M4phr1k's "Wall of Voodoo" This is the official home site of www.m4phr1k.com and acts as a companion site to the War Dialing, PBX, and Voicemail hacking sections in Hacking Exposed editions 2-6  My site is for and always has been dedicated to WHITE HAT War Dialers, PBX, and Voicemail Box testing specialists! The tools and techniques discussed here are to help you learn how to strengthen your security posture and is disclosure in full! Techniques shown here should be used at your own risk! "M4phr1k" (aka Stephan Barnes) I am currently VP of Sales of KRAA Security and Razient HISTORY ________________________________________________________________________________________________________ I was the original VP of Sales of Foundstone and left McAfee/Foundstone about 2 years after the McAfee acquistion Pictured here are some of the best minds I have had the pleasure to work with and you know who you are. The cumulative knowledge of this core group of people is what solidified Foundstone as a name that will forever be remembered. Many important people have come and gone after this initial group but it is very likely that without this catalyst of chemistry initially, things would be entirely different historically for Foundstone.  Pictured from Right to Left (all Foundstone employees of the time in July 2000 at Foundstone’s first Blackhat) Where are they now? George Clute – original angel investor and Chairman of the Board Stu McClure – SVP Risk and Compliance, McAfee Saumil Shah – Managing Principal Consultant - http://saumil.net/index.html Shreeraj Shah – Principal Consultant Kevin Mandia – CEO of Mandiant AD (Alan Deane) – VP Risk and Compliance, McAfee Eric Budke – Somewhere in NYC JD Glaser – NTObjectives Brian Lewis – Software Development Kurt Weiss – Unknown Gary Bahadur (back row high standing on fountain lip 1st left) – Chief Information Officer, KRAA Security George Kurtz – Worldwide EVP CTO of McAfee Matt Weiss – Unknown Clinton Mugge – CEO of Symosis Melanie Woodruff – Information Security Director, Experian North America Stephan Barnes – Ciphent (kneeling with the company rhetorically on my shoulders) Will Chan – in Hong Kong back to work Dane Skagen – Independent Jason Glassberg – President and co-founder of Casaba Security Chris Prosise – Relaxing in Stocks! Joel Scambray – Consciere LLC CC Robin Keir – Principal Software Architect McAfee _ After McAfee bought Foundstone in Oct 2004 I stayed on for about a year and a half and then I took a break for a while Since Foundstone I have worked for some of these great companies! Special Ops Security Mandiant M I wrote the War Dialing Sections in Hacking Exposed (now in its 6th Edition) ____________________________________ War Dialing, PBX, Voicemail hacking is my section – always has been since the 2nd Edition Many thanks to Stu, George, and Joel for letting me tap the lines so to speak M4phr1k's Wall of Voodoo provides additional techniques and explanations in addition to those already explained Dial-Up, PBX, and Voicemail hacking sections in the Hacking Exposed series of books. __________________________________________________ Hack Notes – I contributed to the chapter on War Dialing/PBX/hacking thanks to my good friend Clinton Mugge of Symosis, formerly C-Level Security  ---------------------------------------------------------------------------------------------------- Are you LOW TECH? I am when I need to be! Remember Procomm Plus? Check out my HOW TO get ProComm Plus Test Drive ready for use as an example for learning how to set up brute forcing DIAL-UP connections Remember though this is all VERY OLD SCHOOL now but that does not mean it may not apply! Remember, War Dialing, PBX and VMB hacking still work! --------------------------------------------------------------------------------------- PLEASE NOTE. PCPLUSTD is OLD, but VERY EFFICIENT. NEWER PROCOMM PLUS has MORE ASPECT COMMANDS (hence you can do more), But after a while you'll believe you can get by with these early versions because NONE OF THIS is that COMPLICATED! This simple concept is the foundation on how we Brute Force Dial Up connections! Learn the basics and you're on your way! ------------------------------------------------------------------------------------------------------------------- You don't need an air hammer to drive in a simple nail: When War Dialing match the technology to the technology When you are war dialing you might come up with a gambit of modem connections that are look odd and foreign - old school if you will. New school communications programs sometimes provide too much clutter and noise so going back to the old school is almost surefire and steady way to succeed. Case in point: I have seen a router that ToneLOC caught and dumped in the FOUND.log and when using the newer ProComm Plus 32 to go back and dial it up, it could not figure out the parity and chunked up the display. What to do? Go OLD SCHOOL: ProComm Plus Test Drive (the old demo version of ProComm Plus) Set it up and wa-la, you are generally ready to go (caveats apply) ------------------------------------------------------------------------------------------------------------------- Don't forget to test PBX and Voicemail systems like Seimens and Rolm ------------------------------------------------------------------------------------------------------------------- LOW LEVEL TECHNIQUES will get you every time! Stuff like KeyStroke Loggers from Keyghost.com ------------------------------------------------------------------------------------------------------------------- DISCLAIMER: The contents of these pages (in one form or another from multiple BBS's to multiple ISP's to where we are today have been maintained by myself, Stephan Barnes, aka M4phr1k from 1985 to (present) Has it been that long? Old Phreakers never die, the just lose a little tone ;> Stephan Barnes (M4phr1k) can be reached at StephanDBarnes@gmail.com |
