March 6th, 2009

Metasploit's HD Moore releases 'war dialing' tools

Posted by Ryan Naraine @ 6:59 am

Categories: Arbitrary Code Execution, Browsers, Cisco, Data theft, Denial of Service (DoS), Hackers, Locally Running Web Servers, Mobile (In)Security, Passwords, Patch Watch, Pen testing, Research, Responsible disclosure, Vulnerability research, Web Applications, Wi-Fi security

Tags: Phone, Telephone System, Tool, Metasploit, HD Moore, WarVOX, Modems, Productivity, Telephony, Telecommunications

HD Moore wants to simplify pen-testing and simulated hacking attacks against telephone systems.

The Metasploit founder has released WarVOX as a free suite of tools to explore, classify and audit a range of telephone systems, including modems, faxes, voicemail boxes, PBXs, loops, dial tones, IVRs and forwarders.

Moore explains:

• WarVOX requires no telephony hardware and is massively scalable by leveraging Internet-based VoIP providers. A single instance of WarVOX on a residential broadband connection, with a typical VoIP account, can scan over 1,000 numbers per hour. The speed of WarVOX is limited only by downstream bandwidth and the limitations of the VoIP service. Using two providers with over 40 concurrent lines we have been able to scan entire 10,000 number prefixes within 3 hours.

• The resulting call audio can be used to extract a list of modems that can be fed into a standard modem-based wardialing application for fingerprinting and banner collection. One of the great things about the WarVOX model is that once the data has been gathered, it is archived and available for re-analysis as new signatures, plugins, and tools are developed. The current release of WarVOX (1.0.0) is able to automatically detect modems, faxes, silence, voice mail boxes, dial tones, and voices.

Moore hopes WarVOX can replace the “slow and inefficient” systems currently in place to identify security holes in phone systems.

This presentation (.pdf) covers the motivation behind the tools and the implementation details.