THC-SCAN





THC-SCAN

THC-Scan, also written for DOS, took the best parts of ToneLoc and added a few new features. THC-Scan also manages phone numbers through .dat files, although the format is unique. Because the documentation for this tool is complete, we'll focus on examples that show the similarity of THC-Scan to ToneLoc, that show off a new feature, or that cover any of the unspoken "gotchas" that creep into tools.

Note 

If you receive a "Runtime error 200" error when running any of the THC-Scan tools, you will need to recompile the source (if you can find a Pascal compiler), run it in a DOS emulator (doscmd, dosemu), or try using Windows XP.

The pun-laden THC group, or The Hackers Choice, also has other tools covered in this book. If you are interested in more of their phone-hacking tools, you may wish to try THC-Dialup Login Hacker (recently updated) or THC-PBXHacker (from 1995). Each tool has a very narrow use but might come in handy when testing old dial-up systems.

Implementation: Configuring THC-Scan

THC-Scan is about the most user-friendly DOS-based program we've seen. Each option in the configure screen (see Figure) has a short description for each setting.

Image from book
Figure: Configuring THC-Scan

Probably the only change you'll need to make in the MODEM CONFIG menu is to set the correct COM port used by the modem. Figure shows this menu.

Image from book
Figure: Modem configuration options

The MODEM RESPONSES menu allows you to customize the name of possible responses. The interesting column is the program to execute. You can specify an external program, such as HyperTerminal or PCAnywhere. Then, if THC-Scan detects a certain response string, you can launch the specified program with one of the function keys (F1 through F8). Note that you have to specify the program in the EXECUTE CONFIG menu before you can assign it here. Also, you'll have to use the DOS 8.3 naming convention, so if the file is in C:\Program Files\ remember to call it C:\Progra~1. Figure shows the default Modem Response menu.

Image from book
Figure: Modem responses

You can change the name of the logfiles for the scan, but it's usually easier to leave this menu in the default (see Figure) and use the /P option on the command line to instruct THC-Scan to store all of the logfiles in a custom directory.

Image from book
Figure: Logfiles

Finally, the MISCELLANEOUS menu is important for setting the time delays during and between dials.

Implementation: Running THC-Scan

Every command-line option for ToneLoc, with the exception of /C (alternate configuration file) and /T (only report Tones), works with THC-Scan. One cool feature of THC-Scan is that it can accept phone numbers from a text file, which is handy when you need to dial disparate ranges in multiple exchanges. Specify the text file (following the 8.3 naming convention) after the @ symbol:

C:\thc-scan.exe @num_list.txt

Another feature of THC-Scan is basic support for distributed dialing. This enables you to run a session across multiple computers. THC-Scan comes with a batch file in the /misc directory called netscan.bat, which outputs the necessary command line for each of three, five, or ten different computers in the modem pool. You need to add an environment variable, CLIENT, to specify the client number of the current computer. You can do this from the command line; however, you may need to edit the CLIENTS (plural) and DEEP variables in the netscan.bat file. THC-Scan launches immediately after the batch file, so make sure it is in your path and that the ts.cfg file is correct.

C:\set CLIENT=1 && netscan.bat 9495555
C:\THC-SCAN 1-949555 /M:949555 R:0-3333 /Q
C:\set CLIENT=2 && netscan.bat 9495555
C:\THC-SCAN 2-949555 /M:949555 R:3334-6666 /Q
C:\set CLIENT=2 && netscan.bat 9495555
C:\THC-SCAN 3-949555 /M:949555 R:6667-9999 /Q
Note 

All .dat file manipulation must be done manually.

In the preceding example, the full phone exchange for 949-555-0000 through -9999 is split across three computers. Notice that most of the work for running the modems and managing the .dat files still has to be done by hand. Nor does this method work for numbers in disparate exchanges. In this aspect, THC-Scan's support of modem pools is not very robust.

Implementation: Navigating THC-Scan

THC-Scan also provides shortcut keys to interact with a currently running scan. Like ToneLoc, you can mark a number as it is being dialed. Figure lists these options.

Figure: THC-Scan Description Shortcut Keys

Shortcut Key

Description

B

BUSY

C

CARRIER

F

FAX

G

GIRL (not a useful designator, merely indicates that the number was answered, but not by a modem)

I

INTERESTING

S

Saves a specific comment for the current number

T

TONE

U

UNUSED (This is different than ToneLoc's UNDIALED designator. Indicates that the number is not in service.)

V

VMB (Voice Mail Box)

0–3

Custom description 1, 2, or 3 (Use one or more of these to describe a number if any of the previous options are insufficient.)

[SPACEBAR]

UNINTERESTING

Of course, you can also manipulate the modem and dialing process. Figure lists those options.

Figure: THC-Scan Command Shortcut Keys

Shortcut Key

Description

M
[ENTER]

Redials the current number.

N
[TAB]

Proceeds to the next number without marking the current number with a description.

P

Pauses the scan. Press any key to continue. Press r to redial, h to hang up, or n to hang up and proceed to the next number.

X
+

Extends the current timeout by five seconds.

Decreases the current timeout by five seconds.

[ESC]

Quits the program.

ALT-O

Runs ts-cfg.exe to modify the configuration. Changes take effect immediately.

ALT-S

Toggles the modem speaker on or off.

Implementation: Manipulating THC-Scan .dat Files

The /P and /F options provide file and data management from the command line. If the /P option is provided with the directory, such as /P:555dir, all output (.dat and .log files) will be written to that directory. The /F option provides additional output in a format that you can import into a Microsoft Access database. This lets you create customized reports, derive statistics, and otherwise track large datasets.

Dat-* Tools

You can share data from ToneLoc with THC-Scan. Use the dat-conv.exe tool to convert .dat files from ToneLoc format to THC-Scan format. Specify the source .dat file and a name for the new file, as shown in the following listing.

C:\>dat-conv.exe toneloc.dat thcscan.dat
DAT Converter for  TONELOC <-> THC-SCAN  v2.00   (c) 1996,98 by van Hauser/THC
Mode :  TL -> TS
Datfile input : TONELOC.DAT
Datfile output: THCSCAN.DAT
ID for NOTE   : CUSTOM1 (224)
ID for NODIAL : UNDIALED (0)

Dat-manp.exe is an analog to ToneLoc's tlreplac.exe, plus it also permits numeric identifiers instead of a string, such as referring to UNDIALED numbers as 0 (zero). For example, here's how to replace BUSY numbers with UNDIALED:

C:\>dat-manp.exe test.dat BUSY UNDIALED
DAT Manipulator v2.00   (c) 1996,98 by van Hauser/THC [email protected]
Writing .BAK File ...
DAT File : TEST.DAT
DAT Size : 10000 bytes (+ 32 byte Header)
Exchange : 8 (All ring counts)
... with : 0 (transferring rings)
Changed  : 479 entries.

You could also refer to the BUSY tag as 8. Other name/numeric combinations are listed in the datfile.doc file that is part of the package's contents. THC-Scan uses numbers 8–15 to designate busies, incrementing the value for each redial.

Statistics for a .dat file are generated by the dat-stat.exe command:

C:\tools\thc-scan\BIN\DAT-STAT.EXE test.dat
DAT Statistics v2.00   (c) 1996,98 by van Hauser/THC [email protected]
DAT File : TEST.DAT (created with THC-SCAN version v2.0)
Dialmask : <none>
UnDialed :  480 ( 5%)
Busy     :    0 ( 0%)
Uninter. :    2 ( 0%)
Timeout  : 3563 (36%)
Ringout  : 3683 (37%)
Carriers :   29 ( 0%)
Tones    :    0 ( 0%)
Voice    : 2242 (22%)  [Std:2242/I:0/G:0/Y:0]
VMB      :    0 ( 0%)
Custom   :    1 ( 0%)  [1:1/2:0/3:0]
0 minutes used for scanning.
Previous Section
Next Section


 Python   SQL   Java   php   Perl 
 game development   web development   internet   *nix   graphics   hardware 
 telecommunications   C++ 
 Flash   Active Directory   Windows