So as many of you know cell phone voicemails are incredibly insecure. Now for reconnaisance thisisn’t useful when you are gathering information on big companies. Mostly due to the fact that employeecell phones are often private. When doing reconnaisance you should always be aware of the information you have already found, and how it can be used. Thats where an employee directory comes in handy. Many top businessess use the Audix voicemail system so knowledge of the system is invaluable. Now every Audix system hassomething called a system number which is what you will call to access your voicemail remotely.
The only thing you will need to access someones voicemail is their extension, and the password they chose for their voicemail.Just like in any other situation we will try basic passwords ( remember a password can be between 4-15 digits).The most common passwords used are 1234,12345,123456,birthdays,anniversaries, and the extension itself.
Now finding system numbers may seem difficult, and it is. There are ways around that pesky number though.We will start with the easiest; finding publicized numbers. So many schools/businessess publish their audix system instructions for their employees. These files tend to contain data such as system numbers, extensions, and default passwords.Now these could be difficult to find by random searching, but you’re in luck. I have created a google dork which hasvery good results “inurl:audix system instructions”, and useful but not as effective “intitle: audix setup instruction”.
We have covered how to use the audix system, and how to find publicized audix systems, but say thecompany you are gathering information on has not publicized their Audix system number. Now how exactly couldyou get this number? Well there is a number of ways the easiest, and if done properly most successful is tosimply social engineer it. People forget these numbers constantly so find an employee’s name ( for maximum success choosesomeone who isn’t ranked very high.) You will need the help desk number to which is easily found, it is normally the contact number. What you say is up to you, but remember your goal is to gain the system number; so your best bet is to saysomething like you’ve never had to access your voicemail outside the office, and you’re unsure of which number to call.
If the social engineer methods fail there is one more that is hit and miss. Sometimes improperly configuredAudix systems will allow you to access the system directly as if you were calling the number. Now the easiestway to do this is to call as many numbers as you can after hours, so no one answers, and try hitting 0,# or *. Now what you are lookingfor is something about the Audix system, and if it works you will hear a message about dialing to another extension. That is when youchoose the correct number, and try different extensions, and passwords.
Would love to here from you...