@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@! !@ !@ @! P/H/A PRESENTS... @! !@ !@ @! Network User Address (NUA) Attacker v1.05 @! !@ Documentation !@ @! Program By Doctor Dissector @! !@ !@ @! Dox By Dark Helmet @! !@ !@ @!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@!@! \ This documentation was compiled and written on 03/30/90 at 11:00pm. / ------------------------------------------------------------------------ \ This documentation was updated on 04/04/90 By Doctor Dissector. / ---------------------------------------------------------------------- [0.0] CONTENTS ----------------------------------------------------------- Section Subject ======= ============================================================ 0.0 Contents - You're fuckin' looking at it! 1.0 Introduction. 1.1 Files - Description of, Use of, etc... 1.2 Running NUA Attacker. 1.3 Setting up your scan. 1.4 Setting up your modem. 1.5 Scanning, Status Screen. 1.6 Version History 1.7 Credits, Conclusion, P/H/A. ======= ============================================================ -------------------------------------------------------------------------- [1.0] INTRODUCTION ------------------------------------------------------- Well, this is the first original P/H/A Release. NUA Attacker was programmed in Turbo C v2.0 by Doctor Dissector. The purpose of NUA attacker is to call SprintNet and scan NUAs. The range of NUAs to be scanned, of course, are provided by the user of the program. In the accompanying file, SND390.TXT, there is a list of NEARLY all the SprintNet dialups in the U.S.A. Refer to it for your nearest dialup. This program also includes mouse support for an increase in the ease of use. Any and all bugs found should be reported to any P/H/A member, namely Doctor Dissector, Dark Helmet, Killer Korean, or Anonymous Anarchist. Now onto the procedures and use of NUA Attacker. -------------------------------------------------------------------------- [1.1] FILES -------------------------------------------------------------- In the ZIP file you should have got the following files: NUAA.EXE - Main Program NUAA.DOC - Documentation (You're reading it now!) README.PHA - READ THIS FIRST! SND390.TXT - List of SprintNet Dialups. NUA Attacker will create the following files: NUAA.CFG - NUAA's current attack/modem configuration. NUAFILE.PHA - List of NUAs that NUA Attacker connected to. LOGFILE.PHA - List of NUAs that NUA Attacker did not connect to. This file also shows the response code NUA Attacker received. * NOTE: The NUAfile and the Logfile filenames can be changed. These are the files that NUA Attacker will use. NUAFILE.PHA and LOGFILE.PHA are both ASCII compatible text files, so you can TYPE these files to view them or use LIST or anything of the sort. In addition, if the filename given already exists, any data to that filename will be appended at the EOF mark in the existing file. -------------------------------------------------------------------------- [1.2] RUNNING NUAA ------------------------------------------------------- To run NUA Attacker enter the following. C:\>NUAA [/I] The '/I' option will allow you to run NUA Attacker without it initializing the modem before scanning. When you go to "Begin attack," NUAA will begin scanning, so if you had logged onto a system previously, you should be logged onto SprintNet, and at the '@' prompt. -------------------------------------------------------------------------- [1.3] SCAN SETUP --------------------------------------------------------- Setting up your scan can be done by going to the 'Setup attack' option on the top selection bar. The options that follow selecting this option are as follows: Phone Number - SprintNet Dialup number (See SND390.TXT). Starting NUA** - NUA* to begin scanning at. Ending NUA** - NUA* to terminate scanning at. Timeout - Time (seconds) to wait for response from NUA. Bad Pad - Whether or not the SprintNet PAD you are dialing is slow to react. This will prompt NUA Attacker to send a string of / instead of the normal / for the TERMINAL= prompt. Log filename - Name of file to output any non-connections and error messages. (LOGFILE.PHA, Default) NUA filename - Name of file to output any connecting NUAs. (NUAFILE.PHA, Default) While in the 'Setup attack' window, there are some valid hotkeys. They are: ESC - Abort setup. ALT-S - Save setup to memory. Cursor Keys - Scroll through fields. When you are done setting up your scan, you might want to save the setup to disk also (not only temporary memory). This can be done by entering the 'File commands' and selecting the 'Save options' option. The attack setup and modem parameters are saved in the same file also, so this command will also save the current modem parameters to disk. Also, if you fuck up your setup by accident, but haven't saved it to disk yet, you can restore your setup that is saved to disk by entering the 'File commands' and choosing the 'Load options' option. This also goes for the modem parameters. ------- * Notes on Decimal Scanning (v1.05) Decimal scanning can be done WITHOUT inserting decimals and sending the resultant string to SprintNet. Refer to the following diagram for a brief explanation of this application. SprintNet Network International Address Format (X.121) ------------------------------------------------------ ------------------------------------------ (Zero) SprintNet Terminal | Handler that Formats the | X.121 Address | | | ---------------------------------- Data Network Identifier | | Code (DNIC) | | | | | | -------------------------- Area Code of Host | | | | | | | | | ---------------- DTE Address of Host | | | | | | | | | | | | --------- Port Address | | | | | | | | | | |0| |DDDD| |AAA| |HHHHH| |PP| |------- Optional 'Subaddress' Field for Packet Mode DTE Noticed the 'PP' part of the NUA. This is where SprintNet will acknowledge that you want a decimal instead of a whole number NUA. Examples of decimal scans are: Local International SprintNet NUA*** Starting NUA: 2120050101 031102120050101 212501.01 Ending NUA: 2120060105 031102120060105 212601.05 *** SprintNet NUA: Denotes what SprintNet will translate the incomming NUA from NUA Attacker to. NUA Attacker will start with 212501.01, then 212501.02, then 212501.03... until it reaches 212601.05, then it will stop. SprintNet only supports ports to the hundereths digit. ------- ** Notes on NUA format: The format of the NUA when entering it in the setup fields must be done in a certain way. For example, if you put: Starting NUA: 6191 *WRONG* Ending NUA: 619100 *RIGHT* would do start at 6191, then go up to 6199, but then it will skip to 6200. Therefore, you must do the following: Starting NUA: 619001 *RIGHT* Ending NUA: 619100 *RIGHT* The point is, the two fields should be the same length. -------------------------------------------------------------------------- [1.4] MODEM SETUP -------------------------------------------------------- Selecting the 'Modem parameters' will take you to a window with the following information in it: COM Port - Port that your modem is on. Baud Rate - Baud Rate to connect to SprintNet with. 300, 1200, 2400, or 9600 ONLY. Initialization - Initialization string to send before scanning. This is totally Hayes Compatible. Dial Prefix - Prefix to use before sending the phone number to the modem. Dial Suffix - Character to send after the phone number is sent to the modem. Usually a carrige return or extra if calling through a PBX. Hangup - String to send to modem to hangup. The same hotkeys apply to this window as do to the 'Setup attack' window. Also, the methods for saving these values to disk are outlined in the 'Setup attack' section of these dox. The rest of the options in this section are all self-explanatory so I won't go into detail on them. If you don't know what the fuck is going on, then quit using this and go to hell! -------------------------------------------------------------------------- [1.5] SCANNING ----------------------------------------------------------- OK, now to the good part, actually scanning something. Choosing the 'Begin attack' option on the top status bar will tell NUA Attacker to commence the scan. The order of operations when you select 'Begin attack' is as follows: 1. Initializes Modem. 2. Dials SprintNet Dialup entered in 'Setup attack.' 3. Sends / if Bad Pad is 'N', or sends a string of / until the TERMINAL= prompt if Bad Pad is set to 'Y.' 4. Waits for 'TERMINAL=' prompt and enters 'D1' NOTE: 'D1' means a personal computer has connected. 5. Waits for '@' prompt. 6. Begins scanning from 'Starting NUA' entered in 'Setup attack.' When it finishes scanning the desired NUAs, NUA Attacker will hangup the phone, then it will end the attack. There are also some hotkeys you can use while NUA Attacker is scanning. They are: ALT-B - Sends a BREAK signal to SprintNet. This may be necessary to break out of some manual scanning on SprintNet. ALT-H - Send hangup string to modem, place NUAA in PAUSE mode. ALT-X - Hangup modem and exit attack. If you exit the attack before the last NUA has been scanned, NUAA will save your configuration with the starting NUA as the last NUA NUAA has scanned during the session you just killed. This allows you to continue the scan without changing values at a later date. ESC - Pause scan. This will enable you to enter anything you need to while still online. This just transfers control from NUA Attacker to the user, or makes NUAA a dumb terminal. The status screen is the bottom window on your screen. It contains the following information: Starting NUA - NUA that NUA Attacker started scanning at. Ending NUA - NUA that NUA Attacker will end with. Connections - Number of connections found on the current scan. Current NUA - NUA that NUA Attacker is currently scanning. Log - Logfile filename. NUA - NUAfile filename. In addition, the very last line on your screen contains some other information that may be useful. It contains: Time/Elapsed - Gives current REAL time and the elapsed time on the current scan. These are separated by a '/'. Status - Gives current response code and/or modem information. Last - Gives the last response code and/or modem information. Some PADs have a hard time connecting at higher baud rates for some fucked up reason, so if you run into one that just fucks all hell out of your computer, try logging on at a lower baud rate. This happens especially with 2400 and up. Try 1200 and below. -------------------------------------------------------------------------- [1.6] VERSION HISTORY ---------------------------------------------------- Version Date Notes ------------- -------- ------------------------------------------------- 0.99 BETA 03/28/90 First version of NUAA. Dark Helmet & Doctor Dissector beta tested this version for 2 days. 1.00 Standard 03/30/90 Official release of NUAA. Minor adjustments made from beta version. NUAA.CFG is incompatible with .99 BETA version. 1.01 Standard 03/30/90 Quick fixes for 1.00. This included improved colors and a 'Bad Pad' feature. NUAA.CFG is incompatible with 1.00 Standard version. 1.05 Standard 04/04/90 Bug fix. All older NUAA versions rounded the starting and ending NUA's off when they exceeded 10 or so charachters in length. This was fixed. Menu bar color changed. Decimal feature removed, since SprintNet will add decimals automatically if the NUA is long enough. Bad Pad feature fixed to allow more compatibility with slow responding PADs. Logfile modified a bit, not noticable. Size reduced about 2k. NUAA.CFG is incompatible with 1.01 Standard version. -------------------------------------------------------------------------- [1.7] CONCLUSION --------------------------------------------------------- That's the overview of how to use NUA Attacker. This can be most useful when looking for PSNs, UNIXs, outdials, and shit like that. Well, now that you have this piece of shit, use it! Relay anything great or interesting you find to any P/H/A member. Also, any bugs you find should be sent to P/H/A also! Credits: (c)1990 (04/04/90) P/H/A Software Development Team. Written and Programmed by Doctor Dissector. Documentation Written by Dark Helmet. Special Thanx to the rest of P/H/A. P/H/A are: Doctor Dissector, Dark Helmet, Killer Korean, and Anonymous Anarchist. P/H/A Nodes: Insidious Infuzion - P/H/A HQ - SysOp: Doctor Dissector Internal Stack III - P/H/A #2 - SysOp: Dark Helmet Greets to: cDc - Where ya been? NARC - You're getting there. NAPPA - HELLO? Hello? hello? ........... INC, NYC, THG, FiRM - You ALL suck! (hehe) Stop feuding! Ex-P500 Members - Whaddup? PHRACK Editors - Don't bend over for the soap! StudZ - Need a little bit more activity boyz. NWA - We love your albums. "Fuck Tha Police!" Eazy-E - Fuck you man! Kick more ass! New album! Fuck Off to: Wizdom - (of CCOPS) - This dude is a lamer! All Telco Employees - Why make it so difficult? It's gonna happen anyway! Cops - Watch out for that cone! ----------------------------------------------------------------------- (c)1990 P/H/A (Phreakers/Hackers/Anarchists), Software Development Team