[RoLUG] Fwd: [HX] [(fwd): Hacker's Guide To Gaining Root On A Girl]

Roccatello Eduard rolug@lists.linux.it
Mon, 21 Apr 2003 11:02:28 +0200 

--Boundary-00=_kO7o+OazNdbbUvo
Content-Type: Text/Plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: clearsigned data
Content-Disposition: inline

=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ciao raga
faccio il forward di una mail passata su HX (il mio gruppetto di ricerca :-)
ciauz

=2D ----------  Forwarded Message  ----------

Subject: [HX] [(fwd): Hacker's Guide To Gaining Root On A Girl]
Date: Thursday 17 April 2003 19:50
=46rom: DeletedForPrivacy - <idem :-)@libero.it>
To: HX <hackzxtreme@yahoogroups.com>

Hacker's Guide To Gaining Root On A Girl: Mysteries Revealed

* * * 1.Analyzing the target * * *

Purpose: to make sure $she is really worth it all. Be *sure* she isn't
just another incompatible one before you take any action.

All you need to do is check for dependancies. Find out what she gives
priorities to.

If looks are all that counts, it tells you she pays attention to you
only because of your GUI. She might even call your $parents someday and
say, "The product you released XY years ago has a considerably pleasing
graphical interface. Thank you ever so much. I'm trying to upgrade him by
adding some minor development paths." What is wrong with this, paying
attention to the GUI only and not putting efforts to dig deeper reveals
her being a weak hacker. The development she'd make on you wouldn't be
the development you need (and, actually, want).

Meanwhile, the following statements show her have the right attitude (check
if she's prone to adapt any of them to you):

=2D - "I appreciate him because of his kernel (aka: personality), it's real=
ly
stable."
=2D - "he's well documented" (aka: honest/fair).
=2D - "the source is pretty clear" (aka: simple, easy-going).
=2D - "debugging doesn't require much effort" (aka: flexible).
=2D - "he's easy to update" (aka: open-minded).
=2D - "modules are easily handled" (that is, moods).
=2D - "he's got several ports open for me" (aka: aproachable).
=2D - "... still he doesn't accept anonymous connections" (aka: faithful and
  devoted).
=2D - "a minor data leak occurs occasionally, but i guess it's ok" (aka:
talkative).
And, most important of all:
=2D - "he wasn't all the above before I did some coding on him. I've done a
significant improvent to his source, and generally all the merits belong
to me." (several things come out from this one: 1- she thinks she roots
you;
2- that is only in her mind that she roots you, indeed; 3- you've
succeeded in making her believe she roots you, that is good 'cos this
attitude simplifies the process of you getting the root on *her* ---- once
again, that reveals you being an experienced hacker).

Once you finish analyzing the target, you may proceed to the second part of
the process.

* * * 2.Gaining access to the target * * *

This step is a little complicated, you'll have to try combined
tactics. Still the types of tactics can be roughly sorted:

=2D --> Man-in-the-Middle Tactic. Two typical approaches have been specifie=
d:
  -A- with such schematic appearance:
	     Victim -------------------------> X Person
	   (the girl)          ^


			    Attacker
			     (you)
	Explanation. Look for a data leak or weaknesses while watching
	her communicate with another person. Pick up the compatible
	information. Regard the whole action as data sniffing.

  -B- with such schematic appearance:
               Victim -------------------------> Attacker
             (the girl)          ^     		  (you)


   			     X Person
	Explanation. A custom person provides her with positive information
	about you. Benefits: improves the reliability.

=2D --> Client To Server Tactic - requires direct communication. This tactic
    is a very important part of the proccess. Your aims are:
    - analyze her system and its behavior (aka: get to know her), locate
      possible vulnerabilities. Regard this action as port scanning.
    - get her linked (finding common interests seem to work well).

=2D --> Physical Access Tactic - usually has the lowest priority, because b=
asic
    knowledge of the system is required which can only be handled after
    working with other tactic types. Don't try physical access unless
you're
    sure you're acquaintant with victim's weaknesses enough. Take into
    consideration that if you request for physical access and $she doesn't
    grant it, the consequences will lead to a severe slow-down of the
whole
    process.

Considerable note: You might wish to try some social engineering on her
friends or parents before actually taking any other action. That might
provide u with useful information on possible logic errors or known
weaknesses.

* * * Gaining root on the remote system * * *

Permissions of an ordinary user is entirely sufficient at the begining, tho
the next step is much more demanding: your aim now is to become a
super-user.

The most reliable way to do that is by exploring such vulnerabilities as
logic errors and weaknesses which you could locate in her source code while
spectating her behaviour (see the previous step).

=2D --> When Buffer Overflow is a good choice to count on: consider a situa=
tion
    when you cannot locate any weaknesses or compilation errors. In
such case,
    check if $she does the check for input errors and how $she behaves at
    receiving bigger amounts of data than $she can handle. Buffer Overflow
    Usage: if $she seems to be able to handle "A", feed her with "A +
A^n".
    This might lead to the confusion of the victim which you can use
for your
    personal purposes (aka: shock her a little, then use it). Note: be
sure
    "A + A^n" is less than "A + A^6", otherwise it can lead to kernel
panic
    and the remote system might stop responding.
    Buffer Overflow exploration might lead to a temporary hole in her
security
    system.

=2D --> Just after you've located a hole: fill it with *your* pre-written d=
ata
    (aka: when you realize what she wants, *give* it to her. Or promise
you'll
    give it later. Note that keeping promises is a nice, yet entirely
    optional, thing).

=2D --=20
Eduard Roccatello
Pcimprover.it webmaster @ http://www.pcimprover.it
SlackIt.org staff @ http://www.slackit.org
RoLUG staff @ http://rovigo.linux.it
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+o7OmjUY2i0dNbbARAl6wAJ9S1kmO2GXMijeGlH6tC3p7QbeqlQCfWqHu
4TF2aXtzW9Ua1O70kaGMG54=3D
=3DLM4O
=2D----END PGP SIGNATURE-----

--Boundary-00=_kO7o+OazNdbbUvo
Content-Type: application/pgp-signature;
  charset="us-ascii";
  name=" "
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+nuldaNItzGwI5bARAtTkAJ9IgpyY/SoKG8tHMhk88TB6w1sJXACfcdR0
+4ihvgTrS6zZ1UHQskV/P30=
=abFo
-----END PGP SIGNATURE-----

--Boundary-00=_kO7o+OazNdbbUvo--