                 
                 A Beginners Guide to 800 Scanning   
                             By: Matrixx                              
                             For:  ISCABBS                         
   
 telnet: bbs.isca.uiowa.edu                


 Along  time  ago  when I started my career as a phreaker
/hacker I had a lot  of  help  and  there were alot of people willing to 
show me the ropes. Well  it's  now  1994,  and the files I that I read are
either out-dated or invisable.   The only chance that an aspiring young
phreaker has is to find someone willing to help them.  Fat Chance.  Like I 
said, this is 1994!!!   This  file  is for the little guy, the 
LAMER as we so lovingly refer to them.   It  is  was not written as a 
submission for PHRACK and is certainly not going to enlighten you if you 
are not new at this sort of thing.     Why did I even bother to write 
this file?  Well, I have seen the phreak community  turn  into  something  
that I was ashamed to be a member of, and then  finally it almost killed 
itself, because so many of it's members were not only full of shit, but 
they would actually stab each other in the back. Today, there is still a 
few honest, trustworthy phreaks, but few of us will bother  helping  out  
anyone.   This is not a very good way to preserve the species.   I  am  
writing  this  file to hopefully encourage a NEW breed of phreaker that 
won't someday annhilate itself. A word to the initiates;  If  
this is your FIRST attempt at bettering yourself, know this.  There is  
much  more to phreaking then what this file will tell you.  In the same 
vein there is much more to the so called "UNDERGROUND" then just phreaking.
You  should attempt to learn more everyday, you should do your own work 
and not  just  copy  what  other  people  give  you.   You should NEVER 
destroy something that isn't yours.  And above all, your reputation is all 
you have, don't ruin it.  So  without  going any further into 
Hacker-Ethic's lets get on with the information,  and  if  someday you 
become referred to as "Elite"...remember where you started...OK?  Everyone 
is lame at something.
			
			--Getting Started--  
Grab your phone, look at it, could you comfortable hold it for hours at a  
time?   If  not  you  may  wish to get a better phone.  My favorite is a
Speaker  Phone.   Some  people use Operator head sets.  Some  people have
their computer dial the number.  I would reccomend "HANDSCANNING" because
no matter how good you think "toneloc" is, it still can't detect a VMB.

			--When to Scan--
After business hours Pacific standard time is usually best, I myself 
wait a few hours even after that, but if you are on the east coast and not
into staying up (very) late just wait till after business hours (5 or 6 
o'clock) EST.  Chances are, if you don't wait until after these house you 
are going to miss a LOT of good stuff, esp answering machines that people 
leave purchasing orders (and credit card info) on...

		     --Choosing Your Prefix--
Oh,  you don't know what a prefix is?  Well it is the middle 3 digits of a  
phone number.  I.e.  XXX-555-XXXX.  Got it?  Good.  Ok now you will need to  find  one.  Whats 
so hard about finding one you ask?  You need choose a prefix  that  hasnt 
been scanned to death like 222-333-444...etc.  You need to  find a WORKING 
prefix, this may sound stupid, but some of the stories I have  heard 
would keep some of you laughing for weeks.  Anyway, this is how you  tell  
if  you  have found an ACTIVE prefix.  Dial 1-800-XXX (XXX = you prefix)  
wait  about  7  seconds,  if  you hear some tones then you have an 
inactive prefix.  Find a new one.

			--Scanning-- 
There  are many ways to scan, ranging from sequential to zen.  For now 
stick  to  sequential, you can either start at the bottom and go up, or 
you can start at the top and go down...You could even start in the middle, 
but always...ALWAYS  remember  where  you  started,  you  may run into a 
prefix filled with good shit...you wouldn't want to backtrack...nothing 
sucks more then  finding  the  same  thing over and over again.  Lets say 
you start at 800-xxx-0000,  then naturally the next number dialed would 
be 800-xxx-0001. Simple eh? 

		      *** 1994 UPDATE ***   Apparently some 
people are scared of getting call backs from those people like AT&T.  
I personally only know of like 3 people who have ever been bothered, but I 
sure there are more.  If you should happen to get a call back, don't 
worry, the most they can do is have your 800 service to the 800 numbers 
they lease blocked.  No bigger, no one company ownes more then 1/5 of all 
800 numbers.  (If it's AT&T make sure you point out that if you try to 
call their "800-CALL-ATT" number you BETTER be able to connect, because 
their commercial says you can reach it from ANY phone. Some ways you 
that may give you extra insurance against callbacks from overy security 
minded idiots, is to do variations on your sequential scanning.  (i.e. 
0000, 0010, 0001, 0011, 0002, 0012) or to have your computer generate a 
list of numbers from 0000-9999 in random order and print it out.   
But like I said it's no biggie, you can make up all kinds of stories to 
tell someone if you get called back, like "I'm trying to get some 
statistics on how many numbers per 800 prefix is being used, and for what 
for my statistics paper.", "I'm trying to get my name on alot of mailing 
lists, so I can create a database of users to sell my products to, and 
since you actually MANUFACTURE and SELL machines to other companys, I 
thought it was LEGAL to call numbers sequentially if you intend on 
selling something.  (IT IS!)  Be creative, don't be afraid, and don't 
be afraid to lie.

			*** END OF UPDATE ***   
There are 10,000 numbers per prefix.  That's alot of numbers to dial. 
You can probably do about 100 numbers in under 1/2 an hour.  That's about 
what I personally average.  Some people try to do 500 a night, but that 
makes for a pretty boring night, and a sore finger/ear.  Some tips for 
making your scanning go faster is not to let the phone ring more then 
FOUR times.  If something doesn't answer in 4 rings, it's probibly not 
any very usefull, or interesting.  Also, if you find someone else who is 
a TRUSTABLE friend, and who also scan's you can split up the scanning, but 
make sure you are not scanning the same stuff, assigne "Blocks" of numbers 
for each person to scan.  (i.e. you do 0000-0500, and he does 0501-1000). 
Then you BOTH make copies of EVERYTHING you find, and share it with each 
other.  But make sure it's a GOOD friend, that's not going to hold out on 
giving you some of the good stuff!!!

			     **Treasures**   

These are SOME of the things you will probably run into:

		Answering Machine (old)   
The  old  machines  are mostly useless, they either can not be accessed 
from  a  remote  loaction,  or they can not be reached at all.  Just 
forget these.  They are, as far as I know...useless.  There is one really 
excellent way  of  determining  if  your  answering  machine  is  useful.  
During the outgoing message hit keys 1-0 and then * and #.  Then after 
the beep do the same  thing  again.   If the machine doesnt respond 
or hang up on you, then you have found either an old machine, or a useless 
one.  I think I'm being redundant here....

		--Answering Machine (new)--
Some people might tell you that these are useless too, these people are 
wrong, you  can  do  many  semi-usefull things with them besides listen to 
other  peoples  messages.  You  can make it into your own personal message 
center, you  can  even  take  it  over...of  course  your outgoing message 
probably  wont  last  more  then a weekend, so don't expect the world.  The 
best way to  hack these things is to just hit 1-2-3-4-5-6-7-8-9-*-9-# and 
then  reverse  it.  Do the same thing after the OGM (Out Going Message) 
For some strang reason, most of the machines I find that have a 1dc (One 
Digit Code)  usually have the passcode of "3".  That's right just hit "3" 
and the machine lets you in.  MOST access codes are pretty simple, shit 
like "123" "111" "321", but don't spend all day hacking these fuckers, they 
are not THAT usefull.  (Unless it's a machine that people are likely to 
leave there credit card info on...(i.e. mail order places))

			--FAX Machine--    
This sounds alot like a computer carrier, but there is a difference and 
it  is easy to tell the difference when you look for it.  What you could 
do is go through any phone book, and look in the yellow pages section 
and then find  a  business  with  a FAX machine, call it and listen.  
An interesting note,  Some  FAX  machines  if  they recieve no 
transmission they then will connect to a computers modem.

			Computer Carrier--    
These  are  almost  always  good for trade, they could be anything.  To 
quote  Ren Hoark (of Ren and Stimpy) "Maybe something good, Maybe something
bad,  I  guess  we'll  never  know..." Until you get more expierence in the
field,  you  should either TRADE these numbers for something you want, give
them  out,  or  keep them, but by no means, call over and over and over 
and bang away, this is useless and should be avoided.  Download some more 
files on how to recognize Unix/VMS/etc...
			
			--Backdoor--
These  are great for trading, nobody likes to admit it, but if you have 
a  way to call 1-900-BLOWMEE for FREE they would love to get their hands on 
it too. (Pun  intended!) These things are great and are kinda rare. Chances 
are that if you found one you will find at least 5 more in that prefix. If 
you  plan on logging on to an "ELITE" BBS volunteer the information in 
your new  user  feedback...tell  the sysop you found it and only he and 
you know about  it. He will more then likely give you decent access, 
especially if he is under 19. Not only are there 1-900 sex line backdoors, 
there are 1-800 sex operator backdoors (these sometimes require a PIN) and 
lots of stuff from Lottery Info, to lines that when you call, all you have 
to do is leave your name and addres and they will mail you a cookbook or 
some shit like  that. If you get a backdoor that lets you do 
"administrator" things do NOT fuck up their setup, or give the information 
to someone who might. These systems usually cost alot of money, and 
destroying just to destroy is the 9'th level of repulsive.  

 			--Voice Mail Box's--
That's VMB if you want to sound like you know what you are doing.  There 
are  MANY  different types of Voice Mail Box's and there are text files for 
just  about every type you will run into.  I will ATTEMPT to give you a 
crash course in VMB hacking.
	INDENTIFICATION:    A  voice  mail  box,  will sometimes act just 
like an answering machine until  you  start  hitting  those all important 
MF (Multi-Frequency) tones. (1-9,  etc...)  You will be prompted to do 
something else depending on what key  you  hit.   Sometimes  you will be 
asked for "the mailbox in which you would  like  to  leave  your  message, 
sometimes you will be asked for your mailbox  and  passcode.   Sometimes,  
it  will  tell  you  to re-enter your something or other.  What you would 
basically look for is options OTHER the entering  a  passcode.   Don't  
be  afraid  to hang up and call back to try something new.
	System Spex:  Next  you  will need to find out how many digits a 
box number is.  This is usually easy but CAN be a pain in the ass.  
Something to always remember is  SLOW  AND  STEADY.   Press  1  wait 2 
wait 3 until you get some sort of system message.  Use this same method 
for finding out how long the passcode is.   In  MOST  cases  you  can just hit 1234 and it will give you the next
system  message,  so you don't always have to go slow, in fact it is pretty
rare, but don't foget it.  Most VMBs rarely have more then 5 digit box's.

    Next:   Find  a  Valid box.  You know one that doesn't ask you to enter
another  mailbox  number  but  instead  says "leave a message" or some such
shit.   What you should look for is an EMPTY one.  One that isn't currently
being used by someone on the system.

    How to enter your passcode:  There are mainly two different systems.

    1.   While  listening to the box's outgoing message a key (usually # or
*) will prompt the "enter passcode" message.

    2.   During  the  original  outgoing messgage a key (again # or *) will
give  a  "Enter  YOUR  mailbox  number" followed by a "Enter YOUR passcode"
message.

HINTS
-----

    Many  systems  have  DEFAULTS and they are usually 0000 or 1111 or 1234
or  many systems  use  the  same number as the mailbox for it's passcode.  Sometimes they increment or decrement it by 
one.  Many   systems   also   have  mailbox's  at  9999  or  9998  that  
have ADMINISTRATOR  functions.   If you find on of these, either don't 
piss with it  or  be  very careful.  But remember you can trade these for 
some decent stuff.     You  will  notice  I  used  4 digit examples 
above.  If the system only allows  3  digit passcodes, then naturally 
use a 3 digit version.  The same goes for 5 digit.  Use your brain a 
little.                            

			--Private Branch Exchange--    
You would be surprised how many "veteran" phreakers don't know what PBX 
is  short  for.   What it essentially is, is this:  Remember in high school 
when  you  made a call home from the office?  You had to dial 9 before 
your home  number?   You  went  through  a  PBX.  When a company or group 
has an internal  phone system they usually set it up so that with the 
touch of one key  they  can reach
