All the time, while in Hollywood shot movies about hackers, the utility of nmap was the most popular tool for "cracking". When producers of the movie tried to add a little realness, on the screen of computers nmap output flickered., It seems, Triniti from the movie "Matrix" caused a stir in the first. Also this utility appeared in Elysium, The Bourne Ultimatum, Die Hard 4 and other movie theaters.
The first season of Mr Robot got approval from security experts for attempts of realistic demonstration of work of hackers. In the shown episodes hackers communicated through IRC, used Linux virtual computers, and the main character walked in a sweatshirt with a hood. It is natural as this TV show, to creators was necessary to show a creativity shred. And so far they manage to save quite good balance between the narration and real technical capabilities.
Briefly we will consider the means seen by us in series for cracking.
Several times it is possible to see use of the Kali Linux distribution kit – the OS which is initially supplied with tools for penetration and testing of safety of systems. If the subject of network safety is interesting to you – download it to yourself and begin to try. Naturally, only in the educational purposes. Do not crack someone else's computers – it is illegal!
Wget, Shellshock and John the Ripper
The wget program is used for HTTP requests – a normal method to download the source code of the page or the file via the terminal. In this case it is used for a compromise of system through the vulnerability opened in 2014 — bashdoor (also known as shellshock), or a series of the program vulnerabilities found in the GNU Bash program. On a screen it is possible to see the sent commands in the heading User Agent, in this case — cat/etc/passwd.
And though file/etc/passwd was successfully received, without file with hashes of passwords/etc/shadow, the following command on a screenshot using John the Ripper just would not work.
Cracking of the can-bus
Recent remote cracking of Jeep urged on interest in cracking of cars. Cracking of the can-bus was known already for a long time, and loner enthusiasts together with security experts with enthusiasm investigated a possibility of receipt of access to the computers managing modern cars.
On a screen we can see use of the utility of candump which is used for viewing of messages from the can-bus.
USB from the parking
In one of exceptional cases when on the screen the computer under control of Windows appears, we see how the security guard inserts the USB stick found on the parking into the computer and infects the Windows XP with a malicious application. A trick with leaving on the parking of USB sticks – the known technique for penetration into a network of the necessary organization. In our case the malware was stopped by AVAST antivirus.
Bluetooth scanner (btscanner)
btscanner is used for research of phones with the connected wireless connection. The utility tries to retrieve a maximum of information on the device without connecting to it. This program is included into the Kali Linux distribution kit – and unambiguously tells us window title about use of this OS.
On this screen use of the utility of bluesniff which also serves for attack to devices Bluetooth-enabled is visible. In this case there is a mitm-attack to connection to the wireless keyboard. Start of a cover of Meterpreter with the subsequent access to the necessary network will be the step following after that.
Metasploit Framework (Meterpreter)
Here we already see several lines from Meterpreter cover. Use of a cover gives to the hacker complete control over the cracked system.
Social Engineer Toolkit (SET)
The set of utilities for social engineering is the framework facilitating planning of attacks of this sort. Phishing letters, the counterfeit websites and wireless access points – all this can be started through the menu of system. In our case SMS spoofing is used.
Netscape Navigator – the best browser for the hacker
Are mentioned by Windows 95 and Netscape Navigator in series when the main character remembers the first steps on the way of the hacker. On a screen it is visible how the user browses the source code of HTML … And if someone watches source codes – he is obviously a dangerous hacker! The modest web browser also really can serve as the useful tool for attacking — whether they for the affairs use web applications or investigate LinkedIn for carrying out attacks on the basis of social engineering.
This article is a translation of the original post at habrahabr.ru/post/274621/
If you have any questions regarding the material covered in the article above, please, contact the original author of the post.
If you have any complaints about this article or you want this article to be deleted, please, drop an email here: firstname.lastname@example.org.
We believe that the knowledge, which is available at the most popular Russian IT blog habrahabr.ru, should be accessed by everyone, even though it is poorly translated.
Shared knowledge makes the world better.