Wardialing was like Shodan before Shodan was a thing. You’d hook a PC to a modem and run programs like ToneLoc or PhoneSweep to dial thousands of phone numbers, hunting for modems that answered with that screech. A hit could be a random PC, a corporate server, or even a school’s grade database. But what happened after the connection? How did the computer know what to do? And what software even exists today to try this? Spoiler: it’s grim. Spoiler, unfortunately, programs like this are not made today, with the only VoIP wardialer I could find being so stupid, non non-exe GitHub project, and PhoneSweep, which costs nearly 2000 dollars.
However, like nearly every hacking article today, war dialing is explains as a ‘concept’ not how it was done in practice. I dug up an old PDF of Hacking Exposed that spells it out: dial numbers, listen for modem tones, log the hits. But it skips what systems were waiting on the other end. You couldn’t just plug in a phone line and get a Windows shell—it wasn’t that easy.
In the late ‘90s, some programs had built-in dial-up modes. Database tools like FileMaker Pro (versions 4–6, check the version 5 manual on the Internet Archive and Microsoft Access let you dial into a PC running the same software. With the client app installed, you could connect to a school’s grade database or a business’s inventory system over a modem. Bulletin Board Systems (BBSes) were another beast—you’d use a terminal emulator like PuTTY or Tera Term (still kicking on modern Windows) to dial a number and navigate a text-based interface, maybe even pulling up grade files if the school ran a BBS.
Then there’s Windows XP’s Remote Access Service (RAS), which was a big deal back then. As I ranted on This Week In TheTechBoy Podcast, “Microsoft had this thing called… remote access service that worked over this in Windows XP… in Windows XP Pro” (37:44). RAS let someone dial into a PC over a phone line, and if set up, “it would ask for a username and a password give them access and you could browse shared folders run programs and even control desktop” with extra software installed (42:12). It was a core feature in XP Pro, less so in XP Home, which had me scratching my head about Microsoft’s logic: “why are you people adding security risks if… remote desktop is a security risk on Windows 10 and Pro but you’re not adding it on the home version” (41:35). RAS gave you network access—think shared folders or printers—but no graphical interface on its own. For full desktop control, like a hacker tweaking grades, you needed something like pcAnywhere. That software, paired with a client on another PC, let you take over the remote system via dial-up, making it a prime tool for sneaky grade-changing schemes.
Today, recreating this is tough. Windows 10 and 11 ditched RAS for modem dial-in, and cellphones can’t handle analog modem signals—digital networks just don’t play nice. Join me as I go on my hunt for wardialing. God Bless and Tech Talk To You Later!!
Please make the comments constructive, and vulgarity will not be tolerated!