Jump to content


Photo
- - - - -

hotel voicemail hacking


  • Please log in to reply
4 replies to this topic

#1 StankDawg

StankDawg

    same old Dawg, no new tricks

  • Moderating Team
  • 8,073 posts
  • Country:
  • Gender:Male

Posted 26 August 2011 - 04:42 PM

Cleaning up the hack cave continued...

Came across another paper that I had saved from a business trip to El Paso Texas. I stayed at a Hilton there and the phone instruction card caught my interest. Besides the basic how to use voicemail and how to dial long distance, I notice this at the bottom:

To retrieve messages from outside hotel, dial hotel, ask for extension 599 then dial 8 + room number


So does it just dump you to the voicemail system without a password? All it asks is the room number? Can this be true? Maybe once you get transferred it still prompts you for a password or maybe you can spoof a number to it to bypass?

Anyway, throwing the paper away but sharing it for those who are interested. Maybe other Hiltons work the same way?

#2 ThoughtPhreaker

ThoughtPhreaker

    BinRev veteran

  • Members
  • 1,228 posts
  • Gender:Male

Posted 26 August 2011 - 06:46 PM

This is interesting, there's a Hilton that's a stone's throw from where I'll be later. Guess I'll have to experiment a little :) . The one in question I'm talking about uses a Nortel PBX, which generally, is pretty secure when it comes to voicemail. If you remember the number I posted in the defcon thread, though, similar equipment in a hospitality configuration is a little less secure.

I remember someone pointed out to me that on the NEC PBX at Hotel Penn, if you dialed 9 plus the room number at the auto-attendant, you'd immediately log into the guest's mailbox. There was no option to give it a passcode, but there was one to give them a wakeup call. They've recently either completely overhauled the PBX configuration or replaced it with a newer generation NEC, though, so your mileage may vary.

As for spoofing, I dunno. Unless you're passing through a DISA, the PBX will probably be wise to the fact that you're not calling from inside the hotel. Even then, I don't think it relies on ANI to tell what phone you're physically calling from.

#3 Afterm4th

Afterm4th

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 403 posts
  • Country:
  • Gender:Male
  • Location:way up north eh

Posted 30 September 2011 - 07:56 PM

Was it the Hilton at 111 West University Avenue, El Paso, TX (800) 483-0115 ‎

or was it DoubleTree by Hilton Hotel El Paso Downtown/City Center, 600 North El Paso Street, El Paso, TX, (915) 532-8733

#4 StankDawg

StankDawg

    same old Dawg, no new tricks

  • Moderating Team
  • 8,073 posts
  • Country:
  • Gender:Male

Posted 14 October 2011 - 09:41 AM

Was it the Hilton at 111 West University Avenue, El Paso, TX (800) 483-0115 ‎

or was it DoubleTree by Hilton Hotel El Paso Downtown/City Center, 600 North El Paso Street, El Paso, TX, (915) 532-8733

It was right at the airport... I had a look and it doesn't seem to still be a Hilton. It looks like it is now called "GuestHouse Suites" if I remember the location. It was a few years ago. Keep in mind this was an old note laying around in my office.

#5 Infinite51

Infinite51

    SUP3R 31337

  • Members
  • 155 posts
  • Location:Chicago, IL

Posted 28 November 2011 - 09:34 AM

It's impossible to say it will work at every chain of hotels such as the Hilton chain of hotels. Many hotels have different PBX systems, services, ect. So what works at one, does not necessarily work at all of them. If you’re really curious, try it and see for yourself if it still works with a particular hotels PBX system.




BinRev is hosted by the great people at Lunarpages!