I’m not a newbie anymore… now I become a dummies

The story began about 2 months ago. When I was trying to connect my internet through my gsm modem using one of Indonesian telecoms service provider. After trying to connect my modem into internet (desperately), I decide to check what is going on with my connection. I started to contact the costumer service, and they said that my credit is insufficient to do the internet connection. Well , it’s my fault, I forget to buy the voucher. After borrow some money from my friend (around 100.000 IDR), I bought the voucher, and trying to start the internet connection again. And horey! the connection back to normal again… but only for 4 hour! 

Well, at first I thought the problem came from my gprs modem. I tried to disconnect and connect the modem for all night long but still no result. Next day, I decide to contact the customer service again, and they said I need to wait for 24 hours. Well then, i have no choice at all. After 24 hours, I tried to connect the modem again but still have the same problem, I could not get into the internet. The again I decide to contact the customer service again, and they said I need to wait for 24 hours x  7 days.. What the h…
Short the stories, after waiting 7 days of bored times, I decide to connect my modem again and the result still the same, at that point I think there must be something wrong with the modem. I decide to borrow another modem from my friend, and the result still the same. Then I tried to change my card with another sim card from the same provider (again, I borrow the card from my friend), but at this this I could connect to the internet.. oh sh*t.
Well, after all what happened to me, at the next day I decide to contact the customer service again, and as I thought before, they ask me to wait for 24 hours x 7 days again!. I decide to waiting again, and after waiting for one week they ask me to wait for 1 week again. Now the time limit for my card has ended, and my 100.000 IDR is missing as the time limit’s of the sim card has been ended. I tried to protest but still useless. And this is the point where I changed, from a newbie into a dummies.Yes, now I became a dummies, I lost my mind and knowledge, and there come the dark side
I started to think about how to take revenge. Yes, I try to take back the things that supposed to be mine.My mind keep running, as I remember the modems gave me some IP number although I could not connect to the internet. So,this is my entry point. I tried to fire up my BT 4, call the wvdial and got connected, I have the IP address.
local IP address x.x.x.x
Remote IP address z.z.z.z
Primary DNS address a.a.a.a
Secondary DNS address b.b.b.b
this good! after that I tried to nslookup into some address. but looks like I got no connection.Well, I tried fire up my mtr but still no connection. I tried to changed my destination address, this time I choose the IP address from the DNS, both primary and secondary. And what an interesting info I got, now the IP address changed into local address in every hop. It is no longer 10.x.x.x but It’s change into 192.x.x.x , seems promising for me, now I became more serious.
I the decide to do some scanning for each hop I got. and it started showing me some live host with various device. After finish do some scanning to each network. then I tried to check each service by nc-ing to each port that popped up along the scanning session. I got many strange port number, and some of them gave me an interesting banner via nc. form NSN to SGSN 🙂
Well, now I have some target in here, I starting to crack all the service one by one all over the night, the result seems worth enough. Now I could login into some machine, which on my opinion this must be the “router” device from the provider. Well, at first I have some problem running the console but I have google who always ready to answer all my question 🙂 , short the stories, I play a little while inside the machine (on every machine I could get into). Runs some command which useful for me, such as capture traffic, dump configuration, backup setting or firmware , even on some machine I could dump the database structure 🙂
For the shake of ethical and for my own security, I could not give you the name of the company neither the real configuration strings but I will give you some “teaser”
SGSN_RTT
        “REPORT_TIME” TIMESTAMP,
         “IMSI” VARCHAR(16),
        “IMEI” VARCHAR(16),
        “RA_ACCESS_TYPE” TINYUINT,
        “RNC_ID” SMALLUINT,
        “CGI_LAC” SMALLUINT,
        “CGI_RAC” TINYUINT,
        “PHYSICAL_PAPU_ID” TINYUINT,
        “PAPU_ID” TINYUINT,
        “APN” VARCHAR(101)
…. long list…
and also
TrafDbep [NNNNNN]
Job info : XXCCZZZZZ
job id: 0xXBCCC, 
SGSN_RTT event exporting finished. 
Total data size BBBBBBBBBB
Time: ZZZ BBB XXX 2010
Host: YYY-TRAFFIC0000000
Process: NNNNN
Location: XXXXX
Product version:Z.X.X.CC



and more

SR:(OFAM=2A)AND(NUM=0BXCD,0BCCB,0BCD4,0BZE5,0BDDC)
GMG_G6JX.PAC XX/NN ZZZZ 2010   SGXENVJ7.PAC 5.5-0
“G99”
#H16″
BLACKBERRY
MNCNXNX
MCCMNZB
HSDPA

GPRS
XXCBNMM

#

more 

Not enough space for a full dump. Generating a partial dump
msgbuf: 0x%x[0x%x] = %d
 (added)
 (%0x%x > %0x%x)
text + data + bss + rest: [0x%x – 0x%x]
INCOMPLETE CORE DUMP:
Dumping 0x%x pages of memory to sec 0x%x, 0x%x sectors
Updating header at addr 0x%x to sec 0x%x, 0x%x sectors

more..


SGSN SG6 DX200 CD9
3GSGSN CD5
FLEXI ISN rel 3.2 SW Rel. 3.9.2NET-FCS21 CD5


Well I think it’s enough, it’s for my own safety. Now, I’m no more a newbie, the dark side has take over my mind and I become a dummies 🙁