Jump to content


Photo
- - - - -

Phreaking is still a valuable skill!

PBX Phreak Social Engineering Headhunting

  • Please log in to reply
2 replies to this topic

#1 gaudmaud

gaudmaud

    Will I break 10 posts?

  • Members
  • 2 posts
  • Gender:Male

Posted 25 February 2013 - 09:21 PM

Hello there,

 

 

I am a headhunter/recruiter that was recently exposed to this world. 

 

Name collecting is something we continually need to do in order to have a potential candidate pool to draw from. We do this via social engineering. Calling into companies, pretending to be someone else, and trying to obtain names of people who have relevant skills for positions we are working on. This is very time consuming and inefficient, but necessary. This is done basically via exchange scanning. We also map out departments as we go as well. Sometimes we encounter dial by name directories on PBX's which are useful for obtaining transfers/extensions if you know a name, but I haven't discovered any other way to exploit this. I personally target about 15 asset management companies who have offices in Tokyo, all of which use various PBX systems like Audix and Cisco.

 

Can anyone think of a way streamline the name collecting process? Is there a way to exploit a PBX for this information? Any ideas would be greatly appreciated. We currently have an entire office dedicated to this name collecting process. I would be happy to compensate anyone who can help to make this effort more efficient. In a perfect world, there would be a way to obtain entire company phone lists.



#2 chronomex

chronomex

    mad 1337

  • Members
  • 134 posts
  • Location:LATA 674 NPA 206

Posted 27 February 2013 - 12:03 AM

http://thecodelesscode.com/case/7



#3 ThoughtPhreaker

ThoughtPhreaker

    BinRev veteran

  • Members
  • 1,201 posts
  • Gender:Male

Posted 27 February 2013 - 12:41 AM

In a perfect world, there would be a way to obtain entire company phone lists.

 

It's a few steps short of a perfect world, I'm afraid. There are VMSes that will list all the names by pressing # at the directory prompt, but I've never seen an Audix or Cisco Unity VMS do it. There's many different software revisions out there though, your mileage may vary.







Also tagged with one or more of these keywords: PBX, Phreak, Social Engineering, Headhunting

BinRev is hosted by the great people at Lunarpages!