WarDialing using VoIP, IAX2, and WarVOX

I’ve done plenty of war-dialing projects in my day and historically had used a product called PhoneSweep. In the old days there use to be one called ToneLoc. I’ve also used Expect and other scripting languages. Well, welcome to the future…

As part of my most recent project I had a pool of about 10,000 phone lines to check for modems within a span of a few days. I had left this part of the project to the very end expecting there to be very few problems in this area (boy was I wrong about that – modem testing is the new SQL injection).

I utilized a little tool called WarVOX as part of the metasploit / Backtrack suite of tools. I first tested with my cell phone and our office numbers to verify that it wasn’t going to leave voicemails everywhere. That seemed to work.

As the war-dialing commenced, I very quickly realized that I was not going to make it in time. No problem – during the process I added an additional 8 trunks to my configuration within minutes.

Overall, it worked out quite well. I used Vitelity as the IAX2 provider. IAX2 is what WarVOX uses to talk to a pool of phone lines or trunks. Vitelity told me that use of IAX2 was not supported, but it worked despite the lack of support.

At one point, Vitelity detected a security problem and disabled the service for awhile until they verified I was who I said I was.  That is comforting to know that people with stolen credit cards attempting to do the same thing may get stopped at some point.

As the war-dialing completed, I then had to switch back to an analog phone to do the actual penetration attempts. I had to test about 50 supposed modem connections. It was a bit cumbersome to manually copy and paste the phone numbers using the existing interface to WarVOX. I hacked up the WarVOX code slightly to provide just the phone numbers in a table output to make it easy to copy and paste.

It was something of beauty to watch the phone lines being dialed in such rapid order through an Internet connection of all things. To make this even better, I had left my hacking laptop at work and was using a Windows based UNIX Graphical logon protocol (X11) client through Windows Remote Desktop (RDP) going over a mobile Internet connection to manage the war-dialing.

What a surreal experience if one stops to think about it. I’m not sure when, but one day I’m going to use this as a practical joke to ring all the phone lines in some meeting or something simultaneously.  I shall declare “It must be a sign!”.

0 Responses to “WarDialing using VoIP, IAX2, and WarVOX”


  1. No Comments
  1. 1 Wardialing Using Voip , Iax2, and Warvox At Trojatech Tips and Articles

Leave a Reply

You must login to post a comment.