path: root/scripts
diff options
Diffstat (limited to 'scripts')
8 files changed, 560 insertions, 0 deletions
diff --git a/scripts/README b/scripts/README
new file mode 100644
index 0000000..088cb09
--- /dev/null
+++ b/scripts/README
@@ -0,0 +1,91 @@
+This directory contains a set of scripts which have been used on Linux
+systems to initiate or maintain a connection with PPP. The files in
+this directory were contributed by Al Longyear (
+This file. You are reading it. It is just documentation.
+2. ppp-on
+This script will initiate a connection to the PPP system. It will run
+the chat program with the connection script as a parameter. This is a
+possible security hole. However, it is simple. It is meant to replace
+the previous version of ppp-on which was not very functional.
+The ppp-on script has entries for the account name, password, IP
+addresses, and telephone numbers. The parameters are passed to the
+pppd process and, then in turn, to the second part of the connect
+script, as a set of environment variables.
+Please make sure that you put the full path name to the ppp-on-dialer
+script in the reference to it in ppp-on.
+3. ppp-on-dialer
+This is the second part to the simple calling script, ppp-on. It
+executes the chat program to connect the user with a standard UNIX
+style getty/login connection sequence.
+4. callback
+This script may be used in lieu of the ppp-on-dialer to permit the
+common modem callback sequence. You may need to make changes to the
+expected prompt string for the modem.
+The script works by disabling the system's detection of the DCD
+condition and working on the modem status message "NO CARRIER" which
+is generated when the modem disconnects.
+It is crude. It does work for my modem connection. Use as you see fit.
+5. redialer
+The redialer script is a replacement for the ppp-on-dialer script. It
+will do 'attack dialing' or 'demon dialing' of one or more telephone
+numbers. The first number which responds will be used for a
+There is a limit of ten attempts and a 15 second delay between dialing
+attempts. Both values are set in the script.
+6. ppp-off
+This is a script which will terminate the active ppp connection. Use
+as either "ppp-off" to terminate ppp0, or "ppp-off <device>" to
+terminate the connection on <device>. For example, "ppp-off ppp2" will
+terminate the ppp2 connection.
+7. secure-card
+This script was written by Jim Isaacson <>. It is a script
+for the 'expect' programming language used with Tcl. You need to have
+expect and Tcl installed before this script may be used.
+This script will operate with a device marketed under the name "SecureCARD".
+This little device is mated with its controller. On the credit card size
+device, there is a sequence number which changes on a random basis. In order
+for you to connect you need to enter a fixed portion of your account name
+and the number which is displayed on this card device. The number must match
+the value at the controller in order for the account name to be used.
+The problem is that chat uses fixed response strings. In addition, the
+timing for running the script may prevent the use of a script that reads the
+value before it starts the dial sequence. What was needed was a script which
+asked the user at the user's console at the time that it is needed.
+This led to the use of expect.
diff --git a/scripts/callback b/scripts/callback
new file mode 100755
index 0000000..3e74e10
--- /dev/null
+++ b/scripts/callback
@@ -0,0 +1,77 @@
+# Script to dial the remote system, negotiate the connection, and send
+# it the id. Then wait for the modem to disconnect. Reset the modem
+# to answer mode and wait for the system to call back.
+# The telephone number and modempass are used when establishing the
+# connection to the modem.
+# Once the modem calls back, the account name and password are used for
+# a UNIX style login operation.
+# Step 1. Dial the modem and negotiate the initial dialog.
+# note: the modem is configured to ignore loss of DCD at this point.
+# it is important that this be performed because the loss of DCD
+# will normally prevent system from working since 'modem' is used
+# for pppd.
+# The script is terminated normally when the carrier is lost.
+chat -v \
+ ABORT '\nBUSY\r' \
+ ABORT '\nRINGING\r\n\r\nRINGING\r' \
+ '' AT \
+ 'OK-+++\c-OK' 'AT&C0&D2S0=0H0 \
+ TIMEOUT 30 \
+ CONNECT '' \
+ assword: $MODEMPASS \
+ "\nNO CARRIER\r"
+if [ "$?" = "0" ]; then
+# Step 2. Wait for the call back from the remote. This will wait for at most
+# 30 seconds for the call back should the first attempt fail or
+# something happen with the callback logic at the remote.
+# note: when the callback occurs, the DCD setting is re-enabled.
+# If some voice call should happen during this period, the system will
+# answer the telephone and then hang up on them. I realize that this is
+# rude, but there is little that this script can do.
+ chat -v \
+ TIMEOUT 30 \
+ ABORT '\nVOICE\r' \
+ '\nRING\r' 'AT&C1A' \
+ CONNECT '' \
+ TIMEOUT 10 \
+ ogin:--ogin: $ACCOUNT \
+ TIMEOUT 45 \
+ assword: $PASSWORD
+ if [ "$?" = "0" ]; then
+ exit 0
+ fi
+# The script has failed. Terminate the connection mode.
+chat -v TIMEOUT 3 "" AT 'OK-+++\c-OK' 'AT&C1&D2S0=0H0' OK
+exit 1
diff --git a/scripts/chat-callback b/scripts/chat-callback
new file mode 100644
index 0000000..d014d6a
--- /dev/null
+++ b/scripts/chat-callback
@@ -0,0 +1,98 @@
+# =====================================================================================
+# Chat script to dial our Company PPP account.
+# They uses a call-back system to identify us and to reverse
+# charge the call cost.
+# =====================================================================================
+# All the usual abort strings
+# If calling outside allowed time we get this:
+ABORT "Access denied"
+# Modem initialisation stuff
+SAY "Initialising modem ...\n"
+'' ATE1
+'OK\r\n' ATS0=1S11=60X4&K4S42.1=1
+# Now dial our ISP and wait for connection
+SAY "Dialling our ISP ...\n"
+'OK\r\n' ATDT09834657
+SAY "Connected ...\n"
+# This is the first stage login, we identify ourself so that the remote
+# system will agree to call us back.
+SAY "Sending Callback login ID ...\n"
+name:-BREAK-name: callme
+# From now on, we must assume no carrier is normal as well
+# as receiving a HANGUP signal because it will be the
+# case if our ISP clears the call to call us back.
+ABORT "Invalid"
+# Now send password and wait to see what happens
+SAY "Sending Callback password ...\n"
+word:--word: xvsgsgs
+"You will be" \c
+# What can happen now is:
+# either: we get "You will be called back..." which is the successful case
+# or: we get "Invalid login" and we abort (bad login ID or password)
+# or: we get "NO CARRIER" because of an error, this will not abort
+# and we will time out after 30 seconds
+# or: we get nothing and we will time out after 30 seconds
+# We reach here if we got "You will be called back..."
+CLR_ABORT "Invalid"
+SAY "Now waiting for Call back ...\n"
+# The remote system will now hangup and we will get both "NO CARRIER"
+# and a hangup signal which are ignored. We now wait for a connection
+# for up to 120 seconds. What happens here if somebody else calls before
+# the remote system is a bit dangerous:
+# If a malicious user connects and says 'name:', he will see 'PPPuser'
+# If he then says 'word:' he will see the passowrd 'blipblop'. I may not
+# know to which systems these belong to, though. It is up to you to consider
+# that case and decide wether the risk is too big or not ....
+# We have been called, re-arm ABORT on NO CARRIER and normal hangup signal
+# behaviour
+# Second stage login in order to start PPP
+SAY "Remote system called back, logging in ...\n"
+SAY "Sending login ID ...\n"
+name:-BREAK-name: PPPuser
+SAY "Sending password ...\n"
+word:--word: blipblop
+SAY "Asking to start PPP ...\n"
+'CnetSrv' "ppp default"
+"Entering PPP mode" \c
+SAY "ISP PPP started ...\n"
diff --git a/scripts/ppp-off b/scripts/ppp-off
new file mode 100755
index 0000000..a22b5ea
--- /dev/null
+++ b/scripts/ppp-off
@@ -0,0 +1,34 @@
+# Determine the device to be terminated.
+if [ "$1" = "" ]; then
+ DEVICE=ppp0
+# If the ppp0 pid file is present then the program is running. Stop it.
+if [ -r /var/run/$ ]; then
+ kill -INT `cat /var/run/$`
+# If the kill did not work then there is no process running for this
+# pid. It may also mean that the lock file will be left. You may wish
+# to delete the lock file at the same time.
+ if [ ! "$?" = "0" ]; then
+ rm -f /var/run/$
+ echo "ERROR: Removed stale pid file"
+ exit 1
+ fi
+# Success. Let pppd clean up its own junk.
+ echo "PPP link to $DEVICE terminated."
+ exit 0
+# The ppp process is not running for ppp0
+echo "ERROR: PPP link is not active on $DEVICE"
+exit 1
diff --git a/scripts/ppp-on b/scripts/ppp-on
new file mode 100755
index 0000000..ab79db4
--- /dev/null
+++ b/scripts/ppp-on
@@ -0,0 +1,36 @@
+# Script to initiate a ppp connection. This is the first part of the
+# pair of scripts. This is not a secure pair of scripts as the codes
+# are visible with the 'ps' command. However, it is simple.
+# These are the parameters. Change as needed.
+TELEPHONE=555-1212 # The telephone number for the connection
+ACCOUNT=george # The account name for logon (as in 'George Burns')
+PASSWORD=gracie # The password for this account (and 'Gracie Allen')
+LOCAL_IP= # Local IP address if known. Dynamic =
+REMOTE_IP= # Remote IP address if desired. Normally
+NETMASK= # The proper netmask if needed
+# Export them so that they will be available at 'ppp-on-dialer' time.
+# This is the location of the script which dials the phone and logs
+# in. Please use the absolute file name as the $PATH variable is not
+# used on the connect option. (To do so on a 'root' account would be
+# a security hole so don't ask.)
+# Initiate the connection
+# I put most of the common options on this command. Please, don't
+# forget the 'lock' option or some programs such as mgetty will not
+# work. The asyncmap and escape will permit the PPP link to work with
+# a telnet or rlogin connection. You are welcome to make any changes
+# as desired. Don't use the 'defaultroute' option if you currently
+# have a default route to an ethernet gateway.
+exec /usr/sbin/pppd debug lock modem crtscts /dev/ttyS0 38400 \
+ asyncmap 20A0000 escape FF kdebug 0 $LOCAL_IP:$REMOTE_IP \
+ noipdefault netmask $NETMASK defaultroute connect $DIALER_SCRIPT
diff --git a/scripts/ppp-on-dialer b/scripts/ppp-on-dialer
new file mode 100755
index 0000000..7d66765
--- /dev/null
+++ b/scripts/ppp-on-dialer
@@ -0,0 +1,17 @@
+# This is part 2 of the ppp-on script. It will perform the connection
+# protocol for the desired connection.
+exec chat -v \
+ ABORT '\nBUSY\r' \
+ ABORT '\nRINGING\r\n\r\nRINGING\r' \
+ '' \rAT \
+ 'OK-+++\c-OK' ATH0 \
+ TIMEOUT 30 \
+ CONNECT '' \
+ ogin:--ogin: $ACCOUNT \
+ assword: $PASSWORD
diff --git a/scripts/redialer b/scripts/redialer
new file mode 100755
index 0000000..5bbde4e
--- /dev/null
+++ b/scripts/redialer
@@ -0,0 +1,96 @@
+# These parameters control the attack dialing sequence.
+# Maximum number of attempts to reach the telephone number(s)
+# Delay between each of the attempts. This is a parameter to sleep
+# so use "15s" for 15 seconds, "1m" for 1 minute, etc.
+# This is a list of telephone numbers. Add new numbers if you wish
+# and see the function 'callall' below for the dial process.
+# If you use the ppp-on script, then these are passed to this routine
+# automatically. There is no need to define them here. If not, then
+# you will need to set the values.
+# Function to initialize the modem and ensure that it is in command
+# state. This may not be needed, but it doesn't hurt.
+function initialize
+ chat -v TIMEOUT 3 '' AT 'OK-+++\c-OK'
+ return
+# Script to dial a telephone
+function callnumber
+chat -v \
+ ABORT '\nBUSY\r' \
+ ABORT '\nRINGING\r\n\r\nRINGING\r' \
+ '' ATDT$1 \
+ CONNECT '' \
+ ogin:--ogin: $ACCOUNT \
+ assword: $PASSWORD
+# If the connection was successful then end the whole script with a
+# success.
+ if [ "$?" = "0" ]; then
+ exit 0
+ fi
+ return
+# Script to dial any telephone number
+function callall
+# echo "dialing attempt number: $1" >/dev/console
+ callnumber $PHONE1
+# callnumber $PHONE2
+# Initialize the modem to ensure that it is in the command state
+if [ ! "$?" = "0" ]; then
+ exit 1
+# Dial telephone numbers until one answers
+while : ; do
+ attempt=`expr $attempt + 1`
+ callall $attempt
+ if [ "$attempt" = "$MAX_ATTEMPTS" ]; then
+ exit 1
+ fi
+ sleep "$SLEEP_DELAY"
diff --git a/scripts/secure-card b/scripts/secure-card
new file mode 100755
index 0000000..a32138b
--- /dev/null
+++ b/scripts/secure-card
@@ -0,0 +1,111 @@
+#!/usr/local/bin/expect -f
+# This script was written by Jim Isaacson <>. It is
+# designed to work as a script to use the SecureCARD(tm) device. This
+# little device is mated with a central controller. The number displayed
+# on this card changes every so often and you need to enter the number
+# along with your user account name in order to gain access. Since chat
+# is based upon fixed strings this procedure will not work with chat.
+# It is included by permission. An excellent reference for the expect
+# program used by this script is in the book:
+# "Exploring Expect"
+# by Don Libes
+# Published by O'Rielly and Associates
+send_user "hello, starting ppp\n"
+system "stty 19200 -echoe -echo raw < /dev/cua3 > /dev/cua3"
+# These are the parameters for the program.
+set user Pxxxxxx
+set password xxxxxxx
+set modem /dev/cua3
+set dialup <put phone number here>
+set timeout 60
+spawn -noecho -open [open $modem "r+"]
+send "AT&F\r"
+expect "OK"
+send "ATe0v1x4&c1q0&d2&c1s2=128s0=0DT $dialup\r"
+set timeout 15
+set counter 0
+set still_connecting 1
+expect {
+ -re ".*CONNECT.*\n" {
+ set timeout 5
+ set still_connecting 0
+ continue -expect
+ }
+ -re ".*CONNECT.*\r" {
+ set timeout 5
+ set still_connecting 0
+ continue -expect
+ }
+ -re ".*NO.*CARRIER" {
+ send_user "Failed to Connect, exiting...\n"
+ exit
+ }
+ -re ".*NO.*DIAL.*TONE" {
+ send_user "Failed to Connect, exiting...\n"
+ exit
+ }
+ -re ".*VOICE" {
+ send_user "Failed to Connect, exiting...\n"
+ exit
+ }
+ -re ".*sscode:.*\n" {
+ continue -expect
+ }
+ -re ".*sscode:" {
+ set timeout -1
+ expect_user -re "(.*)\n"
+ send "$expect_out(1,string)\r"
+ set timeout 30
+ continue -expect
+ }
+ -re ".*Next.*:" {
+ set timeout -1
+ expect_user -re "(.*)\n"
+ send "$expect_out(1,string)\r"
+ set timeout 30
+ continue -expect
+ }
+ -re "Your.*" {
+ send "\r"
+ continue -expect
+ }
+ -re ".*in:" {
+ send "$user\r"
+ continue -expect
+ }
+ -re ".*word:" {
+ send "$password\r"
+ }
+ timeout {
+ if { $still_connecting > 0 } {
+ continue -expect
+ }
+ set timeout 15
+ send "\r"
+ incr counter
+ if { $counter > 8 } {
+ send_user "Cannot Connect\n"
+ exit
+ } else {
+ continue -expect
+ }
+ }
+overlay -0 $spawn_id -1 $spawn_id pppd /dev/cua3 19200 \
+ crtscts modem defaultroute debug