Surfing Without a Board
This article is not really an example of an exploit.
Rather, it is a story on a hacker's approach to an unlikely challenge.
It all started several years ago when I was contracted to work the graveyard shift in a building with many computers; it appeared to be a call center. Since I was a contractor, I didn't have legitimate access to any of these computers. Most nights, I would wait for all of the normal employees to leave and just use whatever computer was left unlocked to browse the Intenet. Usually, there were at least three or four computers around the building that were left unlocked.
The challenge came one night when the only computer left unlocked didn't have a working keyboard.
I especially needed to log into a profile for my physics class, to know what homework I had to do that night, but how would I do that without a keyboard? I still had a working mouse, though.
This made me think back to older video game systems with very few buttons on the controller. Though there were few buttons, you could do so much with them, be it playing a game or entering the name of your character in an RPG. So, I was then determined that if I could enter text with an NES controller, I could do it with a mouse. Obviously, the first thing I looked for was the character map. Unfortunately, I found it was disabled. I hadn't given up yet, though.
Here is what I did with the Windows XP machine I was at:
- Opened Notepad.
- Went to "Help" -> "Help Topics." I was then looking at a description of Notepad. This was the first paragraph: "Notepad is a basic text editor that you can use to create simple documents. The most common use for Notepad is to view or edit text (.txt) files, but many users find Notepad a simple tool for creating Web pages." I had everything I could possibly want.
- I highlighted the letter "g" from the word "creating" in the above paragraph. I right-clicked on the highlighted "g" and copied it. I opened up a browser and pasted that "g" into the address bar. I went back and copied the "oo" from the word "tool" and pasted the "oo" after the "g" in the address bar. Next, I copied the "g" I already had in the address bar and pasted it after the "oo". Next I copied the "le" from the word "simple" and pasted it at the end of my growing "goog" string. I then grabbed the "." from that "(.txt)" part of the paragraph. Finally, I grabbed the "com" from the word "common" and pasted that at the end, leaving me with "google.com".
- I clicked the "Go" button in my browser and arrived at Google. Towards the end of the help document for Notepad (third paragraph), I came across the word "Unicode." I copied and pasted that word into the Google search and clicked on the Wikipedia article for Unicode.
- I played the "Wikipedia Game" (see appendix) to get to the article about ASCII. This article contained a dumbed-down ASCII table with most of the printed ASCII characters.
I had arrived at my needed setup.
I had navigated to a character map that contained all of the characters I needed. I was able to use this ASCII table to slowly copy and paste my way into the login page for my physics classwork.
Yes, this is the type of story that warrants the "you have too much time on your hands" response. But I am, as we all surely are, sick of hearing that phrase. At least we find something creative and different to do with our time, instead of throwing our hands up in defeat and going on to do something normal.
Wikipedia Game Appendix
The idea of the game is to choose a "target article" (say Linux) and then use Wikipedia's "Random Article" feature as a starting point.
The object of the game is to use only the links within the random article to navigate to the target article (Linux). All players should start with the same initial random article. You can play for speed, fewest number of links to the target, or a combination of both. The best strategy is to work your way to a general article, and then become more specific.
For example: somehow get to "Science" from the random article. From Science, Linux is cake: something like "Science -> Computer Science -> Computer -> Operating System -> Linux."
It is surprising what articles you can get to from a seemingly random article.
Try the game out at your next 2600 meeting. It is tons of fun.