iwar(1)
NAME
iwar - Intelligent Wardialer
SYNOPSIS
iwar [ -options ] -r [ dial-range ]
DESCRIPTION
iWar is a unix wardialer program, "war dialing" or "wardialing" is a
method of automatically dialing a range of numbers randomly or sequentially and recording things that might be interesting, from traditional
carrier detection to telco related equipment.
The name for this technique refers to the 1983 film WarGames. In the
film, the protagonist "David Lightman" programs his computer to dial
every telephone number in Sunnyvale, CA in order to find other computer
systems. Although the technique predates the film, the name "war dialing" rapidly became popular within computing culture, replacing the
original name of "demon dialing".
iWar is a phone network security auditing tool and should only be used
for _legal_ purposes. If you do not have permission to scan a block of
numbers, then don't use this tool!
OPTIONS
- -a --tonedetect
- tone location (Toneloc W; method)
[Serial default: disabled] [IAX2 mode disabled] - -A --nonpa
- log NPA, but don't dial it (Useful for local calls)
- -b --nobannercheck
- disable banners check
[Serial default: enabled] [IAX2 mode disabled] - -c --xonxoff
- use software handshaking (XON/XOFF)
[Serial default is hardware flow control] [IAX2 mode disabled] - -C --config
- configuration file to use
[Default: iwar.conf] - -d --databits
- data bits
[Serial default: 8] [IAX2 mode disabled] - -D --daemon
- execute iWar in the background
- -e --predial
- pre-dial string/NPA to scan
[Optional] - -E --examples
- examples of how to use iWar
- -f --logfile
- output log file
[Default: iwar.log] - -F --fulllog
- full logging (BUSY, NO CARRIER, Timeouts, Skipped, etc)
- -g --postdial
- post-dial string
[Optional] - -h --help
- display help
- -H --httplog
- log data via HTTP to a web server
- -i --iax2withdebug <filename>
- enabled VoIP/IAX2 for dialing with debugging
- -I --iax2
- enabled VoIP/IAX2 for dialing without debugging (See iwar.conf)
- -l --statefile
- load 'saved state' file (previosly dialed numbers)
- -L --loadfile
- load numbers to dial from file
- -m --mysql
- log to a MySQL database
[Optional] - -n --npa
- NPA (Area Code - ie 212)
- -N --nxx
- NXX (Exchcange - ie 555)
- -o --norecording
- disable recording banner data
[Serial default: enabled] [IAX2 mode disabled] - -p --parity
- parity (None/Even/Odd)
[Serial default 'N'one] [IAX2 mode disabled] - -P --postgresql
- log to a PostgreSQL database
[Optional] - -r --range
- range to scan (ie: 5551212-5551313)
- -R --random-time
- random time between dialing
- -s --speed
- speed/baud rate
[Serial default: 1200] [IAX2 mode disabled] - -S --stopbit
- stop bits
[Serial default: 1] [IAX2 mode disabled] - -t --device
- tty to use (modem)
[Serial default /dev/ttyS0] [IAX2 mode disabled] - -w --httpdebug
- log HTTP traffic for CGI debugging
- -x --sequential
- sequential dialing
[Default: random]
KEYS
a Abort (Don't save, just quit)
- b Beep disabled/enabled. If enabled, iWar will beep when a car
- rier or tone has been located.
- q Save state to a file and quit.
- ctrl-c Send signal 2 (abort/exit, no matter what!)
- s Save state, don't quit (keep dialing)
- p Pause (Serial mode: Hangup then pause, IAX2 mode: pause then
- hangup).
- [ Pause and mark as interesting (Serial mode: hangup pause/mark,
- IAX2 mode: pause/mark, hangup) (Useful for IAX2 mode)
- + Add 5 seconds from serial timer.
- - Subtract 5 seconds from serial timer.
- space Skip current number.
- Serial mode only: Volume is set after the current number is processed.
- 0 Modem volume off
- 1 Modem volume (low)
- 2 Modem volume (medium)
- 3 Modem volume (high)
- IAX2 mode only:
- 0-9 0-9 DTMF
- * * DTMF
- # # DTMF
- Marking will hangup on the current number dialed (shouldn't be a problem as you're marking it anyways)
- m Mark (Quick) [Mark number as interesting, no comments]
- c Mark (CARRIER)
- f Mark (FAX)
- t Mark (TELCO/TONE)
- v Mark (VOICE MAIL SYSTEM)
- x Mark (PBX)
- k Mark [Allows you to enter a custom not about the number]
COLOR CODES
In the event that you're terminal doesnt support color, we use terminal attributes to distinguish between results.
WHITE / A_NORMAL NO CARRIER
YELLOW / A_BOLD BUSY
GREEN / A_BLINK CONNECT
BLUE / A_UNDERLINE VOICE
WHITE / A_DIM NO ANSWER
MAGENTA / A_NORMAL Already scanned (loaded from file)
CYAN / A_REVERSE Blacklisted number.
RED / A_NORMAL Number skipped by user (spacebar).
GREEN / A_STANDOUT Manually marked.
BLUE / A_STANDOUT Possible interesting number (received
silence)
CYAN / A_UNDERLINE Paused and Marked (IAX2 mode only)
MySQL - PostgreSQL
- iWar can use two types of SQL databases. The first one is MySQL with
the -m flag, and the second one is PostgreSQL with the -P flag. In both
cases you need to do the following things before it can be used:
- 1- create a database with the name 'iwar'
- 2- create the user 'iwar' with the password 'iwar'
- 3- create the table using the schema.
- Alternately, you can use an existing database, user and password, doing the corresponding replace in the file iwar.conf
EXAMPLES
- Please look over some examples of iWar usage before getting started.
This will give you a idea of how iWar works.
- Simple 1200 to 1300 range. This will dial numbers 1200-1300 in
a default random fashion.
# iwar --range 1200-1300
- Same as above, but we specify a output file and tell iWar to do
sequential dial instead of the default random fashion.
# iwar --range 1200-1300 -x --logfile 1000.log
- More realistic type of scan. This will scan the 850 NPA
(Florida) in the NXX (555) with a range of 1200-1300. Basically, iWar will dial every number between (850)555-1200 to
(850)555-1300. iWar will use the device (modem) on /dev/ttyS0.
The speed will be set to 9600 baud (defaults to 8N1)
# iwar --npa 850 --nxx 555 --range 1200-1300 --device /dev/ttyS5 --speed 9600
- Same as the above example, but dial "9w" first. The "w" tells
the modem to "wait" for another dial tone.
# iwar --predial 9w --npa 850 --nxx 555 --range 1200-1300 --device /dev/ttyS5 --speed 9600
- This example uses the , to cause a modem delay (default is 2
seconds). In this example, we'll dial a certain number
(5551000) and wait 10 seconds. After 6 seconds, we'll send a
number within our range. The idea here is for targetting PIN
protected system.
# iwar --predial 5551000,,,,, --range 00000-1000
- Another attack scenario involving the pre-dial and post-dial
strings. Lets assume there is a PBX that has pin protection to
dial out. In this case, we'll dial the PBX number (using the
pre-dial string - 18505551234w) wait for a dial tone, then send
a random PIN (--range 0000-9999). iWar will then wait for a yet
another dial tone, and attempt to call a number that we know
will answer with a carrier (the post dial -g w19045552345). The
-m will log to a MySQL database, and the -F will record _all_
events (BUSY, VOICE, whatever).
# iwar --predial 18505551234w --range 0000-9999 --postdial w19045552345 -m -F
- If you save the state of a wardial to a file, you can reload it
like this. This will load in the dial type (random/sequential),
numbers already dialed. This will _not_ load predial/postdial
information. This is useful to stop and scan and restart it
where you left off.
# iwar --statefile mystatefile.dat
- Load phone numbers from a pre-generated file. The numbers in
this file must be in a column one after another. This loads a
list of numbers that iWar _will_ dial. Pretty handy feature.
# iwar --loadfile pregeneratednumbers.txt
- When iWar connects, remain connected and try and determine the
remote system type, but do not record the banner information.
Log to MySQL. Full logging (log everything). Dials 904 NPA,
555 NXX with a range of 1212-1313.
# iwar --npa 904 --nxx 555 --range 1212-1313 --norecording --mysql --fullog
- IAX2 (VoIP) example with IAX2 logging turned on. Similar to
the above example, but we can drop the IAX2 debug information to
a file (good for debugging IAX2/VoIP issues)
# iwar --npa 212 --nxx 555 --range 1212-1313 --iax2withdebug iwar-iax2.log
- IAX2 (VoIP) example. Load pre-generated scan list, log to a
MySQL database, and do full logging.
# iwar --npa 212 --nxx 555 --range 1212-1313 --iax2 --loadfile numbers.txt -m -F
BUGS
Efforts have been made to have iWar "do the right thing" in all its
various modes. If you believe that it is doing the wrong thing under
whatever circumstances, please notify me and tell me how you think it
should behave. If iWar is not able to do some task you think up, minor
tweaks to the code will probably fix that. I certainly encourage people
to make custom mods and send in any improvements they make to it.
FILES
iwar.conf iWar initialization commands iwar-blacklist.txt Numbers that should never be dialed banners.txt List of banners used to identify systems
SEE ALSO
The iWar README and README.IAX2
AUTHOR
iWar was written by Champ Clark III aka Da Beave <beave@softwink.com>.
This manual page was written by Ignacio Arque-Latour <ts1k@telephreak.org> , this man is pretty much a copy from iWar's README file.
VERSION
- This is iwar-0.08 version.