Pwnd2Pwnr Posted October 3, 2012 Share Posted October 3, 2012 (edited) As most of you probably already know, that you can spoof your name, callerid, and telephone number so as it appears as whatever you want it to. I have been receiving calls from MDOC (Michigan Department of Corrections) and it asks if I want to accept the call. This, I am sure, is a SE deployment. What is the first thing you think of when you get a collect call nowadays? I think I may have had a friend in jail so I should accept it, right? Wrong... I have had these calls and the person making the call gives there name FIRST. The collect voice will say, "You have a collect call from (name of caller), do you wish to accept these charges.... This number has no such thing and just asks to accept the charges. I Googled the number and about 30 people have had the same call, yet when they call the police station, the reception officer has no clue what they are talking about. So, I am not very keen on my Vonage setup, although the oxidit tool worked out of box retrieving the RTP (I think that is the right protocol, correct me if I am wrong, please) conversation. My question is, with MY OWN NETWORK, how could I get some vengeance bestowed to these assholes? They are attempting to do something malicious, I think. So, what tool could from BT5 could traceroute this number? Is there such a tool to despoof? Ya'll are great... keep on truckin', keep on hackin'. Edited October 3, 2012 by Pwnd2Pwnr Quote Link to comment Share on other sites More sharing options...
murder_face Posted October 3, 2012 Share Posted October 3, 2012 I had an annoying telemarketer that would call me constantly even after I pressed "2" to remove myself from their list. One day I decided to have some fun with them. So I pressed "1" to talk to a representative. At first, I let them think that I was intrested in their crappy vehicle warranty that they wanted to sell to me, then out of nowhere I changed gears on the guy and got hostile. Instead of hanging up on me, the guy got hostile back and basically wanted to fight me and ended up giving me the name and address of the company he worked for and wanted me to meet him in the parking lot. Which happened to be in a city right next to me not Colorado like my CID said. Back then I didn't really care about repurcussions so I drove down one Saturday, put on my hardhat, snazzy yellow vest, and my tool bags. "hacked" the lock to their electrical room which also contained the punch down block to their phone system and put about 50 flashing christmas lights on their system(I remembered reading somewhere that it would wreak havoc on the lines). Part of me wanted to get nastier and chop up an extension cord and splice in 120v to the phone system. I just wish I could have seen the look on the phone company guys face...... I know that you are in a similar situation as me in the legal sense, and I would never do this now or recommend any else do this. All I am suggesting is to have some fun with the guys do a little recon and maybe post whatever you can find out for other people to have fun with. Quote Link to comment Share on other sites More sharing options...
murder_face Posted October 3, 2012 Share Posted October 3, 2012 On a more realistic note, have you looked into an Asterisk server? Quote Link to comment Share on other sites More sharing options...
Pwnd2Pwnr Posted October 3, 2012 Author Share Posted October 3, 2012 LOL... that is hilarious. I just want to trace there VoiP and peek around... I just need to do some more spelunking... Tom Mabe makes me laugh... but these bastards are ruthless. But, I am still wondering why I have to accept a charge to receive a call... it sounds like some type of hook or something. Quote Link to comment Share on other sites More sharing options...
Pwnd2Pwnr Posted October 3, 2012 Author Share Posted October 3, 2012 (edited) I am browsing them now... :) mmm mmm mmm... pbx! Edited October 3, 2012 by Pwnd2Pwnr Quote Link to comment Share on other sites More sharing options...
digip Posted October 3, 2012 Share Posted October 3, 2012 (edited) I know mitnick had some kind of service he used through his asterisk setup, that basically decloaks all calls, whether they be unknown caller, or 1800 numbers, he can basically see who it is, even if they use a phone number spoofing service, which surprisingly there are a lot of them form what I hear. He did a talk I think at Hope about how to set that up. The video is on youtube somewhere, which is where I heard about it and watched him give a live demo. HD Moore also has a tool(not sure of public or not, forget) that basically maps voip systems and can listen in on conference calls, etc, once you hook into the companies network. Of course, this would be something you would need in your SLA when doing a pentest on a company, and any other use of it would more than likely land you in jail for wiretapping laws. Edited October 3, 2012 by digip Quote Link to comment Share on other sites More sharing options...
Pwnd2Pwnr Posted October 3, 2012 Author Share Posted October 3, 2012 (edited) Thanks yall... BTW, site looks great... digip I am merely trying to catch the pricks that keep on calling me... I once acted like a detective at a crime scene (Tom Mabe the comedian did the same thing) and asked the marketer how they knew the person, where they lived, and why they are calling. After they explained they were a collection company, I told them that is what they all say and that I need to speak to their supervisor immediately... in which they then hung up... classic... Edited October 3, 2012 by Pwnd2Pwnr Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.