#!/bin/sh

#
# $Id: nuascan,v 1.1.1.1 2008/03/17 09:18:45 raptor Exp $
#
# nuascan - Proof-of-concept of l33t X.25 NUA bruteforcer
# Copyright (c) 2008 Marco Ivaldi <raptor@0xdeadbeef.info>
#
# "Love is the law, love under will." -- A. Crowley
#
# Quick'n'dirty proof-of-concept of an X.25 NUA bruteforcer. I'm proud 
# to confirm that X.25 hacking is still alive and kicking as of 2008;) 
# Dedicated to "my" beautiful lady z*
#
# Other l33t X.25 goodies: ADMscanLink.tgz, ADMx25_2.6.0.5.tar.gz, cudscan,
# fvudu, padxploit.c, psibrute.com, revscan, vudu, x25bru.c, x25cat.pl,
# xotclient.tgz.
#       

# Some vars (change them if needed)
tmp=vudu.tmp
valid=vudu.nua
pad=pad

# Response codes (SCO netX.25 pad)
com="Verbindung hergestellt"
comdte="Verbindungsdauer"
dte="Call cleared by remote DTE"
der="Remote DTE is out of order"
rpe="Remote procedure error"
na="Access barred"
nc="Network congestion"
occ="Remote DTE is busy"

# Command line
base="$1"
start="$2"
end="$3"
suffix="$4"
current=$start

# Interactive logging
echo ""
echo "*** VUDU X.25 Scanner for Unix ***"
echo ""
echo "[ Starting with: ${base}${start} ]"

# Perform the scan
while :
do
        $pad $base$current$suffix >$tmp 2>$tmp

# COM
        if fgrep "$com" $tmp > /dev/null; then
                echo "${base}${current}${suffix}  (OK)"
                echo "${base}${current}${suffix}  (OK)" >> $valid
# COM+DTE
        elif fgrep "$comdte" $tmp > /dev/null; then
                echo "${base}${current}${suffix}  COM+DTE"
                echo "${base}${current}${suffix}  COM+DTE" >> $valid
# DTE
        elif fgrep "$dte" $tmp > /dev/null; then
                echo "${base}${current}${suffix}  DTE"
                echo "${base}${current}${suffix}  DTE" >> $valid
# DER
        elif fgrep "$der" $tmp > /dev/null; then
                echo "${base}${current}${suffix}  DER"
                echo "${base}${current}${suffix}  DER" >> $valid
# RPE
        elif fgrep "$rpe" $tmp > /dev/null; then
                echo "${base}${current}${suffix}  RPE"
                echo "${base}${current}${suffix}  RPE" >> $valid
# NA
        elif fgrep "$na" $tmp > /dev/null; then
                echo "${base}${current}${suffix}  N/A"
                echo "${base}${current}${suffix}  N/A" >> $valid
# NC
        elif fgrep "$nc" $tmp > /dev/null; then
                echo "${base}${current}${suffix}  NC"
                echo "${base}${current}${suffix}  NC" >> $valid
# OCC
        elif fgrep "$occ" $tmp > /dev/null; then
                echo "${base}${current}${suffix}  OCC"
                echo "${base}${current}${suffix}  OCC" >> $valid
        else
                echo "${base}${current}${suffix}"
        fi

# Go for the next address
        if [ $current -eq $end ]; then
                break
        else
                current=`expr $current + 1`
        fi
done

rm $tmp
echo "[ Ended with: ${base}${end} ]"
echo ""
