4 replies to this topic

[StankDawg]

Cleaning up the hack cave continued...

Came across another paper that I had saved from a business trip to El Paso Texas. I stayed at a Hilton there and the phone instruction card caught my interest. Besides the basic how to use voicemail and how to dial long distance, I notice this at the bottom:

To retrieve messages from outside hotel, dial hotel, ask for extension 599 then dial 8 + room number

So does it just dump you to the voicemail system without a password? All it asks is the room number? Can this be true? Maybe once you get transferred it still prompts you for a password or maybe you can spoof a number to it to bypass?

Anyway, throwing the paper away but sharing it for those who are interested. Maybe other Hiltons work the same way?

[ThoughtPhreaker]

This is interesting, there's a Hilton that's a stone's throw from where I'll be later. Guess I'll have to experiment a little . The one in question I'm talking about uses a Nortel PBX, which generally, is pretty secure when it comes to voicemail. If you remember the number I posted in the defcon thread, though, similar equipment in a hospitality configuration is a little less secure.

I remember someone pointed out to me that on the NEC PBX at Hotel Penn, if you dialed 9 plus the room number at the auto-attendant, you'd immediately log into the guest's mailbox. There was no option to give it a passcode, but there was one to give them a wakeup call. They've recently either completely overhauled the PBX configuration or replaced it with a newer generation NEC, though, so your mileage may vary.

As for spoofing, I dunno. Unless you're passing through a DISA, the PBX will probably be wise to the fact that you're not calling from inside the hotel. Even then, I don't think it relies on ANI to tell what phone you're physically calling from.

[Afterm4th]

Was it the Hilton at 111 West University Avenue, El Paso, TX (800) 483-0115 ‎

or was it DoubleTree by Hilton Hotel El Paso Downtown/City Center, 600 North El Paso Street, El Paso, TX, (915) 532-8733

[StankDawg]

Was it the Hilton at 111 West University Avenue, El Paso, TX (800) 483-0115 ‎

or was it DoubleTree by Hilton Hotel El Paso Downtown/City Center, 600 North El Paso Street, El Paso, TX, (915) 532-8733

It was right at the airport... I had a look and it doesn't seem to still be a Hilton. It looks like it is now called "GuestHouse Suites" if I remember the location. It was a few years ago. Keep in mind this was an old note laying around in my office.

[Infinite51]

It's impossible to say it will work at every chain of hotels such as the Hilton chain of hotels. Many hotels have different PBX systems, services, ect. So what works at one, does not necessarily work at all of them. If you’re really curious, try it and see for yourself if it still works with a particular hotels PBX system.