'The Matrix' hack
WARNING: Nerdy Linux geek speak ahead.
In the process of messing around with my different Linux boxen and virtual-boxen ala VMware (read: rooting my own boxes for fun and profit, minus the profit), I have come to realize that the first hack we see on the original 'The Matrix' is a perfectly realistic hack.
I remember seeing the movie when it first came out and thinking "Yeah, right- that's so cheesy" when Neo's screen goes black and the words "Wake up, Neo." are typed onto the screen. But in reality, there is minimal cheese involved. To recreate the scene from one of your computers to the other:
1. Get logged in remotely as r00t by one of these methods:
a . SSH into the box (we know Trinity loves SSH from Matrix:Reloaded) with a shell account and exploit a local vulnerability to elevate your priviledges to r00t.
b. Use a remote exploit that throws a r00t shell
2. Execute the command 'ps aux | grep X' to see the list of running processes, singling out the X server (the windowing system). Note it's PID.
3. You can execute the 'w' command to see who is all logged into the box, and note the TTYs, but the X server is usually running on /dev/tty1, so we can assume it is that and skip this step.
4. Kill the process for X, bringing the victim to a blank terminal.
5. Execute 'echo "Wake up, Neo." > /dev/tty1', assuming the terminal the victim will be dropped to is on tty1, the default. This will place the words "Wake up, Neo." on your victim's screen.
6. You can keep sending messages to their screen in this manner, remembering to execute 'clear > /dev/tty1' to clear the screen between messages. If you want the screen to type the letters one at a time the way Trinity did to Neo, you can wget a nice little app called 'dirthy' from packetstorm.
And make sure to clear the screen one final time when someone knocks on the door and your victim looks away from the screen.
Linux is used in this example. There is no real reason why you shouldn't be able to take those same steps on any *nix system, adjusting commands accordingly.
13 Jul 04 | +Permalink+ | Comments (5) | TrackBack (0)