(Excerpts from Hacking Exposed written by Stephan Barnes  "M4phr1k")

Ok, if you are with me so far on the concept, and this assumes you have used ToneLoc and have had it fail on you...we are going to create a DOS batch file that will execute the information once and then reinitialize the modem.  The reason that this is effective is because

1.  There is no additional processing time spent running the process this way.  The split millisecond it takes to go to the next line in the batch file is not longer than the millisecond that ToneLoc would use if it were handling the show repeatedly dialing the range.

2.  What we really want from ToneLoc is the Modem id capability and the ASCII based found and carrier logs, and that's it.  From there on out after the footprint is complete then it's any bodies game as to where to take things.  I do have that next level of the game explained so not to worry, but the point is that ToneLoc has a great nudge string capability in the ToneLoc config utiligy tlcfg.exe and it's the results of the nudge that we want.   

3. Remember, re-initialization practically guarantee's the dial every time.

4. DOS based...typically there are not going to be failures like the big GUI 32 bit applications because DOS is simple and has been hardened over the years of using Batch Files.

Ok on to Our Goal.

We are trying to create something that looks like this (and so on until the range is complete):

Example from 1st 25 lines of WAR1.BAT

toneloc 0000warl.dat /M:*6718005550000 > nul
toneloc 0001warl.dat /M:*6718005550001 > nul
toneloc 0002warl.dat /M:*6718005550002 > nul
toneloc 0003warl.dat /M:*6718005550003 > nul
toneloc 0004warl.dat /M:*6718005550004 > nul
toneloc 0005warl.dat /M:*6718005550005 > nul
toneloc 0006warl.dat /M:*6718005550006 > nul
toneloc 0007warl.dat /M:*6718005550007 > nul
toneloc 0008warl.dat /M:*6718005550008 > nul
toneloc 0009warl.dat /M:*6718005550009 > nul
toneloc 0010warl.dat /M:*6718005550010 > nul
toneloc 0011warl.dat /M:*6718005550011 > nul
toneloc 0012warl.dat /M:*6718005550012 > nul
toneloc 0013warl.dat /M:*6718005550013 > nul
toneloc 0014warl.dat /M:*6718005550014 > nul
toneloc 0015warl.dat /M:*6718005550015 > nul
toneloc 0016warl.dat /M:*6718005550016 > nul
toneloc 0017warl.dat /M:*6718005550017 > nul
toneloc 0018warl.dat /M:*6718005550018 > nul
toneloc 0019warl.dat /M:*6718005550019 > nul
toneloc 0020warl.dat /M:*6718005550020 > nul
toneloc 0021warl.dat /M:*6718005550021 > nul
toneloc 0022warl.dat /M:*6718005550022 > nul
toneloc 0023warl.dat /M:*6718005550023 > nul
toneloc 0024warl.dat /M:*6718005550024 > nul
toneloc 0025warl.dat /M:*6718005550025 > nul

The simple batch file line can be explained as the 

ToneLoc,  .DAT (file creation), ToneLoc /M parameter*67 (block caller ID), phone number> nul 

> nul means don't send this command to the command line to view, just execute it.  

That's it, and it will make the War Dial practically error free.  There are other considerations, such as randomization of the run which is important for doing dialing because many companies now either have smart PBX's or the phone company you are using might have a filter that can see the trend of dialing out like this and turn suspicions toward you.  

Randomization can aide you in round the clock dialing.  The purpose being not to upset an area of people at a work place and to help keep cover in not having the target environment suspect what is going on.  Randomization could be further programmed into a command line argument into a C program that constructs the same result.  Or you could take the output of this file and import into Excel and use the random number generator in a cell next to the line and then sort the contents by the random number and that will mix up the sequential run.  You could even dump all the numbers into an array in Qbasic and then re-create the file based upon random number selection.  You could manually mix up the lines to be random.  

The point is there are ways to make this process more efficient, make it random, and make it better, but the general concept of how and what you are trying to accomplish is what I am trying to get across.

Hence to build the above, we use a program that looks like the one that starts with the OPEN below and here is an example of it: 

(you can copy this into notepad and rename it WAR1.BAS)   showing two batches:  example1.bas

(The program begins below.  You'll need Qbasic.exe and the Qbasic.hlp files to use Qbasic.  F5 compiles/runs in Qbasic):

'QBASIC Batch file creator (wrapper Program for ToneLoc)
'Written by M4phr1k (AKA Stephan Barnes)

OPEN "war1.bat" FOR OUTPUT AS #1

FOR a = 0 TO 2000
a$ = STR$(a)
a$ = LTRIM$(a$)
'the next 9 lines deal with digits 1thru10 10thru100 100thru1000
'after 1000 truncating doesnt happen 
IF LEN(a$) = 1 THEN
a$ = "000" + a$
IF LEN(a$) = 2 THEN
a$ = "00" + a$
IF LEN(a$) = 3 THEN
a$ = "0" + a$

aa$ = a$ + "warl"
PRINT #1, "toneloc " + aa$ + ".dat" + " /M:*671800555" + a$ + " > nul"