How to Hack a PBX An Original Text File by Bungalow Bill President/Founder, the Center for the Study of Viral Pathology Ok, as phreaking continues to become more of a hazard, safer ways of obtaining free calls are highly sought after. A while back, a friend of mine gave me a PBX, and it has lasted ever since. But the more I used it, the more I wanted others, just in case the other went down. Therefore, I created my own method for finding, hacking, and using various other PBX's (Private Branch eXchanges). A PBX quite simply, is a company owned service that allows employee's or anyone with the correct code, to call Long Distance and speak with others as far away as China. These PBX's generally do not contain anything like ANI, or tracing methods, so they are more the likely safer then hacking codes. PBX's serve other purposes such as to allow intra-building paging and PA system use. Finding the codes to access the PA system can be fun/useful too. Some owner's pay a flat fee for the PBX because of the sheer number of legitimate calls made on the services by employees. This is great for the PBX hacker, because this means they are less likely to be caught or have any CLID or ANI services on the line. Finding a PBX is not really all that hard. There are a few methods, and I suppose you could completely automate it, but you'd need a program that looks for the PBX tones, and I've never seen one before. Here's the method I use. Go grab a Newsweek, Time, or some other popular periodical. Flip through it, and make a list of the 800 numbers belonging to large companies, such as banks, law firms, or hospitals. Don't put down the ones that advertise being open 24 hours. You can also use the phone book for this, and I also know that there is The 800 Phone Book, which is a listing of the 800 numbers for companies, so if you feel like shelling out a few bucks for it, that's approved. Now, once you have a list of the numbers, wait until late in the evening, I do it around 11 pm, so that even if the number is in California, they'll probably be closed, but the later, the better. Start at the top of the list, and dial. If you here a single tone, or an oscilating combination of two tones, put a check next to the number on your paper. Hang up. Repeat for the next number. If you get a recorded message which sounds like a Voice Mail service, wait and see if it says something like, "If you have a mailbox on this system, please press pound (#)." Press # and check what that does, because some companies hide the PBX behind a control command like that. Now go back to the top of your list, and dial the first number with a check next to it. When you hear the tone, pound out the *, #, and 9 keys. If you suddenly get a dial tone, put a mark next to the number, and also put the combination of what keys you pressed to get it. Do that for each number on the list. Ok, now go back to the first number where you got a dial tone. Dial it again, and type in the sequence you used before. When you have a dial tone, dial 1-800-692-6447 (1-800-my-ani-is. ANI is Automatic Number Identification). You will hear a recording which says, "Your ANI is: (XXX)XXX-XXXX. If it gives your home phone number, cross that PBX off your list. But if it gives you a number other than your home number, you're all set. Put that number in a new list, along with the digits you used to get a dial tone. If, at some point, a recording at the PBX number asks for a code, that means that the program is protected with a code. We are currently in the process of writing a program that will scan 800 numbers for PBX tones, and will also crack the codes for you. Watch our file base for it, it should be finished soon.