The more things change the more they seem to stay the same. I have been working on a few Bluetooth 2.1 hacks for the past couple of days and in the end I thought that while they worked they weren't very interesting. The time-effort::benefit ratio was more slanted towards the time-effort side of the house. Kinda like finding a security hole in Token Ring today.
Long before Tone-Loc was a one hit wonder and bit player in The Adventures of Ford Fairlane, Tone Loc was a seriously cool War Dialer that would give folks like me a good picture of a internal phone system. I could find fax machines, carriers, busy tones, voice, etc... I do not use ole Tone Loc anymore or THC but that's another story. On the rare case that I have to use a modem sweeper it's mainly for pen testing SCADA systems and very large enterprise companies. I have switched to TeleSweep from Secure Logix for that task. You can find that tool here: http://www.securelogix.com/modemscanner/tss_agreement1.htm after an email verified download...grr... But it runs on Windows and is a stable build.
One of the Top security Dudes in the world today is H.D. Moore. H.D. is the inventor of one the most awesome security tools out there today; Metasploit. He is kinda like that old EF Hutton commercial so when he came out with a War Dialer of all products many folks took notice.
After the Telecommunications Consumer Protection Act of 2003 made it illegal to "dial for tone" war dialing died off. It is really considered old school...by security auditors and paid pen testers. Hackers have not forgotten about it at all. Matter of fact, when it comes to VOIP break ins/hacks it's toll jacking that is the number one hack on VOIP not eavesdropping as many of us worry about.
I started messing around with Warvox on my Back Track 4 hacktop. I downloaded it from http://warvox.org/install.html and of course like a real goober, I started an MAKE without checking the dependencies and got a screen full of errors. So make sure install Ruby FIRST. I just used the command:
sudo apt-get install build-essential libiaxclient-dev sox lame ruby rake rubygems libsqlite3-ruby gnuplot
After RTM...I noticed that H.D. recommends installing Mongrel to speed up Warvox. I decided not to do this to see how much of a difference it really made! Bad choice. It makes a huge difference so install it BEFORE you install Warvox. Once the install is completed you get a cool install complete screen with all of the available modules at your fingertips. Feel the power coursing thru your fingertips!!! Evil Laugh Time!!
Just start the service with the command: ./warvox.rb Then in typical H.D. Moore fashion open you browser and go to http://local host:7777 U:admin P:warvox defaults can be changed by editing warvox.conf I just added in my provider info (Vitelity) http://www.vitelity.net/ and started testing my systems.
Warvox was very fast and worked like a champ. I found a couple of HVAC modems I did not know we even had! The part of Warvox that impressed me the most was it's ability to detect a fax machine from a modem. Some really good phrackers can determine this by ear. I ain't one of them. Heck, I can not tell the difference between my wife and my daughter when I call home. A fax machine is 2100hz+1625hz where a modem is 2250hz+1625hz, so the tones are really tight. Warvox has a customized module called Ruby-KissFFT that is really more of a software spectrum analyzer and it does a great job at detecting this. It detected every one of mine.
I have to admit that I do get nostalgic for the old Tone Loc maps but hey, Warvox is one great tool to either learn war dialing on or just brush the dust off of some older skills. War Dialing is still a fantastic method of pen testing your own networks to find holes, vulns and that hidden modem on your network.
Jimmy Ray Purser
Trivia File Transfer Protocol
Seems like all famous swords have names. King Arthur's Excalibur is an easy one but there is also Julius Caeser's Yellow Death, Charlemagne's Joyeuse and El Cid's Tizona which is the only one that still exists.
Jimmy Ray Purser is the technical co-host for Cisco's TechWise and BizWise TV. Jimmy Ray also conducts advanced training for engineers across North America and Europe and regularly speaks at industry conferences such as VON, CeBIT, N+I, and Networkers. As a field engineer, Jimmy Ray experiences networking first hand behind the console or in the rack. He is an active member in the IEEE and the Ethernet Alliance and has designed, installed and tested numerous networks for Fortune 500 companies, the United States military and other institutions worldwide. He holds 3 U.S. patents for Ethernet security algorithms with two others pending and one defensive publication, as well as numerous other vendor certifications in networking and security.
Purser holds a Bachelor of Science degree in electrical engineering from Southern Illinois University is currently pursuing a master of science degree in electrical engineering.
The Leader in Network Knowledge
WarVOX 1.0.1 Release Imminent!
Thanks for the great article! The current SVN version of WarVOX adds support for blacklists, multiple masks per job, and dial ranges, along with a ton of bug fixes since 1.0.0. The next stable version (due this week) is being released under a BSD license, making it free to use, extend, and incorporate into other projects.
ToneLoc Maps
These are already implemented, but not integrated into the user interface. I was trying to finish the audio auto-grouping code before enabling these, but it might make more sense to add them in 1.0.1 and then extend them once the auto-grouping is complete. The auto-group functionality is really handy - it sorts numbers based on how they sound, finding sets of similar sounding audio automatically.
Old School Hacks
very cool. good write.
Informative
Jimmy Ray, I always enjoy your articles. I will download this tool today and test on my network
Post new comment