Skip Links

Old School Hacks: War Dialing with WarVox

By JimmyRay on Tue, 05/12/09 - 5:20pm.

The more things change the more they seem to stay the same. I have been working on a few Bluetooth 2.1 hacks for the past couple of days and in the end I thought that while they worked they weren't very interesting. The time-effort::benefit ratio was more slanted towards the time-effort side of the house. Kinda like finding a security hole in Token Ring today.

Long before Tone-Loc was a one hit wonder and bit player in The Adventures of Ford Fairlane, Tone Loc was a seriously cool War Dialer that would give folks like me a good picture of a internal phone system. I could find fax machines, carriers, busy tones, voice, etc... I do not use ole Tone Loc anymore or THC but that's another story. On the rare case that I have to use a modem sweeper it's mainly for pen testing SCADA systems and very large enterprise companies. I have switched to TeleSweep from Secure Logix for that task. You can find that tool here: http://www.securelogix.com/modemscanner/tss_agreement1.htm after an email verified download...grr... But it runs on Windows and is a stable build.

One of the Top security Dudes in the world today is H.D. Moore. H.D. is the inventor of one the most awesome security tools out there today; Metasploit. He is kinda like that old EF Hutton commercial so when he came out with a War Dialer of all products many folks took notice.

After the Telecommunications Consumer Protection Act of 2003 made it illegal to "dial for tone" war dialing died off. It is really considered old school...by security auditors and paid pen testers. Hackers have not forgotten about it at all. Matter of fact, when it comes to VOIP break ins/hacks it's toll jacking that is the number one hack on VOIP not eavesdropping as many of us worry about.

I started messing around with Warvox on my Back Track 4 hacktop. I downloaded it from http://warvox.org/install.html and of course like a real goober, I started an MAKE without checking the dependencies and got a screen full of errors. So make sure install Ruby FIRST. I just used the command:

sudo apt-get install build-essential libiaxclient-dev sox lame ruby rake rubygems libsqlite3-ruby gnuplot

After RTM...I noticed that H.D. recommends installing Mongrel to speed up Warvox. I decided not to do this to see how much of a difference it really made! Bad choice. It makes a huge difference so install it BEFORE you install Warvox. Once the install is completed you get a cool install complete screen with all of the available modules at your fingertips. Feel the power coursing thru your fingertips!!! Evil Laugh Time!!

Just start the service with the command: ./warvox.rb Then in typical H.D. Moore fashion open you browser and go to http://local host:7777 U:admin P:warvox defaults can be changed by editing warvox.conf I just added in my provider info (Vitelity) http://www.vitelity.net/ and started testing my systems.

Warvox was very fast and worked like a champ. I found a couple of HVAC modems I did not know we even had! The part of Warvox that impressed me the most was it's ability to detect a fax machine from a modem. Some really good phrackers can determine this by ear. I ain't one of them. Heck, I can not tell the difference between my wife and my daughter when I call home. A fax machine is 2100hz+1625hz where a modem is 2250hz+1625hz, so the tones are really tight. Warvox has a customized module called Ruby-KissFFT that is really more of a software spectrum analyzer and it does a great job at detecting this. It detected every one of mine.

I have to admit that I do get nostalgic for the old Tone Loc maps but hey, Warvox is one great tool to either learn war dialing on or just brush the dust off of some older skills. War Dialing is still a fantastic method of pen testing your own networks to find holes, vulns and that hidden modem on your network.

Jimmy Ray Purser

Trivia File Transfer Protocol
Seems like all famous swords have names. King Arthur's Excalibur is an easy one but there is also Julius Caeser's Yellow Death, Charlemagne's Joyeuse and El Cid's Tizona which is the only one that still exists.