__ / / / /(_)_ __ ___ /\ \ \___ (_)___ ___ \ \ ___ __ \ \/ (_) | / / | | '_ \ / _ \/ \/ / _ \| / __|/ _ \ | (_) \/ / _ > < _| | / /__| | | | | __/ /\ / (_) | \__ \ __/ | |_ > < _ (_)_/\_(_) | \____/_|_| |_|\___\_\ \/ \___/|_|___/\___| | (_)_/\_(_) \_\ " K e e p U p T h e N o i s e " /_/ ++++++++++++++++++++++++++++++++++++++++++ +++++++++++Wardialing in the UK+++++++++++ ++++++++++++++++++++++++++++++++++++++++++ +++++++++++++JF@linenoise.org+++++++++++++ ++++++++++++++++++++++++++++++++++++++++++ Wardialing in the UK, for me, is a very interesting subject. Although a lot of the modern c0de kiddies consider it "old-sk00l" and see it as no use today, Wardialing is actually, in my opinion, one of the greatest Hacking related things to do. Hacking a Webpage is fun yes but an isolated carrier provides much more entertainment and excitement, and via wardialing we aim to find these carriers along with lots of other cool things which will provide the phun. All the time, I am approached and people ask me HOW TO wardial in the UK, I always tell people its the same as in the UK, but people act so confused about the whole idea of UK Wardialing. Basically the little Windoze kiddies see some old wardialer, try it out and find that the area code to enter is only allowed to be up to 3 numbers long, therefore a US area code, with this they panic and cry out for help. Or they download a version of ToneLoc and PANIC because they do not understand the program, which CAN be used for UK wardialing and its the one I always use. This is where this help file is intended to come in useful, it will guide you through the basics of wardialing in the UK, and what you will find on your journey and it will also guide you with using Toneloc succesfully to scan loads of numbers and gain interesting results infinding carriers, VMBs, PBXs, unpassworded TeleConference lines and numerous other interesting things. ############## Where to start ############## Wardialing is the process of scanning a large range of numbers and finding interesting things, as I have already stated. There are literally thousands of Carrier Tones in England which all perform different tasks and are owned by different companies. For example - Banks (yes BANKS, hehe), Libraries (delete those excess fines) Local Government (piss off your council) ..and loads more big companies and organisations. It may sound like a little movie-style picture of hacking (WARGAMES comes to mind) but its REAL, it does exist and people do mess with this sort of thing, hehe. Certain Carrier tones can also be abused and be setup so that you can connect perfectly to the Internet which will result, if the carrier is located within a FREE CALL netw0rks, in an 0800 dialup. People tend to mainly wardial for carrier tones but VMBs and PBXs can be found by Wardialing as well, so wardialing provides a great use for Phreaks who are interestedin these things. Although I personally haven't found an PBX while wardialing for about 6 months but, someone, somewhere will no doubt be finding one and abusing one as I type. VMBs are common findings while wardialing, especially on FREE CALL netw0rks and I have great phun with these. The 0800/0500 Service Network numbers, which are of course FREE, are the best place to start wardialing due to the LARGE percentage of businesses who have carriers, VMBs, PBXs etc. located on them, to transfer data or talk from area to area at low cost (only rental and cost of 0800 number). It is also a lot safer to wardial than normal area codes because you will not be dialing peoples houses, so you can dial 0800/0500 numbers at night and not be waking people up (not that I care, its just that they might report the wardialing call to BT as a nuisance call). If you like the idea of Blueboxing then the 0800 89 **** number block will interest you. As you may already know, this block of numbers act as the COUNTRY DIRECT numbers, with some being boxable. From wardialing you will be able to note which ones are boxable if you listen into the wardialing progress, as boxable numbers (CCITT5 Lines) will give a little series of bleeps when they pickup, these are instantly recognisable and if you here this you will know that it is boxable. Well thats a basic introduction into the uses of Wardialing in the UK, so how bout it? Are you ready to step into this world? This is the real deal and could land you in a lot more trouble than a webpage hack, no doubt most people reading this will have already delved into wardialing as it is nothing new but some newbies to the subject might be a little misguided about the whole wardialing deal... ####### ToneLoc ####### Yes, This is the wardialer that I recommend for wardialing in the UK, it is however one of the mose complicated to understand if you have never used it before, but this section will explain how to use ToneLoc to its full capabilities and get scanning straight away. A download URL for ToneLoc is provided in the *URLs* section of this paper. Right, lets get started...We will keep the example simple by using the same variables throughout this section. When you are actually doing your own wardialing you will of course need to change these variables. People who have read the ToneLoc User Docs may find some of this familiar but some people DO NOT realise that the examples in the user docs CAN be interpreted into UK use. For this papers example we are going to scan the 0800 666 *** range which will provide us with 100 results. It is easy to make this scan A LOT bigger but for times sake we are going to look at this example now. Now we have discussed the variables of this example we can get down to using ToneLoc. First of all you need to restart your computer in DOS m0de and enter the ToneLoc directory. The First thing you need to do is to set the CONFIGURATION SETTINGS to what you require. So, open TLCFG.EXE and you will see 6 menus at the top of the screen. The *FILES* menu is used to change any log files that are used in the program. You can edit the names of these log files from this menu but its easiest to keep the names the same, from this menu you can easily see what the function of each .log file is. The *MODEM STRINGS* menu is used to setup the modem sequence for dialing etc. Here is where you need to enter your dialing prefix (0800) so that the program understands our range. The *MODEM OPTIONS* menu is for your modem settings such as Com Port, Baud Rate, IRQ etc. I would recommend setting your baud rate at 19200 even if you have a faster modem, the program (due to being 4 yrs old) doesn't seem to like any baud rate above 19200. The *SCAN OPTIONS* are the options which you may want to change which affect what it happening during the scan. eg. Sound, Wait Delay etc. I would recommend the Wait Delay being quite small to make the scan run faster but remember to keep it long enough for lines to pickup and for ToneLoc to register whether the line is a carrier, PBX, VMB, or Normal Line. The *COLORS* menu is just for editing the colors of the program. Nothing major to worry about. And finally, the *QUIT* menu is where you can chose to save or abort changes made to the configuration file. If you have looked through all those menus you will see that there is a lot of different things that you can change and play with and by now, you should know which ones to change to suit your UK Wardialing needs. Now that you should have all the configuration of ToneLoc setup SPECIFICALLY for your scanning needs we can get down to some major wardialing. If it is your first time using ToneLoc you will need to just open TONELOC.EXE and read the stuff it brings up. As you can probably see, there are LOTS of parameters within ToneLoc that can be used when scanning. ToneLoc allows for a lot of user choice which is something that attracts me to using it. For example, you can easily program the number range to scan and the number range to exclude from the scan by just selecting a different parameter. To scan a range of numbers in the 0800 prefix - eg. 0800-666-100 <--> 0800-666-200 the command at the DOS prompt would be :- TONELOC 666-XXX /R:100-200 This would then scan all the numbers between 0800-666-100 and 0800-666-200 and log the results into the log files specified in the *FILES* configuration menu. This is the option I use the most and its the parameter I recommend you get to know well. Next, suppose you want to scan all the numbers between 0800-666-000 and 0800-666-999, but you had already scanned the 0800-666-100/200 section in your last scan. This is where the EXCLUDE parameter comes into use. TONELOC 666-XXX /D:100-200 This would result in you scanning all numbers 0800-666-000 <--> 0800-666-999 Excluding 0800-666-100 <--> 0800-666-200 If you look at the ToneLoc User Guide included in the tl110.zip you will see this explained as well as lots of other ways to scan. Another Favourite of mine is to use the following command line. TONELOC 666-XXX This will scan 0800-666-000 <---> 0800-666-999 and it will save the results to the data file 666-XXX.dat. You must always remember to have the correct variables added into the Configuration program. Now that you know the basic and most used parameters of ToneLoc its time to get Wardialing. If you watch a wardialing session you will see that it seperatly dials each number and tells you whats happening on screen. It will tell you when it finds anything interesting such as a *gasp* Tone, a Carrier or a Voice and it also appends the results to the log file so you can remember the numbers of interesting stuff and go back and play with them later. You must remember that the fun does not end at Wardialing, a lot of people find wardialing and scanning boring, but I find it one of the more interesting parts of Hacking/Phreaking as you never know when your going to be lucky enough to jump upon a neat carrier (for a bank, hehe), a PBX or a VMB, the fun starts here. You need to follow all your wardialing findings up and learn how to use what you have found in a way which benefits you, after all isn't that the aim? #### URLs #### Below are the necessary URLs to download ToneLoc and maybe find out more information about Wardialing in general. First of all you will NEED a copy of ToneLoc (the wardialer I am recommending) http://www.linenoise.org/philez/wardialers/tl110.zip Now that you have started Wardialing in the UK, how about sharing some of your findings or finding people who may help you on your quests and related projects. The Linenoise WWWBoard is a place for this to come to life. http://www.linenoise.org/wwwboard/ ### End ### Well, thats all the Information that you need to get you going with Wardialing in the UK and using ToneLoc successfully, just be careful and remember that you're responsible if you fuck up, you cannot blame me, the teacher is not to blame. In the near future I would like to c0de a Wardialer specifically for the UK, which would be easy to use, understand and gain successful results from. It is a project that I always keep on the back burner but if enough people wanted to see it, I might bring it foward, let me know... Jf_