Gaining physical access to Server and Telecom rooms 
(v2.1)

~Wizbone '99 

--------------------------------------------------------------------------------

+-=[ Introduction ]=-+ 

Ever wonder what the network backbone of a hospital looked like? Have you ever
wanted to poke around in a company's telephone closet? Had the urge to take a
whack at the main terminal next to some corp's big server? Well, believe it or
not, it's probably the easiest thing you could do, provided you're prepared
with the right knowledge and equipment.  


+-=[ The run down ]=-+ 

Unfortunately, in this day and age, there is still no way to effectively make
groups of people work together efficiently. 

eg. Engineering and marketing departments. 

This includes security guards with contractors. There is no way to coordinate
an effort between these two groups of people to form an effective, standard
procedure to allow the contractors to do their work as well as keep the
location under a sure-fire blanket of security. Mainly, this is because
contractors are stubborn grunts, and security guards are stupid grunts. 

The main people who access communications closets (since server rooms and
telecom closets are so similar when it comes to access and can often be
one-in-the-same, I won't mention 'server rooms' very much here.) are Telco
guys. In other words, communications technicians -- in a sense, a type of
those contractor thingies I was talking about. These guys have to access
these telco rooms when they're installing fibre optics, telephone lines,
switches, etc. That's alot of power. Neat, eh? 

When working in a large skyscraper-like building, or what-not, a technician
will contact security for passes, keys, swipecards, or even just to let them
know that there's work to be done in the building. Oftentimes, security does
not ask for ID, a work order, or anything of that nature. That is, provided
the technician appears to be a legitimate outfit. 

In a situation such as this, security seems to be more help than anything =] 


/\/\/\/\/Wizbone's tip at a glance - Telco guys are often, but not always,
hired by a separate construction outfit which is doing renovations in the
building. If you can, find out if this is the case. If it is, you'll wanna
avoid employees from XYZ Construction like the clap, and if you run across
security, you work for XYZ. 


+-=[ What you need ]=-+ 

You need to know of a telephone or networking company, probably other than the
major telephone provider for your location, unless you've got the uniform,
persona, etc. The nice thing about living in a large urban area (you do, don't
you?) is that there are more communications companies out there than you can
shake a category 5 enhanced 4-pair unshielded twisted pair cable at. So,
either assume the identity of an employee at one of these, or invent your own.
Datacom or something to that nature is rather generic. See if you can't go
down to one of those $15 embroidery shops to have a shirt made if you want, or
make yourself a clip-on ID. But remember, try and make it look like you're
wearing a company issue uniform. Wallet chains, baggy pants, shorts, etc will
not pass. 


/\/\/\/\/Wizbone's tip at a glance - Don't carrry your tools in a backpack. To
some, this a no-brainer. To others (even some witless telco guys) it's beyond
comprehension that anything less than a tool case is NOT professional. Get a
cheap aluminum toolbox, or if you have one of those sexy, expensive,
indestructible black Jelco boxes, that's even better. Just try not to look
like a phreak... No pun intended. 


+-=[ Know the site ]=-+ 

See what the security is like at the building. If it's not a public office
building and you can't even get in to survey it, I recommend you avoid it
unless you REALLY want to get in for some reason. 

The easiest way to wander around, without attracting too much attention and
looking too suspicious is to pretend you're a bicycle courier. These guys
dress like a cross between a hardcore mountainbiker, and a gay kid who shops
at k-mart. Helmet, sunglasses, hoodie, sneakers, spandex pants, with cutoffs
over top. Just dress like this, carry a box, and pretend you're making a
delivery. 
 

+-=[ Things to look for ]=-+ 

Look for things like freight elevators (which can often allow you access to
floors which would otherwise be blocked off by card-access or other measures),
these are basically elevators that are grungy, and not easily found by the
public. Lots of immigrant janitors will be using these too, but don't ph33r,
they won't be bothering you, just smile. You may need a key to use these
elevators from some (or all) floors. Find out if there are cameras, and if
there are indeed some, keep track of where they are. Know where stairwells
are, and how many. What security is like - are there scads of patrols walking
around? Does the building have an on-site maintenance crew? If they do, do
they wander around alot? Do you think they'd harass you at all? Find the
telecom closets. Are they all stacked one-on-top of the other on each floor?
This makes things gravy since they're way easy to find on each floor. 
 

/\/\/\/\/Wizbone's tip at a glance - Keep an eye out for doors marked
"Unauthorized access prohibited", as well as doors marked "Alarm sounds when
door opened". Once you're inside under the ruse that you're there to do work,
these doors will be usable at your leisure. However, do watch that they aren't
REALLY alarmed. Though sometimes it's hard to tell, depending on which side of
the door has the sensors are on. Here's a suggestion from a dude at
phro@hotmail.com who's found a simple way to tell whether there are alarms or
not... 
       ___________________________________________________ ____
      /o/                                                /o/ \o\
      | |                                                | |  \ \
      |o| Since most technicians are carrying tools such |o|   |o|
      | | as linemans handsets and LAN analyzers, a      | |___/_/
      |o| multimeter can be carried in without much      |o|
      | | trouble.  Then all you do is take a length of  | |
      |o| speaker wire and coil it up into a loop about  |o|
      | | four times and approx. 30 - 40 cm's across.    | |
      |o| Then attach the wire to the meter and set it   |o|
      | | to read AC volts and wave the loop around the  | |
      |o| edges of the door. Then all you have to do is  |o|
      | | watch for spikes on the meter, as any magnetic | |
      |o| sensors will induce a slight current in the    |o|
      | | ring when the meter is set to its most         | |
      |o| sensitive setting.  You have to be careful     |o|
      | | though that you don't mistake the ambiant 60hz | |
    __|o| AC for a sensor.                               |o|___
   / _|_|________________________________________________|_|_ /
  /__________________________________________________________/

Well, phro's totally right on the money there with that idea. A multimeter is
a very commonly used tool in the telco trade, so there'd be no problem
carrying it around. In fact, another thought would be to use an inductive
amplifier (or often just called a 'probe'). This would do the job well too,
and all telco guys carry these for tracing cables. However, since they are
pricey, you might wanna just use phro's suggestion if you don't already own
one.


+-=[ Know what you want ]=-+ 

Know your goals when you get there. Do you want access to a switch? Any
switch, or a specific one? Do you wanna take down a network? Whatever it is,
make sure you know where it is, and what you're doing. Is it a lucent switch?
NorStar? Know the difference if you have to. The following are things you can
expect to find your average telco closet in a large office building: 

Almost for sure: 

-voice and data panels 
-lots of 4pr cat5, maybe cat3 cable 
-25+ pair cables 
-A switch or two 

Almost as for sure:

-fibre optic cables (pronounced "fih-bree op-teek cah-blays" -- Really...
 that's how it's said) 
-Data rack with hubs, routers, etc.
-Manuals
-Servers
-Tools
-Surplus computer hardware/software (mice, keyboards, OS cdroms, etc)

Rarely: 

-Candy 
-Emmanuel Goldstein =] 

 
+-=[ What you do ]=-+ 

Basically, it can be as simple as walking into a building, and just doing
whatever you want or as complicated as having to go through multiple security
checks. 

Here's a run-through of your average situation: 

*Step one: Enter building. This is a tough one. Find the appropriate entrance
 into the main floor of the building. Once you find it, follow the
 instructions on the door as to whether you PUSH or PULL. You may luck out and
 find automatic doors. 

*Step two: v1) Go straight to work. That's right, make a bee-line to your
 telco closet and start the fun. OR, v2) go to security, pretend you're legit,
 sign in, get keys, cards, etc... THEN GOTO v1. 

*Step three: Uh... I guess that's it. Look legit, get out fast.

 
/\/\/\/\/Wizbone's tip at a glance - One more thing to watch out for is nosy
employees. I've encountered situations where I'll be working away, and some
chick will walk in on me, "who are you? And what are you doing in our
telephone closet?" Well, in this situation, the building had all of it's comm
closets stacked upon one another so fibre, etc could be run straight up
through them to all the floors. I just told her I was feeding fibre down the
building. That was good enough for her. Sometimes they'll even think you're
supposed to be doing work for them personally, and ask you to reprogram their
handsets or fix their computers. It's pretty funny, but kinda annoying. You
can just tell them you're not authorized to anything out of your scope of
work. Unless you want to take advantage of the situation and get passcodes
and such.

It might even be a good idea to print-out a fake work order, just in case.
I've never had a problem with this, but you might want to be prepared. All
you need is a company name, a scope of work, and the rest is up to your
imagination. Don't make it look like a receipt.


+-=[ Wrapping up ]=-+ 

Leave your area clean. It might be a good idea to check out of the building
too. Yes, as tantalizing as it may be to keep those keys, and that pass, just
remember, it's always at that desk waiting for you. While if you keep it, a
picture/description of you may be waiting there instead. 

Remember, just because it sounds easy in text, doesn't mean it will be. To be
successful, it will take lots of luck, lots of confidence, a little social
engineering experience, but most of all it will take preparation. This file
is the best I can do, but probably the best you could ask for as far as guides
for this sort of thing go.

I'll continue to add to this file as I see fit, or as I recieve suggestions I
deem helpful.

--------------------------------------------------------------------------------

Endz. 
10/28/1999
revised 12/26/1999
2nd revision 01/06/2000