TUCoPS :: Phreaking Voice Mail :: augsbu~1.txt

Meridian Mail Guide: Augsburg College, Minneapolis MN 





      'Meridian Mail Guide; Augsburg College, Minneapolis, MN'



                  "I've got your pokèmon, so there."


^-^
Date: Monday December 20, 1999
Written by: The Clone

^-^

--

1. Prologue

2. Augsburg College - Campus Information

3. Augsburg College - Meridian Box Directions

4. Access - Bypassing the Password Prompt    

5. Dial In Port - Locating / System Options  

6. Conclusion - General Review / Wrap-up   

7. Contact - URL / E-mail / Voice-mail

8. Credits 

--

[Prologue;]

     
  The last time I wrote a comprehensive document on the 'Meridian Mail'
system was July 22, 1999. The document was called 'Meridian Mail rls.12'.
In the file I spoke about release twelve features, exchange skanning, 
VMB hacking, commands/options, and creation of distribution lists.

I've found that Meridian Mail rls.12 is used mainly by large companies     
because of its versatility, easy-to-use mail options, and compatibility
with mainstream PBX/PABX's on the market.

We're probably all aware that companies use various types of voice mail 
systems (i.e. Meridian Mail, Audix, One Connect, Skytel, etc.), and we're    
also aware that these systems are highly insecure. What then happens
is these systems are exploited, documents are written, more company 
systems are discovered, and a literal looping process occurs.

Unfortunately because this obvious trend, most of us ignore the fact 
that there are other party's who do run insecure voice mail systems. 
These particular "organizations" are a target waiting to be found. 

Close to all Canadian and American educational institutions have
some sort of a "voice-mail" box system set-up. In this document,
I'll be giving insight to one College Meridian Mail system that  
is desperately in need of some "fine tuning". 

--

[Augsburg College - Campus Information;]


 Augsburg College is a private, four-year co-educational liberal arts
college affiliated with the Evangelical Lutheran Church in America. It 
is located in Minneapolis, Minnesota and is situated on approximately
ten city blocks in the heart of the metropolitan area.

Its mailing address is:

  Augsburg College
2211 Riverside Avenue
Minneapolis, MN, USA 
       55454
  
Telephone: (612) 330-1000 
FAX (612) 330-1649
email: webmaster@augsburg.edu

--

[Augsburg College - Meridian Box Directions;] 


 One particularly amusing thing about Augsburg College, is that on
their web-site they give *specific* step by step instructions for 
students and staff on how to use their Meridian Voice-mail System. 

These instructions can be accessed by anyone in the world. By simply
visiting www.augsburg.edu, anyone can potentially compromise this
college's security. Giving specific data on a voice-mail system to 
students and staff is one thing, but allowing it to be accessed by
billions of people is absolutely ridiculous.
 
The following has been taken from the College's own site:

Voice Mail Features: 
--------------------
   
+ A tutorial will assist with feature prompts once you have 
  logged on to the system. 

+ Access to voice mail is possible from any location (on or off campus) 
  with a touch-tone telephone set. 
    
+ Voice mail will automatically pick-up after the fourth ring. 

1. Log-on Procedure 
-------------------

+ Enter 1600 (on-campus); 612-330-1600 (off-campus) 

+ Enter extension followed by # 

+ Enter password followed by # 

Now you are logged on to your voice mail box and the system will 
inform you of any new messages in chronological order.
 
2. Playing your Messages 
------------------------    

+ Log-on to your voice mail box by using the Log-on Process. 

+ Enter 2 to hear any new messages 

+ Enter 6 to go to the next message 

+ Enter 4 to return to the previous message 

3. Deleting Messages 
--------------------    

+ Enter 76 to delete messages. 

+ All messages that have listened to will be deleted after 4 days. 

+ If you do not listen to your messages, they will remain in your 
  mailbox indefinitely. 

4. Recording External Greeting 
------------------------------    

+ Log-on to your voice mail box (step 1 above). 

+ Enter 82 

+ Enter I to record your external greeting (greeting for off-campus calls) 

+ Enter 5 to start recording, wait for tone, then speak. 

+ When you have finished recording press, press # 

+ To listen to your greeting, enter 2 

+ If you do not like a greeting and would like to delete it, enter 
  76 after listening to the greeting. 

+ When you are done recording, enter 83 to log off of the voice mail system. 

5. Express Messaging: 
---------------------

+ Allows a caller to leave a message in someone's voice mailbox without 
  directly calling that person on their phone. 

+ On campus Enter 1605; off-campus enter 612-330-1605 

+ Enter the mailbox number of the person for whom you want to leave a 
  message, followed by # 

+ After the prompt and record tone, leave your message, press # when 
  finished 

+ Exit voice mail system by entering 83 

6. Password Change: (Passwords must be 4-16 digits long) 
--------------------------------------------------------

+ Log-on (step 1) 

+ Enter 84 

+ Enter the new password followed by # (you will be asked to enter it twice) 

+ Enter the old password followed by the # to verify the change 

7. Personal Verification:  
----------------------------------------------------------------------

This a recording of your name and department affiliation 
used by the system in place of your mailbox number. 
It is very helpful for people using Express Messaging.
 
+ Log-on (step 1) 

+ Enter 89 

+ Wait for the tone and speak your name and department affiliation/title 

+ To stop and check the new recording, press # 

+ Log off by entering 83 when you are satisfied with recording 

8. Voice Mail Shortcut: 
-----------------------
To leave a message without listening to a length greeting, 
press 5 as soon as you hear the start of a greeting. 
At the tone begin recording your message. 



                       'The Brief Tutorial' 


+ Meridian Mail has a tutorial that will assist with feature prompts 
  once you have logged on to the system. 

+ Access to voice mail is possible from any location (on- or off-campus) 
  with a touch-tone telephone set. 

+ Incoming calls will be automatically routed to voice mail after the 
  4th ring when on the telephone with another call. 

+ The incoming call will be directly routed to your voice mail box. 

+ Voice mail will automatically record the date and time of each call as 
  well as the location of the call. 

+ Voice mail boxes are programmed to automatically delete all "opened" 
  messages after 4 days. 

+ Opened messages include those messages that have been listened to, 
  but not yet deleted by the user. 

 [This is very useful for intruders who want to eavesdrop
 on students and/or staff who rarely check their mailboxes.]   
  
+ Call-waiting and answering machines are not feasible with the voice 
  mail system.


	  'Additional Meridian Voice-mail information'


Voice mail will automatically disable when:
-------------------------------------------

+ User has entered the wrong password. 

+ User has incorrectly logged on to the system. 

+ Voice mail boxes will disable on the 5th consecutive attempt. 

+ If you are unable to log on by the 2nd attempt, hang up, 
  verify the password, and follow log-on directions. 
   
  [Why thank you! Now I know what to do in order 
  to successfully brute-force hack your mailboxes.]

+ If your voice mail box does become disabled, contact the IT help 
  desk at ext. 1044. 

+ The voice mail box will be re-enabled at the earliest possible 
  convenience.


                      'The Stutter Tone'

Stutter Tone:
-------------

+ Voice mail will record a "stutter tone" to alert you to new 
  messages in your voice mail box. 

+ You will hear this stutter tone when you pick up your telephone 
  handset. 

+ At this point you can either log-on to voice mail, 
  or dial through (the stutter tone) to place a call if you do not 
  wish to check your messages.

                    
                         'Log-Off Process'

Log-Off Process:
----------------

+ When finished with the voice mail system, press 83. 
 (This will ensure that Meridian Mail has been properly disconnected.)

+ If you are experiencing problems with your voice mail box or the 
  voice mail system please send an email to help@augsburg.edu or call 
  612-330-1044 for help.   

--

[Access - Bypassing the Password Prompt;]


Hacking into any Voice Mail Box can be easy if you know
what you're doing. Generally when you run into a Meridian Mail System,
you will hear the account users temporary greeting. 
To bypass this nonsense, simply press the * key. 

Now you should be asked to enter your password or passcode (same deal).
Out of the goodness of my heart, I have listed the most commonly used
Meridian voice-mail passwords;

*1#, bx#, 0000#, 1111#, 2222#, 1234#, 9999#

(note: # is the button you press when you finish entering the password)

-- 

[Dial In Port - Locating / System Options;]  
        

There is a possibility that Augsburg College may a Dial In Port  
of some kind because of the large number (in the thousands) of
voice-mail accounts on the campus.

One possibility of finding a Dial In Port, would be to wardial
the 612-330-xxxx prefix. A wardialer would simply scan from
612-330-0000 to 612-330-9999 in suffixial order logging all
carriers.

If Augsburg College does happen to have a Dial In Port, 
they are always (from my experience) 2400 baud modem carriers.

The Dial In Ports give no prompts because you're required to
press ctrl-W. That's it! You're not asked for a login or password.

This will give you a menu with two options to
choose from. The options are:

CONSOLE and MMI (Man Machine Interface).

+ If you select CONSOLE, you'll get system administration powers.
  (Talk about an ego booster, eh?)  

+ If you select MMI, immediately a Meridian Mail logo ASCII drawing
  will appear. From there you'll need to press F1 to logon to the system. 
  
I won't get into the options too much because that's something you'll
need to figure out for yourself. Besides, if I told you everything
you might not be tempted to wardial or skan for the Dial In Port. ;-p

--

[Conclusion - General Review / Wrap-up]

   
 Looking back at all the step-by-step instructions Augsburg College
made available to everyone, it's quite clear that the people running
the campus' Meridian Mail system are not concerned with privacy and
security.

If they cannot properly secure their voice-mail system, then there
must be a lot more out there to exploit. Try using some of the methods 
I stated above and see what you can find. You'll be surprised what is
out there if you simply just take the time to explore.

--

[Contact - URL / E-mail]


+ URL: http://nettwerk.hypermart.net

+ E-mail: webmaster@nettwerk.hypermart.net

--

[Credits;]


I'd like to give credit to Dominique Duval for taking the time 
to put the Meridian Mail HTML document in text format, and
for passing the information on.




				A
			N E T T W E R K E D
			   P R O D U C T

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH