modem dialing
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: modem dialing

  1. #1
    Senior Member Deeboe's Avatar
    Join Date
    Nov 2005
    Posts
    185

    modem dialing

    Hello all! I will be aging myself with this one...and by aging I mean I am too young still

    So here is my concern. I am currently conducting an audit and ran a wardialer (PhoneSweep) against the modem in question. This is the FIRST time I have had to do a modem assesment in my Pen Testing. *sigh* Anyway, the wardialer didn't get in, thankfully... however there is something in the report that concerns me.

    In the log file (found in the report), it seems that the modem I am dialing into is getting a command prompt similiar to the c:\> you see in a command prompt in the windows environment. How would I bring up a terminal window to emulate what the dialer is seeing so I can have control of what gets entered here.

    I apologize in advance if I look like an idiot here. I just never ever ever ever work with modems... ever!

    Additionally, this is for a penetration test and is not malicious in any form, save your neg's!

    Any help you could give would be great.

    Thanks,
    -Deeboe

    EDIT ----------
    I just found out, I can use the MS HyperTerminal. Thanks anyway, I will leave the thread open for dicussion though. Thanks.
    If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
    - Sun Tzu, The Art of War

    http://tazforum.**********.com/

  2. #2
    AO Curmudgeon rcgreen's Avatar
    Join Date
    Nov 2001
    Posts
    2,716
    What software is listening for incoming calls on the modem?
    That's what will determine what is presented to the dialer.
    I came in to the world with nothing. I still have most of it.

  3. #3
    Junior Member
    Join Date
    Feb 2006
    Posts
    17
    Sorry i gotta ask this, sorry if i dont seem educated in this but i also never delt with wardialing.
    But who still uses this technology? and if the information on the system is soo sensitive that they need an audit why are they still using old school dial in?

  4. #4
    Banned
    Join Date
    Jun 2005
    Posts
    445
    But who still uses this technology? and if the information on the system is soo sensitive that they need an audit why are they still using old school dial in?
    1. This is still widely used, although it is being phased out. It normally comes into play when you have employees who travel, and need on-site access to the remote network.

    2. Audits should be done regardless of the sensitivity of the information they deal with.

    3. Dial-in is no more or less secure than any other form of connection. When you take the proper precautions, it becomes a wonderful tool.

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    When you say you "war-dialled" this modem what exactly do you mean?

    War dialling is no different to a pingsweep except it is used against a block of phone numbers to determine which reply. So if you are simply dialling a phone number that picks up the phone you are not really war-dialling.

    What you can do is used Hyperterminal in it's verbose mode and see what the remote responds with to the initial request. Googling the response may give you a clue. One of the more common telephone programs is PCAnywhere... Try getting a copy and see if you can get in with that. CCRemote/CChost might still be in use and the other common one I can't recall the name of any more... I seem to remember something like [something]storm, (packet?), was the company... It was a terminal program with a blue background....

    You have an answer... Now you gotta play with it....

    Damn, I'm old....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #6
    Senior Member Deeboe's Avatar
    Join Date
    Nov 2005
    Posts
    185
    Originally posted here by Tiger Shark
    When you say you "war-dialled" this modem what exactly do you mean?
    Once again, I will apologize for not knowing anything about this, so excuse my terminology if there is error in it.

    In the PhoneSweep program, there is a list of account/password combinations that it tries over and over again. That is what I meant when I say I "war-dialled" the modem.

    I ended up using Hyperterminal to dial into it. The results I got were sufficent for the purpose of the audit. It is over now, when I come accross another one, I will follow your advice on using PCAnywhere.

    Thanks,
    -Deeboe
    If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
    - Sun Tzu, The Art of War

    http://tazforum.**********.com/

  7. #7
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    No need to apologize... really... If we all knew everything we wouldn't be needed...

    PCAnywhere is the most common I still see.... We still use one box on my network... But it does a dialback so that once you use a set of credentials it calls the "proper" number back and "reverses" the connection so that not just anyone can dial in.

    But there are still a few others out there that you should look at too.

    Good luck... I have forgotten more about modems that I would care to relate... But I've forgotten them on purpose...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  8. #8
    Senior Member genXer's Avatar
    Join Date
    Jun 2005
    Posts
    252
    Just in case you wanted more information, I found some stuff quick:

    SearchSecurity entry: http://searchsecurity.techtarget.com...546705,00.html

    Wiki entry: http://en.wikipedia.org/wiki/War_dialing

    pdf on war-dialing - in this case "The Art of Wardialing" published 1999: http://www.systemexperts.com/tutors/wardial-fiw1999.pdf

    Annnd an interesting article - supporting what d0pp stated from the Register back in 2002:
    http://www.theregister.co.uk/2002/04..._war_dialling/

    PCAnywhere, PhoneSweep, and MS's own Hyperterminal are the software I have used. As TS mentioned, there are others "lurking" out there - but those mentioned just in my post and the others here are what I have worked with recently in testing modems.

    Man - I still remember the 1200 baud modems and when the "turbo" button on the PC was a highly sought after feature... quick someone fetch me my prune juice! Back in my day... is there something about an onion I should be mentioning?!?
    \"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.

  9. #9
    Howdy.
    Man - I still remember the 1200 baud modems
    So do i, if you miss the highpitched noise they used to make when dialling in then check out This site.
    and when the "turbo" button on the PC was a highly sought after feature.
    What was that Turbo button for anyhow.?. I've never noticed any difference when it was switched to low or high.

    f2b

  10. #10
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    After extensive research with the Turbo buttons I had I came to the conclusion that it was only there to help you spend your money quicker...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •