Zines/phrack/34/6.txt

                                ==Phrack Inc.==

                Volume Three, Issue Thirty-four, File #6 of 11


                           HACKING VOICE MAIL SYSTEMS

                               by  Night Ranger


DISCLAIMER

I, Night Ranger, or anyone else associated with Phrack, am not responsible
for anything the readers of this text may do.  This file is for informational
and educational purposes only and should not be used on any system or network
without written permission of the authorized persons in charge.


INTRODUCTION

I decided to write this text file because I received numerous requests for
vmbs from people.  Vmbs are quite easy to hack, but if one doesn't know where
to start it can be hard.  Since there aren't any decent text files on this
subject, I couldn't refer them to read anything, and decided to write one
myself.  To the best of my knowledge, this is the most complete text on
hacking vmb systems.  If you have any comments or suggestions, please let me
know.

Voice Mail Boxes (vmbs) have become a very popular way for hackers to get in
touch with each other and share information.  Probably the main reason for
this is their simplicity and availability.  Anyone can call a vmb regardless
of their location or computer type.  Vmbs are easily accessible because most
are toll free numbers, unlike bulletin boards.  Along with their advantages,
they do have their disadvantages.  Since they are easily accessible this
means not only hackers and phreaks can get information from them, but feds
and narcs as well.  Often they do not last longer than a week when taken
improperly.  After reading this file and practicing the methods described,
you should be able to hack voice mail systems with ease.  With these thoughts
in mind, let's get started.


FINDING A VMB SYSTEM

The first thing you need to do is find a VIRGIN (unhacked) vmb system.  If
you hack on a system that already has hackers on it, your chance of finding
a box is considerably less and it increases the chance that the system
administrator will find the hacked boxes.  To find a virgin system, you need
to SCAN some 800 numbers until you find a vmb.  A good idea is to take the
number of a voice mail system you know, and scan the same exchange but not
close to the number you have.


FINDING VALID BOXES ON THE SYSTEM

If you get a high quality recording (not an answering machine) then it is
probably a vmb system.  Try entering the number 100, the recording should
stop.  If it does not, you may have to enter a special key (such as '*' '#'
'8' or '9') to enter the voice mail system.  After entering 100 it should
either connect you to something or do nothing.  If it does nothing, keep
entering (0)'s until it does something.  Count the number of digits you
entered and this will tell you how many digits the boxes on the system are.
You should note that many systems can have more than one box length depending
on the first number you enter, Eg. Boxes starting with a six can be five
digits while boxes starting with a seven can only be four.  For this file we
will assume you have found a four digit system, which is pretty common.  It
should do one of the following things...

1)  Give you an error message, Eg. 'Mailbox xxxx is invalid.'
2)  Ring the extension and then one of the following..
    1)  Someone or no one answers.
    2)  Connects you to a box.
3)  Connect you to mailbox xxxx.

If you get #1 then try some more numbers.  If you get #2 or #3 then you have
found a valid vmb (or extension in the case of 2-1).  Extensions usually have
a vmb for when they are not at their extension.  If you get an extension,
move on.  Where you find one box you will probably find more surrounding it.
Sometimes a system will try to be sneaky and put one valid vmb per 10 numbers.
Eg. Boxes would be at 105, 116, 121, ... with none in between.  Some systems
start boxes at either 10 after a round number or 100 after, depending on
whether it is a three or four box system.  For example, if you do not find
any around 100, try 110 and if you do not find any around 1000 try 1100.  The
only way to be sure is to try EVERY possible box number.  This takes time but
can be worth it.

Once you find a valid box (even if you do not know the passcode) there is a
simple trick to use when scanning for boxes outside of a vmb so that it does
not disconnect you after three invalid attempts.  What you do is try two box
numbers and then the third time enter a box number you know is valid.  Then
abort ( usually by pressing (*) or (#) ) and it will start over again.  From
there you can keep repeating this until you find a box you can hack on.


FINDING THE LOGIN SEQUENCE

Different vmb systems have different login sequences (the way the vmb owner
gets into his box).  The most common way is to hit the pound (#) key from the
main menu.  This pound method works on most systems, including Aspens (more
on specific systems later).  It should respond with something like 'Enter
your mailbox.' and then 'Enter your passcode.'  Some systems have the
asterisk (*) key perform this function.  Another login method is hitting a
special key during the greeting (opening message) of the vmb.  On a Cindy or
Q Voice Mail system you hit the zero (0) key during the greet and since
you've already entered your mailbox number it will respond with 'Enter your
passcode.'  If (0) doesn't do anything try (#) or (*).  These previous two
methods of login are the most common, but it is possible some systems will
not respond to these commands.  If this should happen, keep playing around
with it and trying different keys.   If for some reason you cannot find the
login sequence, then save this system for later and move on.


GETTING IN

This is where the basic hacking skills come to use.  When a system
administrator creates a box for someone, they use what's called a default
passcode.  This same code is used for all the new boxes on the system, and
often on other systems too.  Once the legitimate owner logs into his new vmb,
they are usually prompted to change the passcode, but not everyone realizes
that someone will be trying to get into their mailbox and quite a few people
leave their box with the default passcode or no passcode at all.  You should
try ALL the defaults I have listed first.


DEFAULTS           BOX NUMBER      TRY

box number (bn)    3234            3234        Most Popular
bn backwards       2351            1532        Popular
bn+'0'             323             3230        Popular With Aspens

Some additional defaults in order of most to least common are:

4d        5d        6d
0000      00000     000000    *MOST POPULAR*
9999      99999     999999    *POPULAR*
1111      11111     111111    *POPULAR*
1234      12345     123456    *VERY POPULAR WITH OWNERS*
4321      54321     654321
6789      56789     456789
9876      98765     987654
2222      22222     222222
3333      33333     333333
4444      44444     444444
5555      55555     555555
6666      66666     666666
7777      77777     777777
8888      88888     888888
1991


It is important to try ALL of these before giving up on a system.  If none of
these defaults work, try anything you think may be their passcode.  Also
remember that just because the system can have a four digit passcode the vmb
owner does not have to have use all four digits.  If you still cannot get
into the box, either the box owner has a good passcode or the system uses a
different default.  In either case, move on to another box.  If you seem to
be having no luck, then come back to this system later.  There are so many
vmb systems you should not spend too much time on one hard system.

If there's one thing I hate, it's a text file that says 'Hack into the
system.  Once you get in...' but unlike computer systems, vmb systems really
are easy to get into.  If you didn't get in, don't give up!  Try another
system and soon you will be in.  I would say that 90% of all voice mail
systems have a default listed above.  All you have to do is find a box with
one of the defaults.


ONCE YOU'RE IN

The first thing you should do is listen to the messages in the box, if there
are any.  Take note of the dates the messages were left.  If they are more
than four weeks old, then it is pretty safe to assume the owner is not using
his box.  If there are any recent messages on it, you can assume he is
currently using his box.  NEVER take a box in use.  It will be deleted soon,
and will alert the system administrator that people are hacking the system.
This is the main reason vmb systems either go down, or tighten security.  If
you take a box that is not being used, it's probable no one will notice for
quite a while.


SCANNING BOXES FROM THE INSIDE

>From the main menu, see if there is an option to either send a message to
another user or check receipt of a message.  If there is you can search for
VIRGIN (unused) boxes) without being disconnected like you would from
outside of a box.  Virgin boxes have a 'generic' greeting and name.  Eg.
'Mailbox xxx' or 'Please leave your message for mailbox xxx...'   Write down
any boxes you find with a generic greeting or name, because they will
probably have the default passcode.  Another sign of a virgin box is a name
or greeting like 'This mailbox is for ...' or a women's voice saying a man's
name and vice versa, which is the system administrator's voice.  If the box
does not have this feature, simply use the previous method of scanning boxes
from the outside.  For an example of interior scanning, when inside an Aspen
box, chose (3) from the main menu to check for receipt.  It will respond with
'Enter box number.'  It is a good idea to start at a location you know there
are boxes present and scan consecutively, noting any boxes with a 'generic'
greeting.  If you enter an invalid box it will alert you and allow you to
enter another.  You can enter invalid box numbers forever, instead of the
usual three incorrect attempts from outside a box.


TAKING A BOX

Now you need to find a box you can take over.  NEVER take a box in use; it
simply won't last.  Deserted boxes (with messages from months ago) are the
best and last the longest.  Take these first.  New boxes have a chance of
lasting, but if the person for whom the box was created tries to login,
you'll probably lose it.  If you find a box with the system administrator's
voice saying either the greeting or name (quite common), keeping it that way
will prolong the box life, especially the name.

This is the most important step in taking over a box!  Once you pick a box take
 over, watch it for at least three days BEFORE changing anything!  Once
you think it's not in use, then change only the passcode, nothing else!
Then login frequently for two to three days to monitor the box and make sure
no one is leaving messages in it.  Once you are pretty sure it is deserted,
change your greeting to something like 'Sorry I'm not in right now, please
leave your name and number and I'll get back to you.'  DO NOT say 'This is
Night Ranger dudes...' because if someone hears that it's good as gone.  Keep
your generic greeting for one week.  After that week, if there are no
messages from legitimate people, you can make your greeting say whatever you
want.  The whole process of getting a good vmb (that will last) takes about
7-10 days, the more time you take the better chance you have of keeping it
for long time.  If you take it over as soon as you get in, it'll probably
last you less than a week.  If you follow these instructions, chances are it
will last for months.  When you take some boxes, do not take too many at one
time.  You may need some to scan from later.  Plus listening to the messages
of the legitimate users can supply you with needed information, such as the
company's name, type of company, security measures, etc.


SYSTEM IDENTIFICATION

After you have become familiar with various systems, you will recognize them
by their characteristic female (or male) voice and will know what defaults
are most common and what tricks you can use.  The following is a few of a few
popular vmb systems.

ASPEN is one of the best vmb systems with the most features.  Many of them
will allow you to have two greetings (a regular and an extended absence
greeting), guest accounts, urgent or regular messages, and numerous other
features.  Aspens are easy to recognize because the female voice is very
annoying and often identifies herself as Aspen.  When you dial up an Aspen
system, sometimes you have to enter an (*) to get into the vmb system.  Once
you're in you hit (#) to login.  The system will respond with 'Mailbox number
please?'  If you enter an invalid mailbox the first time it will say 'Mailbox
xxx is invalid...' and the second time it will say 'You dialed xxx, there is
no such number...'  and after a third incorrect entry it will hang up.  If
you enter a valid box, it will say the box owner's name and 'Please enter
your passcode.'  The most common default for Aspens is either box number or
box number + (0).  You only get three attempts to enter a correct box number
and then three attempts to enter a correct passcode until it will disconnect
you.  From the main menu of an Aspen box you can enter (3) to scan for other
boxes so you won't be hung up like you would from outside the box.

CINDY is another popular system.  The system will start by saying 'Good
Morning/Afternoon/Evening.  Please enter the mailbox number you wish...' and
is easy to identify.  After three invalid box entries the system will say
'Good Day/Evening!' and hang up.  To login, enter the box number and during
the greet press (0) then your passcode.  The default for ALL Cindy systems is
(0).  From the main menu you can enter (6) to scan for other boxes so you
won't be hung up.  Cindy voice mail systems also have a guest feature, like
Aspens.  You can make a guest account for someone, and give them
password, and leave them messages.  To access their guest account, they just
login as you would except they enter their guest passcode.  Cindy systems
also have a feature where you can have it call a particular number and
deliver a recorded message.  However, I have yet to get this feature to work
on any Cindy boxes that I have.

MESSAGE CENTER is also very popular, especially with direct dials.  To login
on a Message Center, hit the (*) key during the greet and the system will
respond with 'Hello <name>.  Please enter your passcode.'  These vmbs are
very tricky with their passcode methods.  The first trick is when you enter
an invalid passcode it will stop you one digit AFTER the maximum passcode
length.  Eg. If you enter 1-2-3-4-5 and it gives you an error message you enter
 the fifth digit, that means the system uses a four digit passcode,
which is most common on Message Centers.  The second trick is that if you enter
an invalid code the first time, no matter what you enter as the second passcode
it will give you an error message and ask again.  Then if you entered the
correct passcode the second and third time it will let you login.  Also, most
Message Centers do not have a default, instead the new boxes are 'open' and
when you hit (*) it will let you in.  After hitting (*) the first time to
login a box you can hit (*) again and it will say 'Welcome to the Message
Center.' and from there you can dial other extensions.  This last feature can
be useful for scanning outside a box.  To find a new box, just keep entering
box numbers and hitting (*) to login.  If it doesn't say something to the
effect of welcome to your new mailbox then just hit (*) again and it will
send you back to the main system so you can enter another box.  This way you
will not be disconnected.  Once you find a box, you can enter (6) 'M'ake a
message to scan for other boxes with generic names.  After hitting (6) it
will ask for a mailbox number.  You can keep entering mailbox numbers until
you find a generic one.  Then you can cancel your message and go hack it out.


Q VOICE MAIL is a rather nice system but not as common.  It identifies itself
'Welcome to Q Voice Mail Paging' so there is no question about what system it
is.  The box numbers are usually five digits and to login you enter (0) like
a Cindy system.  From the main menu you can enter (3) to scan other boxes.

There are many more systems I recognize but do not know the name for them.
You will become familiar with these systems too.


CONCLUSION

You can use someone else's vmb system to practice the methods outlined above,
but if you want a box that will last you need to scan out a virgin system.
If you did everything above and could not get a vmb, try again on another
system.  If you follow everything correctly, I guarantee you will have more
vmbs than you know what to do with.  When you start getting a lot of them, if
you are having trouble, or just want to say hi be sure to drop me a line on
either of my internet addresses, or leave me a voice mail message.

NOTE:  Some information was purposely not included in this file to prevent
abuse to various systems.


                               Night Ranger
                        gbatson@clutx.clarkson.edu

                 1-800-666-2336  Box 602  (After Business Hours)
                 1-800-435-2008  Box 896  (After Business Hours)
_______________________________________________________________________________
1st import into tree 2016-12-14 22:07:35 +00:00			`==Phrack Inc.==`

			`Volume Three, Issue Thirty-four, File #6 of 11`


			`HACKING VOICE MAIL SYSTEMS`

			`by Night Ranger`


			`DISCLAIMER`

			`I, Night Ranger, or anyone else associated with Phrack, am not responsible`
			`for anything the readers of this text may do. This file is for informational`
			`and educational purposes only and should not be used on any system or network`
			`without written permission of the authorized persons in charge.`


			`INTRODUCTION`

			`I decided to write this text file because I received numerous requests for`
			`vmbs from people. Vmbs are quite easy to hack, but if one doesn't know where`
			`to start it can be hard. Since there aren't any decent text files on this`
			`subject, I couldn't refer them to read anything, and decided to write one`
			`myself. To the best of my knowledge, this is the most complete text on`
			`hacking vmb systems. If you have any comments or suggestions, please let me`
			`know.`

			`Voice Mail Boxes (vmbs) have become a very popular way for hackers to get in`
			`touch with each other and share information. Probably the main reason for`
			`this is their simplicity and availability. Anyone can call a vmb regardless`
			`of their location or computer type. Vmbs are easily accessible because most`
			`are toll free numbers, unlike bulletin boards. Along with their advantages,`
			`they do have their disadvantages. Since they are easily accessible this`
			`means not only hackers and phreaks can get information from them, but feds`
			`and narcs as well. Often they do not last longer than a week when taken`
			`improperly. After reading this file and practicing the methods described,`
			`you should be able to hack voice mail systems with ease. With these thoughts`
			`in mind, let's get started.`


			`FINDING A VMB SYSTEM`

			`The first thing you need to do is find a VIRGIN (unhacked) vmb system. If`
			`you hack on a system that already has hackers on it, your chance of finding`
			`a box is considerably less and it increases the chance that the system`
			`administrator will find the hacked boxes. To find a virgin system, you need`
			`to SCAN some 800 numbers until you find a vmb. A good idea is to take the`
			`number of a voice mail system you know, and scan the same exchange but not`
			`close to the number you have.`


			`FINDING VALID BOXES ON THE SYSTEM`

			`If you get a high quality recording (not an answering machine) then it is`
			`probably a vmb system. Try entering the number 100, the recording should`
			`stop. If it does not, you may have to enter a special key (such as '*' '#'`
			`'8' or '9') to enter the voice mail system. After entering 100 it should`
			`either connect you to something or do nothing. If it does nothing, keep`
			`entering (0)'s until it does something. Count the number of digits you`
			`entered and this will tell you how many digits the boxes on the system are.`
			`You should note that many systems can have more than one box length depending`
			`on the first number you enter, Eg. Boxes starting with a six can be five`
			`digits while boxes starting with a seven can only be four. For this file we`
			`will assume you have found a four digit system, which is pretty common. It`
			`should do one of the following things...`

			`1) Give you an error message, Eg. 'Mailbox xxxx is invalid.'`
			`2) Ring the extension and then one of the following..`
			`1) Someone or no one answers.`
			`2) Connects you to a box.`
			`3) Connect you to mailbox xxxx.`

			`If you get #1 then try some more numbers. If you get #2 or #3 then you have`
			`found a valid vmb (or extension in the case of 2-1). Extensions usually have`
			`a vmb for when they are not at their extension. If you get an extension,`
			`move on. Where you find one box you will probably find more surrounding it.`
			`Sometimes a system will try to be sneaky and put one valid vmb per 10 numbers.`
			`Eg. Boxes would be at 105, 116, 121, ... with none in between. Some systems`
			`start boxes at either 10 after a round number or 100 after, depending on`
			`whether it is a three or four box system. For example, if you do not find`
			`any around 100, try 110 and if you do not find any around 1000 try 1100. The`
			`only way to be sure is to try EVERY possible box number. This takes time but`
			`can be worth it.`

			`Once you find a valid box (even if you do not know the passcode) there is a`
			`simple trick to use when scanning for boxes outside of a vmb so that it does`
			`not disconnect you after three invalid attempts. What you do is try two box`
			`numbers and then the third time enter a box number you know is valid. Then`
			`abort ( usually by pressing (*) or (#) ) and it will start over again. From`
			`there you can keep repeating this until you find a box you can hack on.`


			`FINDING THE LOGIN SEQUENCE`

			`Different vmb systems have different login sequences (the way the vmb owner`
			`gets into his box). The most common way is to hit the pound (#) key from the`
			`main menu. This pound method works on most systems, including Aspens (more`
			`on specific systems later). It should respond with something like 'Enter`
			`your mailbox.' and then 'Enter your passcode.' Some systems have the`
			`asterisk (*) key perform this function. Another login method is hitting a`
			`special key during the greeting (opening message) of the vmb. On a Cindy or`
			`Q Voice Mail system you hit the zero (0) key during the greet and since`
			`you've already entered your mailbox number it will respond with 'Enter your`
			`passcode.' If (0) doesn't do anything try (#) or (*). These previous two`
			`methods of login are the most common, but it is possible some systems will`
			`not respond to these commands. If this should happen, keep playing around`
			`with it and trying different keys. If for some reason you cannot find the`
			`login sequence, then save this system for later and move on.`


			`GETTING IN`

			`This is where the basic hacking skills come to use. When a system`
			`administrator creates a box for someone, they use what's called a default`
			`passcode. This same code is used for all the new boxes on the system, and`
			`often on other systems too. Once the legitimate owner logs into his new vmb,`
			`they are usually prompted to change the passcode, but not everyone realizes`
			`that someone will be trying to get into their mailbox and quite a few people`
			`leave their box with the default passcode or no passcode at all. You should`
			`try ALL the defaults I have listed first.`


			`DEFAULTS BOX NUMBER TRY`

			`box number (bn) 3234 3234 Most Popular`
			`bn backwards 2351 1532 Popular`
			`bn+'0' 323 3230 Popular With Aspens`

			`Some additional defaults in order of most to least common are:`

			`4d 5d 6d`
			`0000 00000 000000 MOST POPULAR`
			`9999 99999 999999 POPULAR`
			`1111 11111 111111 POPULAR`
			`1234 12345 123456 VERY POPULAR WITH OWNERS`
			`4321 54321 654321`
			`6789 56789 456789`
			`9876 98765 987654`
			`2222 22222 222222`
			`3333 33333 333333`
			`4444 44444 444444`
			`5555 55555 555555`
			`6666 66666 666666`
			`7777 77777 777777`
			`8888 88888 888888`
			`1991`


			`It is important to try ALL of these before giving up on a system. If none of`
			`these defaults work, try anything you think may be their passcode. Also`
			`remember that just because the system can have a four digit passcode the vmb`
			`owner does not have to have use all four digits. If you still cannot get`
			`into the box, either the box owner has a good passcode or the system uses a`
			`different default. In either case, move on to another box. If you seem to`
			`be having no luck, then come back to this system later. There are so many`
			`vmb systems you should not spend too much time on one hard system.`

			`If there's one thing I hate, it's a text file that says 'Hack into the`
			`system. Once you get in...' but unlike computer systems, vmb systems really`
			`are easy to get into. If you didn't get in, don't give up! Try another`
			`system and soon you will be in. I would say that 90% of all voice mail`
			`systems have a default listed above. All you have to do is find a box with`
			`one of the defaults.`


			`ONCE YOU'RE IN`

			`The first thing you should do is listen to the messages in the box, if there`
			`are any. Take note of the dates the messages were left. If they are more`
			`than four weeks old, then it is pretty safe to assume the owner is not using`
			`his box. If there are any recent messages on it, you can assume he is`
			`currently using his box. NEVER take a box in use. It will be deleted soon,`
			`and will alert the system administrator that people are hacking the system.`
			`This is the main reason vmb systems either go down, or tighten security. If`
			`you take a box that is not being used, it's probable no one will notice for`
			`quite a while.`


			`SCANNING BOXES FROM THE INSIDE`

			`>From the main menu, see if there is an option to either send a message to`
			`another user or check receipt of a message. If there is you can search for`
			`VIRGIN (unused) boxes) without being disconnected like you would from`
			`outside of a box. Virgin boxes have a 'generic' greeting and name. Eg.`
			`'Mailbox xxx' or 'Please leave your message for mailbox xxx...' Write down`
			`any boxes you find with a generic greeting or name, because they will`
			`probably have the default passcode. Another sign of a virgin box is a name`
			`or greeting like 'This mailbox is for ...' or a women's voice saying a man's`
			`name and vice versa, which is the system administrator's voice. If the box`
			`does not have this feature, simply use the previous method of scanning boxes`
			`from the outside. For an example of interior scanning, when inside an Aspen`
			`box, chose (3) from the main menu to check for receipt. It will respond with`
			`'Enter box number.' It is a good idea to start at a location you know there`
			`are boxes present and scan consecutively, noting any boxes with a 'generic'`
			`greeting. If you enter an invalid box it will alert you and allow you to`
			`enter another. You can enter invalid box numbers forever, instead of the`
			`usual three incorrect attempts from outside a box.`


			`TAKING A BOX`

			`Now you need to find a box you can take over. NEVER take a box in use; it`
			`simply won't last. Deserted boxes (with messages from months ago) are the`
			`best and last the longest. Take these first. New boxes have a chance of`
			`lasting, but if the person for whom the box was created tries to login,`
			`you'll probably lose it. If you find a box with the system administrator's`
			`voice saying either the greeting or name (quite common), keeping it that way`
			`will prolong the box life, especially the name.`

			`This is the most important step in taking over a box! Once you pick a box take`
			`over, watch it for at least three days BEFORE changing anything! Once`
			`you think it's not in use, then change only the passcode, nothing else!`
			`Then login frequently for two to three days to monitor the box and make sure`
			`no one is leaving messages in it. Once you are pretty sure it is deserted,`
			`change your greeting to something like 'Sorry I'm not in right now, please`
			`leave your name and number and I'll get back to you.' DO NOT say 'This is`
			`Night Ranger dudes...' because if someone hears that it's good as gone. Keep`
			`your generic greeting for one week. After that week, if there are no`
			`messages from legitimate people, you can make your greeting say whatever you`
			`want. The whole process of getting a good vmb (that will last) takes about`
			`7-10 days, the more time you take the better chance you have of keeping it`
			`for long time. If you take it over as soon as you get in, it'll probably`
			`last you less than a week. If you follow these instructions, chances are it`
			`will last for months. When you take some boxes, do not take too many at one`
			`time. You may need some to scan from later. Plus listening to the messages`
			`of the legitimate users can supply you with needed information, such as the`
			`company's name, type of company, security measures, etc.`


			`SYSTEM IDENTIFICATION`

			`After you have become familiar with various systems, you will recognize them`
			`by their characteristic female (or male) voice and will know what defaults`
			`are most common and what tricks you can use. The following is a few of a few`
			`popular vmb systems.`

			`ASPEN is one of the best vmb systems with the most features. Many of them`
			`will allow you to have two greetings (a regular and an extended absence`
			`greeting), guest accounts, urgent or regular messages, and numerous other`
			`features. Aspens are easy to recognize because the female voice is very`
			`annoying and often identifies herself as Aspen. When you dial up an Aspen`
			`system, sometimes you have to enter an (*) to get into the vmb system. Once`
			`you're in you hit (#) to login. The system will respond with 'Mailbox number`
			`please?' If you enter an invalid mailbox the first time it will say 'Mailbox`
			`xxx is invalid...' and the second time it will say 'You dialed xxx, there is`
			`no such number...' and after a third incorrect entry it will hang up. If`
			`you enter a valid box, it will say the box owner's name and 'Please enter`
			`your passcode.' The most common default for Aspens is either box number or`
			`box number + (0). You only get three attempts to enter a correct box number`
			`and then three attempts to enter a correct passcode until it will disconnect`
			`you. From the main menu of an Aspen box you can enter (3) to scan for other`
			`boxes so you won't be hung up like you would from outside the box.`

			`CINDY is another popular system. The system will start by saying 'Good`
			`Morning/Afternoon/Evening. Please enter the mailbox number you wish...' and`
			`is easy to identify. After three invalid box entries the system will say`
			`'Good Day/Evening!' and hang up. To login, enter the box number and during`
			`the greet press (0) then your passcode. The default for ALL Cindy systems is`
			`(0). From the main menu you can enter (6) to scan for other boxes so you`
			`won't be hung up. Cindy voice mail systems also have a guest feature, like`
			`Aspens. You can make a guest account for someone, and give them`
			`password, and leave them messages. To access their guest account, they just`
			`login as you would except they enter their guest passcode. Cindy systems`
			`also have a feature where you can have it call a particular number and`
			`deliver a recorded message. However, I have yet to get this feature to work`
			`on any Cindy boxes that I have.`

			`MESSAGE CENTER is also very popular, especially with direct dials. To login`
			`on a Message Center, hit the (*) key during the greet and the system will`
			`respond with 'Hello <name>. Please enter your passcode.' These vmbs are`
			`very tricky with their passcode methods. The first trick is when you enter`
			`an invalid passcode it will stop you one digit AFTER the maximum passcode`
			`length. Eg. If you enter 1-2-3-4-5 and it gives you an error message you enter`
			`the fifth digit, that means the system uses a four digit passcode,`
			`which is most common on Message Centers. The second trick is that if you enter`
			`an invalid code the first time, no matter what you enter as the second passcode`
			`it will give you an error message and ask again. Then if you entered the`
			`correct passcode the second and third time it will let you login. Also, most`
			`Message Centers do not have a default, instead the new boxes are 'open' and`
			`when you hit () it will let you in. After hitting () the first time to`
			`login a box you can hit (*) again and it will say 'Welcome to the Message`
			`Center.' and from there you can dial other extensions. This last feature can`
			`be useful for scanning outside a box. To find a new box, just keep entering`
			`box numbers and hitting (*) to login. If it doesn't say something to the`
			`effect of welcome to your new mailbox then just hit (*) again and it will`
			`send you back to the main system so you can enter another box. This way you`
			`will not be disconnected. Once you find a box, you can enter (6) 'M'ake a`
			`message to scan for other boxes with generic names. After hitting (6) it`
			`will ask for a mailbox number. You can keep entering mailbox numbers until`
			`you find a generic one. Then you can cancel your message and go hack it out.`


			`Q VOICE MAIL is a rather nice system but not as common. It identifies itself`
			`'Welcome to Q Voice Mail Paging' so there is no question about what system it`
			`is. The box numbers are usually five digits and to login you enter (0) like`
			`a Cindy system. From the main menu you can enter (3) to scan other boxes.`

			`There are many more systems I recognize but do not know the name for them.`
			`You will become familiar with these systems too.`


			`CONCLUSION`

			`You can use someone else's vmb system to practice the methods outlined above,`
			`but if you want a box that will last you need to scan out a virgin system.`
			`If you did everything above and could not get a vmb, try again on another`
			`system. If you follow everything correctly, I guarantee you will have more`
			`vmbs than you know what to do with. When you start getting a lot of them, if`
			`you are having trouble, or just want to say hi be sure to drop me a line on`
			`either of my internet addresses, or leave me a voice mail message.`

			`NOTE: Some information was purposely not included in this file to prevent`
			`abuse to various systems.`


			`Night Ranger`
			`gbatson@clutx.clarkson.edu`

			`1-800-666-2336 Box 602 (After Business Hours)`
			`1-800-435-2008 Box 896 (After Business Hours)`
			`_______________________________________________________________________________`