We've also got a nice little tool for those of you exploring the local loop - you must have come across an X.25 system at some point in your career, and with a working NUI, you can use it to scan for systems from your local PAD via GNS DialPlus. Just make sure you use the random address generator in article 4, or it's goodnight vienna. And yes, it should run under dosemu. To use the above tewlz, you'll require a copy of Telix 3.22 and a DOS Based C Compiler; x25_rand.c was compiled using Borland C++ 3.0, YMMV of course. ----------------------- Tewlz 4 Fewlz Present The GNS Tewlb0x v2.2 for 2280 Magazine ----------------------- The GNS Tewlb0x v2.2, (C) Tewlz 4 Fewlz Software Devlopment Labs, 1997 ---------------------------------------------------------------------- Welcome to the latest revision of the Scanner that's got BT hunting us all around the world's PDNs! You already know the jist of the program, so without further ado, here's the basic docs. o Consecutive DNIC / PSE / NUA Scan mode This allows for scanning up to 9999 NUAs off a DNIC / PSE combo, or a 2344 local PSE. Still yields results, but we only reccomend this for short runs, circa 50 addresses or so. o Consecutive LCN / Port scan Probes an NUAs logical connections or ports, up to 99. o Random / from file RaD! You can run over all your old address lists, try some mneomnics (although these should be entered at the NUI prompt), or just go all ToneLoc like, with X25_rand. This option was designed to bypass smartass console watcher admins, who sit and reroute all your connects to an unaccessable address after 50 connects, and boy does it work smooth. o Exhaustive NUA Scan Ala NUAA, this mode will start at the initial NUA value, scan all it's ports, then move on to the next NUA, doing the same, until we reach our target NUA. Scanner Logistics ----------------- Here's the crux of how I almost lost my sanity one balmy summers 'eve. GNS Insists on pandering to some notion of user friendliness, and as such, puts a lot of extraneous crap out besides its diagnostics, ala: Network - and press RETURN: DTE - 234265302342(CR) Network - (CR/LF) Calling 234265302342 (CR/LF) CLR Access Barred 0B00 (CR/LF) Duration Mins = 0 Secs = 0 (CR/LF) (A shitload of menu stuff, then repeat) The code to pick out the diagnostic ONLY was convoluted to say the least:- Capture_network_message() { Connect_timer = timer_start(prod_pause); While(cntrl_cnt < 6) { if(cinp_cnt()) { chr = cgetc(); printc(chr); Check_Connect_status(); if((chr == 013) || (chr == 010)) cntrl_cnt = cntrl_cnt + 1; if(cntrl_cnt >= 4) { if((isascii(chr) || (chr == 032)) && (!iscntrl(chr))) fputc(chr, cap_fh); } } Check_Timeout(); } fputs("^M^J", cap_fh); cntrl_cnt = 0; timer_free(Connect_timer); } We loop while there are less than 6 control characters flagged, but there is a problem exclusive to DialPlus - the PADs are way too fast for waitfor() or track(), so I had to start logging chars to file when they hit 4 or more, and keep the control character count the same, breaking the loop on the next two (just before the call information field). Seems simple enough, but it took me 2-3 hours of careful debugging to get the bastard working properly. This script almost never saw the light of day... It was worth it though. The Check_timeout() function simply evaluates whether *any* control characters have arrived (no message) OR the timer has run out - in either case we clear the call, and move on to the next NUA. The Connection logger was another story altogether. Here's how it operates. We call a routine that evaluates whether the string "Connect" is present in our Diagnostic field in the middle of the above routine. This is simply a ASCII char analysis of what we're looking for. If we find it, we set a flag called Connect_eval to TRUE, and start up this routine: Capture_system_herald() { fputs("------------^M^J", cap_fh); cputs_tr(wake_me_up); Connect_timer = timer_start(prod_pause); while((cntrl_cnt < herald_counter)) { if(cinp_cnt()) { chr = cgetc(); printc(chr); if((chr == 013) || (chr == 010)) cntrl_cnt = cntrl_cnt + 1; if(isascii(chr)) fputc(chr, cap_fh); } Check_timeout_2(); } fputs("^M^J", cap_fh); fputs("------------^M^J", cap_fh); timer_free(Connect_timer); } This operates in much the same manner as the network diagnostics trap, but allows for more chars to be spooled to file, and has it's own timeout function (Check_timeout_2()). The string wake_me_up[] can be anything, think of it like the prod string in ToneLoc. In this case, a good one to use would be: ^A^B^E^M^M^M^J^[^032 Which would send: SOH (Start of Handshake) STX (Start Transmitting) ENQ (Enquiry) CR (x3) (Carriage Return) LF (Line Feed) ESC (Escape) 032 (ASCII Value for SPACE) These strings should wake up most snoozing systems, or idle TTY processes. If we don't get anything to go on in under 10 seconds, we carry on scanning. GNS DialPlus PADs are annoying to say the least, not nearly as reliable as any other network I've come across. Silly little bugs can manifest themselves, and one or two I've seen have basically been: o PAD hangs up after 10 addresses, script redials, we get nothing but 8N1 crap although we're set to 7E1, we have to abort the dial attempt; Subsequent dial attempt gets NO PROTOCOL, another abort, and then we get a connect that lasts for 30 mins. o PAD Stalls after getting to NUA/CUG Menu, usually halfway thru spooling out the address menu. We have to redial, and get the same 8N1 crap as above. o PAD will often hangup while waiting for a network connect, so we sometimes get NO CARRIER in our result log next to the address. Keep persevering through these, because they've manifested themselves on every single PAD I've used. A fast copy of grep() should see you flying through those logs. Complete Revision History: -------------------------- Version 0.1b - Non working Beta; This version is a joke - it doesn't even do what it's supposed to. End of Story. Version 0.2b - Basic working scanner. Still quite slow, but it works. Version 0.3b - Removed all debugging features, and fixed a bug with the Scan_LCN function. Version 0.4b - Major revision : o Included external configuration file o Added function to scan NUAs from a file o Added saves for every scanning function in the menu o Generally tidied up the code o Fixed the 'Prompt' bug, Script now runs 30% faster Version 1.0 - [Final Evaluation] o Finally got round to fixing the annoying hangs after a remote DTE CLEAR or RESET, previously the script would just stall o Fixed the Scan_from_file() function's read and restore capabilities Version 1.10 - o Added default configuration writer so any further releases won't have any extra cargo in the form of extraneous .CFG files! o Fixed bug in LCN_Scan() - now terminates after 99 Addresses. Previously, the counter would just loop back to zero. o Patched NUA_Scan() to terminate after NUA_Range Addresses. Without this, the function would probably have suffered the same bug as LCN_Scan() o Improved Dialler intelligence - checks for succesful login. Instead of just carrying on with the rest of the script, we check that we actually have a prompt now. o Added logging facility for ease of reference, courtesy of TELIX.USE, or whatever the user configures it to be. Version 1.11 - o Tidied up the logging facility slightly, several bugs here and there o Fixed the problem with the logger not padding out the scan mask in the log file with the correct no. of X's. Version 1.12 - o Tweaked the logging facility to show call clear down from local party; saves wading through captures if your'e in a hurry, makes it easier to strip log file for use as NUI input file. o Slowed down the message windows for redial attempts; It's confusing as hell when they fly past in 0.2s; I like to know exactly what's going on with my scriptz. Version 2.0b - Major Version Revision o The GNS Tewlb0x. All previous source code has been totally re-written, and large segments of the source from The TeleNet Tewlb0x are in use, specifically the char dependant capture routines. This is essentially a *completely* different program. Version 2.1b - Bug fix / Improved System logger release o Eliminated that bloody annoying printing bug with the LCN Scanner logging facility. o LCN Scanner now moves onto next address after exhausting all target ports, warranting the inclusion of a new mode - Exhaustive LCN Scan. o Got the Scanner to stop looping back to 0 after a Consecutive LCN Scan. How often is this bug going to manifest itself? ;) o The same restart bug appeared in the Random scanner and was promptly stomped on. All we needed to do was drop carrier, and the while() loop becomes false, allowing us to exit back to our previous level of execution. o Rad addition - The scanner now optionally prods the target system when we get a connect, and logs any system heralds or login prompts to file. o Added in Hard Break before Ctrl-P to clear DataCall, I think the while(carrier()) loop is a bit slow or may be stuck in an internal conditional (Which is damn near impossible to trace). o Added in a modem reset function to restore previous session parameters (Hey, you might need to get online straight away and mail me all those k0deZ) ;) o Finally ironed out the Post Local-Cleardown increment. Previously, an address would be missed after a connect. o Generally tidied up some of the code ala reuse. Version 2.2 - Finally, a working non-beta! A few minor bugfixes, and our scanner now r0x the d0x. o Fixed Unresponsive NUA and System hang problem - the timeout facilities are now deadly accurate and will indicate a network or system timeout in the logfile. o Fixed Call Clear problem - A short delay was needed between the initial CLEAR signal (^P) and the clear command to allow for character spacing, otherwise we add another 10 seconds to connect time. Final ----- o SprintNet and M5000 revisions in the works o x25_rand.c v2.0b on the way o Work started on PSS Scanner !!! MOST IMPORTANT !!! Remember to exit Telix after aborting mid-scan, or you won't have a session log file - this is *not* my fault or problem, to bypass this would require installing an abort signal handler, making the script 5 times more complex than is required. Remember, these are a means to an end! Any problems? You know where to reach me. L8r! -[ Grievous Angel ]- -8<--------------8<----------------8<--------------8<----------------8<------ ///////////////////////////////////////////////////////////////////////////// // GNS DialPlus (PSS DialPlus) Tewlb0x v2.2 // // ---------------------------------------- // // X.25 NUA Scanner // // // // [ N O T F O R M A J O R O R U K D I S T R I B U T I O N ] // // // // C. R. E. A. M. // // // // C O D E S R U L E E V E R Y T H I N G A R O U N D M E // // // ///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// // Terminal Settings // ///////////////////////////////////////////////////////////////////////////// int speed = 1200; // 1200 bps int parity = 1; // Even Parity int data = 7; // Seven Data Bits int stop = 1; // One stop bits int Port = 3; // Com Port 3 str term_set[80] = "ANSI"; // Standard VT100 Emulation str modem_init[80] = "ATM0"; // Turn Modem Speaker off str modem_dial[80] = "ATDT"; // Dial Tone with NO CLID Blocking int Max_Redial = 3; // Redial 3 times MAXIMUM int Redial_Count = 0; // Init Redial counter ///////////////////////////////////////////////////////////////////////////// // PAD and Scan Settings; Dialup, DNIC, PSE, etc // ///////////////////////////////////////////////////////////////////////////// str PAD_Dialup[80] = "0141-221-6442"; // Target PAD Dialup str DNIC[80] = "2353"; // Target DNIC str PSE[80] = "0000"; // Target PSE int NUA = 0000; // Target NUA int NUA_Term = 9999; // Terminating NUA str LCN_Target[80] = "235365304924"; // LCN Sweep Target Address int LCN = 0; // Initial NUA Port str LCN_ITOS[2]; // Temp holding space int LCN_Count_Inc = 1; // Inc. Value for LCN int LCN_range = 10; // Keep this for func. pass int NUA_Range = 10000; // Max # of NUAs to scan int NUA_Count_Inc = 1; // Inc. Value for NUA str NUA_ITOS[4]; // Temp holding space ///////////////////////////////////////////////////////////////////////////// // Target PAD Strings, wakeups, Answerbacks/Enquiries, Menu prompts // ///////////////////////////////////////////////////////////////////////////// str CUG_Menu[80] = "Type selection and press RETURN: "; str NUA_Menu[80] = "RETURN: "; str Valid_NUI[80] = "GETYOUROWNFUCKINGNUI!"; str Wake_me_up[80] = "^M^M^M^032^032^A^B^E^J^["; // File variables for Consecutive NUA Scanner ////////////////////////////// int NUA_restore_fh; str NUA_restore_file[80] = "D:\TEMP\GNS_TOOL.NUA"; // File variables for Consecutive LCN Scanner ////////////////////////////// int LCN_restore_fh; str LCN_restore_file[80] = "D:\TEMP\GNS_TOOL.LCN"; // File variables for Random / file address scanner //////////////////////// int NUA_file_fh; str NUA_file[80] = "D:\TEMP\GNS_NUA.LST"; str NUA_Buffer[80]; int NUA_file_restore_fh; str NUA_file_restore[80] = "D:\TEMP\GNS_TOOL.N_F"; // File variables for Exhaustive NUA Scanner /////////////////////////////// int NUA_X_restore_fh; str NUA_X_restore_file[80] = "D:\TEMP\GNS_TOOL.EXN"; int LCN_X_restore_fh; str LCN_X_restore_file[80] = "D:\TEMP\GNS_TOOL.EXL"; // Read buffer for *all* restore files ///////////////////////////////////// str Restore_buffer[80]; ///////////////////////////////////////////////////////////////////////////// // Logger file variables and tracking strings // ///////////////////////////////////////////////////////////////////////////// int chr; // Character scratchpad for logging routine int c; // Internal Scratchpad character variable int Cap_fh; // Logger file descriptor int Cntrl_cnt; // Counter to determine # of cntrl chars passed int Connect_eval; // Counter to determine if we have a Connection int Connect_char; // Character Scratchpad for Connection Evaluator int PAD_Clear_flag; // Var. to stop addr counter re-incrementation int Connect_Timer; // Timer to allow for unresponsive systems int Herald_Counter = 10; // Control chars to escape on when logging system int Prod_Pause = 80; // 10ths of second to delay CLR'ing NUA / System // This is where *all* our results are kept /////////////////////////////// str logger_file[] = "D:\TEMP\SESSION.LOG"; ///////////////////////////////////////////////////////////////////////////// // Miscellaneous Global Variables // ///////////////////////////////////////////////////////////////////////////// str Menu_Selection[1]; // Self Explanatory str Temp_ITOS[80]; // Scratchpad variable for logging int start_time; // Time and Date function Variable #1 str s[64]; // Time and Date function Variable #2 str s2[16]; // Time and Date function Variable #3 ///////////////////////////////////////////////////////////////////////////// // Modem restoration and initialization variables // ///////////////////////////////////////////////////////////////////////////// int old_port_speed; int old_data_bit; int old_parity; int old_port; int old_stop_bit; ///////////////////////////////////////////////////////////////////////////// // Main function // ///////////////////////////////////////////////////////////////////////////// main() { Terminal(); Store_modem(); set_cparams(speed, parity, data, stop); set_port(Port); set_terminal(term_set); cputs_tr(modem_init); cputs_tr("^M"); clear_scr(); Draw_menu(); gets(Menu_Selection, 1); strupper(Menu_Selection); clear_scr(); start_time = curtime(); date(start_time, s); time(curtime(), s2); cap_fh = fopen(logger_file, "a"); if(cap_fh == 0) { status_wind("FATAL ERROR : Could not write to Session Log!"); status_wind("Halting script."); kill_all(); } fputs("------------------------------------------------------------------^M^J", cap_fh); fputs("GNS Tewlb0x, (C) Tewlz 4 Fewlz Software Development Labs, 1997^M^J", cap_fh); fputs("This Session started on ", cap_fh); fputs(s, cap_fh); fputs(" at ", cap_fh); fputs(s2, cap_fh); fputs("^M^J", cap_fh); fputs("------------------------------------------------------------------^M^J", cap_fh); fflush(cap_fh); /////////////////////////////////////////////// // Menu Selection "A" // /////////////////////////////////////////////// if(Menu_Selection == "A") { Status_wind("Consecutive NUA Scanner Selected..."); fputs("[ Consecutive DNIC/PSE/NUA Scan ]^M^J", cap_fh); NUA_Restore_fh = fopen(NUA_restore_file, "r"); if (NUA_Restore_fh == 0) { status_wind("No restore file!", 20); status_wind("Starting from Default NUA Value", 20); scan_addresses(NUA, NUA_Range, NUA_Count_Inc); } else { Restore_NUA(NUA_Restore_fh); scan_addresses(NUA, NUA_Range, NUA_Count_Inc); } } /////////////////////////////////////////////// // Menu Selection "B" // /////////////////////////////////////////////// if(Menu_Selection == "B") { Status_wind("Consecutive LCN Scanner selected..."); fputs("[ Consecutive Port/LCN Scan ]^M^J", cap_fh); LCN_Restore_fh = fopen(LCN_restore_file, "r"); if (LCN_Restore_fh == 0) { status_wind("No restore file!", 20); status_wind("Starting from 00", 20); Scan_Addresses(LCN, LCN_Range, LCN_Count_Inc); } else { Restore_LCN(LCN_Restore_fh); Scan_Addresses(LCN, LCN_Range, LCN_Count_Inc); } } /////////////////////////////////////////////// // Menu Selection "C" // /////////////////////////////////////////////// if(Menu_Selection == "C") { Status_wind("Scan from file / random selected..."); fputs("[ Scanning from file / random ]^M^J", cap_fh); NUA_file_fh = fopen(NUA_file, "r"); if(NUA_file_fh == 0) { status_wind("FATAL ERROR : Couldn't open NUA List!", 20); status_wind("Check its path in your configuration and try again", 20); kill_all(); return; } NUA_file_Restore_fh = fopen(NUA_file_restore, "r"); if (NUA_file_Restore_fh == 0) { status_wind("No restore file!", 20); status_wind("Starting from list header", 20); Scan_from_file(); } else { Restore_file_NUA(); Scan_from_file(); } } /////////////////////////////////////////////// // Menu Selection "D" // /////////////////////////////////////////////// if(Menu_Selection == "D") { Status_wind("Exhaustive NUA Scan Selected..."); fputs("[ Exhaustive NUA Scan ]^M^J", cap_fh); NUA_X_Restore_fh = fopen(NUA_X_restore_file, "r"); if (NUA_X_Restore_fh == 0) { status_wind("No restore file!", 20); status_wind("Starting from Default NUA and LCN Value", 20); Exhaustive_Scan(); } else { Restore_NUA(NUA_X_Restore_fh); Restore_LCN(LCN_X_Restore_fh); Exhaustive_Scan(); } } /////////////////////////////////////////////// // Menu Selection "E" // /////////////////////////////////////////////// if(Menu_Selection == "E") { Status_wind("Exiting program..."); fputs(" *** No user action - script was halted *** ^M^J", cap_fh); Kill_all(); return; } Kill_all(); } ///////////////////////////////////////////////////////////////////////////// // Draw our main menu // ///////////////////////////////////////////////////////////////////////////// Draw_Menu() { clear_scr(); box(13, 4, 63, 20, 2, 1, 15); box(15, 5, 61, 8, 1, 0, 15); box(15, 9, 61, 19, 1, 0, 15); pstraxy("GNS Tewlb0x v2.2", 28, 6, 15); pstraxy("(C) Copyright Tewlz 4 Fewlz, 1996", 22, 7, 15); pstraxy(" A) Consecutive DNIC / PSE scan", 22, 11, 15); pstraxy(" B) Consecutive NUA / LCN Scan", 22, 12, 15); pstraxy(" C) Scan from file / Random", 22, 13, 15); pstraxy(" D) Exhaustive NUA Scan", 22, 14, 15); pstraxy(" E) Exit DialPlus Scanner", 22, 15, 15); pstraxy(" Selection : ", 22, 17, 15); } ///////////////////////////////////////////////////////////////////////////// // Kill all file I/O // ///////////////////////////////////////////////////////////////////////////// Kill_all() { if(NUA_restore_fh != 0) { if(ferror(NUA_restore_fh)) fclearerr(NUA_restore_fh); fclose(NUA_restore_fh); } if(LCN_restore_fh != 0) { if(ferror(LCN_restore_fh)) fclearerr(LCN_restore_fh); fclose(LCN_restore_fh); } if(NUA_file_fh != 0) { if(ferror(NUA_file_fh)) fclearerr(NUA_file_fh); fclose(NUA_file_fh); } if(NUA_X_restore_fh != 0) { if(ferror(NUA_X_restore_fh)) fclearerr(NUA_X_restore_fh); fclose(NUA_X_restore_fh); } if(LCN_X_restore_fh != 0) { if(ferror(LCN_X_restore_fh)) fclearerr(LCN_X_restore_fh); fclose(LCN_X_restore_fh); } if(NUA_file_restore_fh != 0) { if(ferror(NUA_file_restore_fh)) fclearerr(NUA_file_restore_fh); fclose(NUA_file_restore_fh); } if(Cap_fh != 0) { if(ferror(Cap_fh)) fclearerr(Cap_fh); fclose(Cap_fh); } Restore_Modem_params(); exittelix(0,1); } ///////////////////////////////////////////////////////////////////////////// // Address Save function // ///////////////////////////////////////////////////////////////////////////// Save_Address(int File_Handle, str File_name, str Address_Descriptor) { file_handle = fopen(file_name, "w+"); fputs(Address_descriptor, File_handle); fflush(File_Handle); fclose(File_Handle); } ///////////////////////////////////////////////////////////////////////////// // Store Modem Params // ///////////////////////////////////////////////////////////////////////////// Store_modem() { old_port_speed = get_baud(); old_data_bit = get_datab(); old_parity = get_parity(); old_port = get_port(); old_stop_bit = get_stopb(); } ///////////////////////////////////////////////////////////////////////////// // Restore Modem Params // ///////////////////////////////////////////////////////////////////////////// Restore_Modem_Params() { speed = old_port_speed; parity = old_parity; data = old_data_bit; stop = old_stop_bit; port = old_port; set_cparams(speed, parity, data, stop); set_port(port); cputs_tr(_mdm_init_str); } ///////////////////////////////////////////////////////////////////////////// // Restore last NUA from file // ///////////////////////////////////////////////////////////////////////////// Restore_file_NUA() { status_wind("Restoring previous session...", 20); NUA_file_fh = fopen(NUA_file, "r"); if(NUA_file_fh == 0) { status_wind("FATAL ERROR : Couldn't open NUA List!", 20); status_wind("Check its path in your configuration and try again", 20); kill_all(); return; } NUA_file_Restore_fh = fopen(NUA_file_restore, "r"); fgets(NUA_Buffer, 80, NUA_file_restore_fh); while(Restore_buffer != NUA_Buffer) { fgets(Restore_buffer, 80, NUA_file_fh); if (Restore_Buffer == NUA_Buffer) { status_wind("Succesful restore...", 20); } } fclose(NUA_file_Restore_fh); } ///////////////////////////////////////////////////////////////////////////// // Restore our NUA // ///////////////////////////////////////////////////////////////////////////// Restore_NUA(int Restore_file) { status_wind("Restoring previous NUA...", 20); fgets(Restore_Buffer, 80, Restore_file); NUA = stoi(Restore_Buffer); fclose(NUA_Restore_file); } ///////////////////////////////////////////////////////////////////////////// // Restore our LCN // ///////////////////////////////////////////////////////////////////////////// Restore_LCN(int Restore_file) { status_wind("Restoring previous LCN...", 20); fgets(Restore_Buffer, 80, Restore_file); LCN = stoi(Restore_Buffer); fclose(Restore_file); } ///////////////////////////////////////////////////////////////////////////// // Char by Char Connection Evaluation // // ---------------------------------- // // This evaluates the incoming diagnostics message for the string // // "Connect", and if found, flags the Connect_eval variable to TRUE. // // This is easily changed to track for "Connected" to allow for esoteric // // Diagnostics with the Connect string present. // ///////////////////////////////////////////////////////////////////////////// Check_Connect_status() { if(chr == 067) Connect_char = 067; // C if((chr == 111) && (Connect_char == 067)) Connect_char = 111; // o if((chr == 110) && (Connect_char == 111)) Connect_char = 110; // n if((chr == 110) && (Connect_char == 110)) Connect_char = 110; // n if((chr == 101) && (Connect_char == 110)) Connect_char = 101; // e if((chr == 099) && (Connect_char == 101)) Connect_char = 099; // c if((chr == 116) && (Connect_char == 099)) Connect_eval = 1; // t - Success. // The following lines are optional - comment out the line immediately // preceeding these comments, and uncomment all the following ONLY if // you are getting fouled results because of unusual network messages. // Connect_char = 116; // if((chr == 101) && (Connect_char == 116)) // Connect_char = 101; // e // if((chr == 100) && (Connect_char == 101)) // Connect_eval = 1; // d - Success } ///////////////////////////////////////////////////////////////////////////// // Network timeout check // // --------------------- // // Takes care of clearing cntrl_cnt, and clearing the call in the event // // of an unresponsive NUA. // ///////////////////////////////////////////////////////////////////////////// Check_Timeout() { if((time_up(Connect_timer)) && (cntrl_cnt < 6)) { fputs("*** Network Time Out, Local DTE Cleardown ***", cap_fh); cntrl_cnt = 7; cputs_tr(016); delay_scr(4); cputs_tr("C^M"); } } ///////////////////////////////////////////////////////////////////////////// // Connect timeout check // // --------------------- // // Takes care of clearing unresponsive system. // ///////////////////////////////////////////////////////////////////////////// Check_Timeout_2() { if((time_up(Connect_timer)) && (cntrl_cnt < herald_counter)) { fputs("*** System Time Out, Local DTE Cleardown ***", cap_fh); cntrl_cnt = herald_counter +1; cputs_tr(016); delay_scr(4); cputs_tr("C^M"); } } ///////////////////////////////////////////////////////////////////////////// // Diagnostics message logger // // -------------------------- // // Stores all network messages to file. Simply extricates network diag // // from accompanying flurry of text. // ///////////////////////////////////////////////////////////////////////////// Capture_network_message() { Connect_timer = timer_start(prod_pause); While(cntrl_cnt < 6) { if(cinp_cnt()) { chr = cgetc(); printc(chr); Check_Connect_status(); if((chr == 013) || (chr == 010)) cntrl_cnt = cntrl_cnt + 1; if(cntrl_cnt >= 4) { if((isascii(chr) || (chr == 032)) && (!iscntrl(chr))) fputc(chr, cap_fh); } } Check_Timeout(); } fputs("^M^J", cap_fh); cntrl_cnt = 0; timer_free(Connect_timer); } ///////////////////////////////////////////////////////////////////////////// // System Herald Logger // // -------------------- // // Captures the first couple of system herald lines to file in the event // // that Check_connect_status() returns TRUE, delays for XX seconds to // // ensure logging and allow for unresponsive Addresses. // ///////////////////////////////////////////////////////////////////////////// Capture_system_herald() { fputs("------------^M^J", cap_fh); cputs_tr(wake_me_up); Connect_timer = timer_start(prod_pause); while((cntrl_cnt < herald_counter)) { if(cinp_cnt()) { chr = cgetc(); printc(chr); if((chr == 013) || (chr == 010)) cntrl_cnt = cntrl_cnt + 1; if(isascii(chr)) fputc(chr, cap_fh); } Check_timeout_2(); } fputs("^M^J", cap_fh); fputs("------------^M^J", cap_fh); timer_free(Connect_timer); } ///////////////////////////////////////////////////////////////////////////// // Cut to prompt // ///////////////////////////////////////////////////////////////////////////// Scan_Addresses(int Addr_type, int Addr_range, int Addr_inc) { While(Addr_type < Addr_range) { Call_DialPlus(); while(carrier()) { if(waitfor(CUG_Menu, 10)) { cputs_tr("n^M"); if(waitfor(NUA_Menu, 10)) { if(Menu_Selection == "A") Print_NUA(); if(Menu_Selection == "B") Print_LCN(); Cntrl_cnt = 0; Connect_eval = 0; Connect_char = 0; PAD_Clear_flag = 0; flushbuf(); cputs_tr("^M"); Capture_Network_Message(); if(Connect_Eval == 1) Capture_System_Herald(); } } else { PAD_Clear_flag = 1; cputs_tr("^P"); cputs_tr("C^M"); } if(Menu_Selection == "A") Save_Address(NUA_Restore_fh, NUA_Restore_file, NUA_ITOS); if(Menu_Selection == "B") Save_Address(LCN_Restore_fh, LCN_Restore_file, LCN_ITOS); if(PAD_Clear_flag != 1) Addr_type = Addr_type + Addr_inc; if(Addr_type == Addr_range) { status_wind("Finished current scan!", 20); status_wind("Exiting script...", 20); hangup(); kill_all(); } } // while(carrier) } } ///////////////////////////////////////////////////////////////////////////// // Print an NUA // ///////////////////////////////////////////////////////////////////////////// Print_NUA() { cputs_tr(DNIC); cputs_tr(PSE); fputs(DNIC, cap_fh); fputs(PSE, cap_fh); itos(NUA, NUA_ITOS); if(NUA < 10) { cputs_tr("000"); fputs("000", cap_fh); } if((NUA > 9) && (NUA < 100)) { cputs_tr("00"); fputs("00", cap_fh); } if((NUA > 99) && (NUA < 1000)) { cputs_tr("0"); fputs("0", cap_fh); } cputs_tr(NUA_ITOS); fputs(NUA_ITOS, cap_fh); if(Menu_Selection != "D") fputs("^I", cap_fh); } ///////////////////////////////////////////////////////////////////////////// // Print a Port number / Logical Channel number // ///////////////////////////////////////////////////////////////////////////// Print_LCN() { if(Menu_Selection == "B") { cputs_tr(LCN_Target); fputs(LCN_Target, cap_fh); } itos(LCN, LCN_ITOS); if(LCN < 10) { cputs_tr("0"); fputs("0", cap_fh); } fputs(LCN_ITOS, cap_fh); fputs("^I", cap_fh); cputs_tr(LCN_ITOS); } ///////////////////////////////////////////////////////////////////////////// // Scan Addresses from file // ///////////////////////////////////////////////////////////////////////////// Scan_from_file() { While(!feof(NUA_file_fh)) { Call_DialPlus(); while(carrier()) { if(waitfor(CUG_Menu, 10)) { cputs_tr("n^M"); if(waitfor(NUA_Menu, 10)) { Print_NUA_from_file(); Cntrl_cnt = 0; Connect_eval = 0; Connect_char = 0; flushbuf(); cputs_tr("^M"); Capture_Network_Message(); if(Connect_eval == 1) Capture_System_Herald(); } } else { cputs_tr("^P"); cputs_tr("C^M"); } Save_Address(NUA_file_restore_fh, NUA_file_restore, NUA_Buffer); if(feof(NUA_file_fh)) { status_wind("Finished current scan!", 20); status_wind("Exiting script...", 20); hangup(); kill_all(); } } } } ///////////////////////////////////////////////////////////////////////////// // Get our NUAs from the external file // ///////////////////////////////////////////////////////////////////////////// Print_NUA_from_file() { fgets(NUA_buffer,80,NUA_file_fh); cputs_tr(NUA_buffer); fputs(NUA_Buffer, cap_fh); fputs("^I", cap_fh); } ///////////////////////////////////////////////////////////////////////////// // Exhaustive NUA Scanner mode // ///////////////////////////////////////////////////////////////////////////// Exhaustive_scan() { While(NUA < NUA_Term) { Call_DialPlus(); while(carrier()) { if(waitfor(CUG_Menu, 10)) { cputs_tr("n^M"); if(waitfor(NUA_Menu, 10)) { Print_NUA(); Print_LCN(); Cntrl_cnt = 0; Connect_eval = 0; Connect_char = 0; PAD_Clear_flag = 0; flushbuf(); cputs_tr("^M"); Capture_Network_Message(); if(Connect_Eval == 1) Capture_System_Herald(); } } else { PAD_Clear_flag = 1; cputs_tr("^P"); cputs_tr("C^M"); } if(PAD_Clear_flag != 1) LCN = LCN + 1; if(LCN == LCN_Range) { NUA = NUA + 1; Save_Address(NUA_X_Restore_fh, NUA_X_Restore_file, NUA_ITOS); LCN = 0; } Save_Address(LCN_X_Restore_fh, LCN_X_Restore_file, LCN_ITOS); if(NUA == NUA_Term) { status_wind("Finished current scan!", 20); status_wind("Exiting script...", 20); hangup(); kill_all(); } } } } ///////////////////////////////////////////////////////////////////////////// // Call DialPlus and take care of logging in // ///////////////////////////////////////////////////////////////////////////// call_dialplus() { delay(2); cputs_tr(modem_dial); cputs_tr(PAD_Dialup); cputs_tr("^M"); status_wind("Calling GNS DialPlus...", 10); if(waitfor("URN:", 35)) { cputs_tr("^H"); cputs_tr("^H"); cputs_tr("^H"); cputs_tr("^H"); cputs_tr(Valid_NUI); cputs_tr("^M"); Redial_Count = 0; } else { if(Redial_Count == Max_Redial) { status_wind("Couldn't connect to DialPlus - Exiting Program", 20); kill_all(); } else { Redial_Count = Redial_Count + 1; delay(20); } status_wind("Couldn't connect to GNS DialPlus!", 20); status_wind("Attempting re-connection - Please be Patient...", 40); hangup(); } } ///////////////////////////////////////////////////////////////////////////// // (C) Tewlz 4 Fewlz Software Development Laboratories, 1997 // ///////////////////////////////////////////////////////////////////////////// /* * X.25 Random Address Generator v2.0b * (C) Tewlz 4 Fewlz Software Development Laboratories, 1997 * * Generates a file of randomly ordered NUAs, up to 9999, for X.25 * Addressing schema. Also allows Sprintnet / Telenet ITI X.121 * NUA Generation, ala: * * 0-DNIC-PSE-NUA-LCN * * "TrUL33, mY Cee iS Phr34kee 2tYL33!" */ #include #include #include #include #include #define MAXVALS 10000 /* Max permissable table[] value */ int main(int argc, char *argv[]) { int i; /* General Purpose Counter */ int generated; /* Stepper variable for table[] */ time_t time_pointer; /* Pointer to time variable */ int iteration; /* No. we're at in our generation field */ int gene_field; /* Max field/no. of integers to generate */ int addr_len_check; /* String evaluation of nua_prefix */ int table[MAXVALS]; /* Array of flags to check for dupes */ FILE *output; /* Output Device */ if( (argc > 3) || (argc == 1)) { printf("X.25 Address Generator - (C) Tewlz 4 Fewlz Software Development Labs\n\n"); printf(" Usage : x25_rand \n"); printf(" If no output file is specified, output is written to STDOUT.\n"); exit(1); } if(argv[2] == NULL) output = stdout; else { if((output = fopen(argv[2], "w")) == NULL) { printf("x25_rand : Error - couldn't open specifed output file!\n"); exit(1); } } addr_len_check = strlen(argv[1]); switch(addr_len_check) { case 8: { iteration = 10000; gene_field = 10000; break; } case 9: { iteration = 1000; gene_field = 1000; break; } case 10: { iteration = 100; gene_field = 100; break; } case 11: { iteration = 10; gene_field = 10; break; } case 12: { iteration = 100; gene_field = 100; break; } default: { printf("X.25 Address Generator - (C) Tewlz 4 Fewlz Software Development Labs\n\n"); printf(" Usage : x25_rand \n"); printf(" If no output file is specified, output is written to STDOUT.\n"); exit(1); } } for(i = 0; i < MAXVALS; i++) /* Initialise the pass-check array */ table[i] = 1; for(i = 0; i < gene_field; i++) /* Zero out our working range */ table[i] = 0; srand((unsigned) time(&time_pointer)); /* Spin the wheel of fortune... */ i = 0; while(i < iteration) { generated = (rand() % gene_field); if(table[generated] == 0) { fprintf(output, "%s", argv[1]); switch(addr_len_check) { case 8: { if((generated < 1000) && (generated > 100) && (generated > 10) ) fprintf(output, "0"); if((generated < 100) && (generated > 9)) fprintf(output, "00"); if(generated < 10) fprintf(output, "000"); break; } case 9: { if((generated < 100) && (generated > 9)) fprintf(output, "0"); if(generated < 10) fprintf(output, "00"); break; } case 10: { if(generated < 10) fprintf(output, "0"); break; } case 11: /* Keep this, or our code might */ { /* barf if we generate to this */ break; /* size of mask. */ } case 12: { if(generated < 10) fprintf(output, "0"); break; } } fprintf(output, "%d\n", generated); table[generated] = 1; i++; } } fclose(output); return 0; } We have an in-depth look at the X.25 protocol stack and packet formats, alongside a list of MAC Hardware fingerprints next issue.