: Where were these when?
Name: Mad Hatter 51
Date: 6:11 am Fri May 15, 1987
Where were these ancronyms when Phrack 13 was out? None the less, I'm only
posting this to say "Banana" to Bill...
-Hatter
God damn line noise!
One more thing, don't expect to talk to me voice for a while(week), I "had an
accident", and the result was 6 stitches in my inner upper lip... Hiho..
17/27: Ok
Name: Doom Prophet 21
Date: 4:49 pm Fri May 15, 1987
Howdy Dowdy, if you like them, buffer them and save them for a rainy day, or
put them in a future issue (or a section of PWN to illustrate the great great
users of MSP and our |ool senses of humor in a world full of manual brained
users who try to out elite each other consantly for no real reason
.
^Forgot the period up there. The Chinese men would show worm movies out of
their penises onto the wall, which really wasn't a wall, but a little girl who
would blow her nose and discover her horror at seeing specks of blood in her
snot, and the TV screen would dance around the green bean on the couch, which
was itself watching TV out of a reflection his eyes which were glassed over
from toxic fumes emanatinng from his oven, which came from the TV antenna
before it came out his ass at 5 am.
>From blind eye sees all, sort of
18/27: 800 Numbers....
Filename: c:msgs\A-26685.1
Name: The Mad Hacker 47
Date: 10:57 pm Fri May 15, 1987
A Dumb Question:
Is there anyway that you can do anything to 800 numbers? I.e. MB's, etc.
Can you CNA an 800 Watts or do you have to locate their regular number(Should
they have one). I ask this because Fallwell shoudl burn!
The Mad Hacker
19/27: 800's
Name: Lucifer 666 43
Date: 2:07 am Sun May 17, 1987
I imagine that you would have to get the POTS number from X-tended 800
services and then get the SCC for the POTS... Maybe the 800 number could be
taken down for a while or disconnected by getting the AT&T office that handles
800 maintainence...
L666
20/27: 800`s
Name: Phantom Phreaker
46
Date: 1:31 pm Sun May 17, 1987
I don't know if I posted this or not, but not all 800 numbers terminate in
a POTS number, some of them are in the format of (NPA)+1XX+XXXX, and these are
the kind that are only dialable via the actual 800 number, or by someone using
a blue box to trunk off a number within an NPA (toll office actually) that is
subscribed to that 800 number. I had someone get me some translations once
from a toll office in 617, you can get them by typing certain commands
directly into the switch, something like:
TEST-DSIG-INWATS-NPA NXX XXXX. ^D
That's not right, but it's close.
Phantom
PS-MSP is almost as messy as Randy says.
21/27: Change numbers
Name: Mad Hatter 51
Date: 8:18 pm Mon May 18, 1987
Is it possible to change your number by engineering an office? If so, which
one? My guess would be RC MAC, but then again, what do I know?
Bell Techie
22/27: Whats...
Name: Slave Driver 58
Date: 10:27 am Tue May 19, 1987
NSAC?
Steve Driver
stupid definitions welcome, but so is a real one...thanks..|
23/27: NSAC...?
Name: Phantom Phreaker 46
Date: 9:38 pm Tue May 19, 1987
Did you mean NESAC by any chance? I've never heard of NSAC but it probably
exists, there are a bunch of telco offices that end in 'SAC' such as MSAC,
ESAC, NESAC, and OSAC, and probably others I can't remember. I'll look around
and see if I can find NSAC anywhere.
Phantom
24/27: Offices
Name: Doom Prophet 21
Date: 6:57 am Fri May 22, 1987
Well Phantom, OSAC isn't a Bell or AT&T office, it is a system for operator
services support (I guess it stands for something like Operator Services
Assistance Center). From there a person can get information for certain time
periods on entire TSPS sites, such as how many calls were placed, etc, and a
traffic analysis for day or night reports. The CLLI code is listed with the
report I believe.
CMAC is similar to RC-MAC (or so I thought) because when I was trying to get
an 800 translation, the PBX attendant at the RTM in 312 referred me to them.
They then asked me what switch it was for (the Xlation) and apparently
misundererstood my request (I guess they thought I was asking for a DN or
trunk translation). MSAC is for installation and testing of WATS lines butt
don't give out Xlations (policy by the sound of it although it was probably
just me). I have heard differently, soo I'm not sure on tht last one (MSAC's
purpose, which I have been told NSAC does instead). Since 800's have gottenen
'advanced' I suppose the offices for testing could be on a national level,
although MLT equipment when testing a number that has been reported as an 800
somehow accesses the actual translation or non standard BTN automatically.
The A8FSC probably does WATS testing also, along with NASCAR (mainly used for
traffic analysis from toll centers of 800 terminations to make sure the
completion level is up to standard). TK, where is the ACP physically, just in
the 4E itself? Do you know how the NCP receives incoming messages (the same as
an initial message on CCIS, or CCS) and in what format? Also, what data links
run to and from the NCP? Hope someone can answer my questions..
Doom
25/27: Sorry
Name: Doom Prophet 21
Date: 7:02 am Fri May 22, 1987
To leave another post, but before anyone starts having a fit, I know the
standard places for obtaining Translations, so please don't leave a thousand
corrections on how the RTM has nothing to do with Xlations (I agree). Acttualy
it was someone at the RWC who referred me to CMAC and not the RTM, I can't
remember clearly anyway.
26/27: Shit...
Name: Taran King 1
Date: 7:10 am Fri May 22, 1987
I don't have further specifications on the NCP database accessed from the ACP