Nmap Featured in The Matrix Reloaded

rajiv was among dozens to report that unlike most "Hacks" in film, The Matrix reloaded actually has an ounce of reality where other films would rely on fancy 3D graphics. You can see more at Insecure.org where they have screenshots. It's only on screen for a split second, but Tritnity uses Nmap to find a vulnerable SSH server, and then exploits it using the SSH1 CRC32 exploit from 2001.

What Can Illegal Hacking Do For MY Business?

Slashdot has an interview with security legend Fyodor, admin of the famed insecure.org and author of the world's cheapest port scanner, nmap.

The best part of this interview is that Slashdot does not often interview criminals. Many Slashdot readers know that Fyodor used his tool to illegally attack a college student in 2002, for his personal amusement but also to the benefit of Slashdot's admins. For those that don't know the story, I will present a brief summary.

*Those individuals interested in independently verifying the facts presented in this article should skip to the "Verification" section near the end.

Sdem had created a hoax account entitled electricmonk, and used it to post this comment pronouncing that we was actually a cute Linux booth babe. "electricmonk" left an email at Yahoo and encouraged Slashdot readers to get in touch.

Fyodor proceeded to do so, boasting of his previous exploits with women he'd met online. He was even helpful enough to attach a picture.

This is where the story turns ugly. Sdem responded with a truthful email, in which he advised Fyodor that the whole thing was a hoax. After that, sdem posted a log of his exploits to sid=20721 (trolltalk), mentioning that he had tricked Fyodor and referring to many of the biters as "wankers". This apparently really set Fyodor off, and he began to plot criminal revenge.

First, Fyodor dug through insecure.org's referrer logs to find what IP address had requested the picture of Fyodor & his paramour. Using this information (and the logged User-Agent), Fyodor knew from the get-go Sdem's IP address and O/S. From this point, he launched nmap against Sdem's box (he didn't have the money for a more effective port scanner) and was greeted with the holy grail of sorts for BlackHats: an open X windows server on port 6000.

Sdem had been running an X-windows server for Windows on his Win2k box. Fyodor was able to bypass the authentication on the X-windows server and used the X-windows server to take complete screen captures of Sdem's machine whilst sniffing and recording keystrokes.

Fyodor proceeded to take hours worth of screen captures, including information on a "secret troll irc server" that sdem was using. Fyodor wrote a detailed writeup of what he observed, including an irc robot used on the server to detect new Slashdot stories for the purpose of early posting. Fyodor also mined and posted as much information about Sdem as he could find, including his real name and contact information. Jamie McCarthy used this illegally obtained information shortly after it was posted to log on to the irc server, monitor the bot, and modify Slashdot in order to break the story monitor.

Fyodor even submitted his "troll hunting" story to Slashdot, though it was rejected.

After he was done hacking Sdem's computer, Fyodor posted his screen captures and a log of his breakin to www.insecure.org/tmp/trolls. The content was removed 24 hours later. He went on to boast in sid=20721 about his "troll hunting finale". While sid 20721 is regularly cleaned, a cache of Fyodor's boasting about his illegal break-in is available here. Very interesting reading.

So, while Fyodor's interview is no doubt very interesting, I think that, as an accomplished (and due to the lack of prosecution very successful) criminal, the nature of questions given to Fyodor in the interview don't do justice to the type of expertise this man

And there was much rejoicing..

[Trevalyx]

When I went to the 1AM showing on release night, there were a lot of interesting people.. When it got to the hacking scene, only a few people cheered, however, they did it with enough vigor that everyone else was caught of guard.. And when I tried to explain to the guy nibbling his foot next to me, "Nmap," I just got a blank stare...

zero-day warez screenshots?

[Speare]

Where did the nmap folks get all these screenshots of a movie that's ostensibly fresh-in-theaters? And why oh why did they name their sources? I'm imagining Agent Smith from the MPAA will be giving out a few cease and desist visits soon.

Re:zero-day warez screenshots?

[ThePatrioticFuck]

If you read the article @ Insecure, the guy says when he heard it was in the movie, he asked if anybody could send him some screen captures and ended up being flooded with pics, video, etc. And mentions he found it strange that many of them showed Windows Media Player in the capture :) TPF

Pix

[spoonist]

Pictures can be found on Fyodor's site.

Oh, and I must say, that Trinity freakin' kicks ass. As you can see from the pictures, nmap says "No exact OS matches for host". Trinity goes ahead and throws the sploit anyway without knowing the system's architecture AND IT WORKS!

That just kicks ass.

A big Eartha-Kitt-Cat-Woman growl for Trinity.

Re:Uhm...

[Ann1ka]

In the matrix they are only a few months or a year after the first movie, which took place in the year 1999. The date in the 'real' world is unknown, but believed to be 2199, which is totally irrelevant to this matter.
So if the exploit had already been possible in 1999/2000 it would have been correct. On the other hand, the matrix is fake, there is no reason to believe the machines based it on real facts from so many years back, from their perspectieve.

The first time they try to keep it correct and still people are complaining.

Bay Area

[tedrlord]

The great thing about watching the Matrix in a theater in Mountain View, CA, is that when that hacking scene came up, half the theater laughed or cheered. We're all geeks here.

Trilogy, not original vs. schmequel

[TeknoHog]

I wonder how many times this has to be stated until people learn... The Matrix is a trilogy (like Back to the Future and LOTR), a single story split into three volumes/movies for convenience (because it's so long) and perhaps profit.

The trilogy status hasn't been so obvious with The Matrix because, at the time of making the first part, the producers weren't sure if it would be worth it. As a side effect, the first part is a rather well contained story in itself, which is not a bad thing in a trilogy. Still, the first part left many important questions open, like the awakening of the rest of humanity, and any details on Zion.

Re:Uhm...

[13Echo]

This post should be modded down as *spoiler*, if that was possible. These comments are part of a big plot twist in the movie.

Thanks for ruining it for people.

Reading too much into it...

[Mossfoot]

What gets me is how some people go out of their way to nippick the movie to pieces "oh this is stupid, this makes no sense" and others love it so much that they read WAY too much into it.

Take all the religous and phylosphical stuff about it. Yes, there is a lot of connections in there, it was put in the same way that other good story tellers use myth to make their world and stories feel more real and grander. The first Star Wars trilogy comes to mind. But then you have people who think every little thing is an intentional reference to something or other.

One example. I heard that Neo dies for 72 seconds before he comes back to represent the 72 hours (3 days) Jesus died. I timed it, and it's crap. You can find 72 seconds in there, sure, but there is no place you can say "okay logically you start Neo's death here and his coming back to life here" and it adds up to 72 seconds. Very fuzzy logic going on there. But it is symtimatic of how much people want to find meaning in things like this.

Is this a bad thing? Perhaps. One of the complaints I've heard of the sequal is that it's trying even harder to sound psudo-religious-phylosophical as a result of this faction of the fandom base.

Tolkien said it best when he got annoyed at how people thought The Lord of the Rings was an analogy for World War 2 (and would be rolling over in his grave if he knew how people tried to equate the movies with September 11 and the war against terrorism).

"I think that many confuse 'applicability' with 'alegory'; but the one resides in the freedom of the reader, and the other in the purposed domination of the author"

Hey, didn't Morpheus himself say "free your mind"? Stop thinking every gawd damn word is meant to be spiritually profound! :P

Theories and Spoilers

[neema]

Off-topic on the nmap discussion, but on-topic as far the Matrix goes, here is something I just thought of. It's pack full of spoilers for reloaded and speculation about revolutions, so consider that your warning.

SPOILERS AND SPECULATION FOLLOW:

Now, the theory that Zion is really a matrix within a matrix has been floating around and I happen to agree with it. The premise of the movie, I think, is that not only is Neo "The One" from the first layer of the matrix (which was exposed in the first movie), but happens also to be the small percentage that becomes "The One" in the second layer of the matrix, something the machines didn't count on.

As for him having to make a decision between saving Trinity and saving mankind, I don't think he's gotten to the choice yet and that will come in revolutions. The Architect said that the expulsion of humans from the first matrix servered a purpose for the machines, so, theoretically, perhaps Morpheus, Trinity and the rest of them are actually computer programs, to assist moving the dissident population of the first layer of the matrix to the second layer. Of course, there is a possibility they are not aware of their own existance. This would explain Morpheus' adamant belief in "The One" (it's been programmed in him). Of course, Neo's love for Trinity complicates things and I think that will be the choice in the third matrix. He will have to decide between destroying this second layer of the matrix, which would destroy Trinity the computer program too, or preserving it because of his love for her.

Feel free to point out flaws, because I'd really appreciate that.

Re:Theories and Spoilers

[Jason+H.+Smith]

Just got back from my third viewing tonight. It took that many times for all that architect talk to sink in. A few thoughts...

First, AFAICT, they are definitely still in the Matrix. The architect is intentionally difficult to follow, but I think his point was, the 99% acceptance rate is nice, but something must be done with those who do not accept. And the answer is simply have the Matrix make them think they busted out. Also, there's no need for any meta-Matrix, as the first Matrix could easily simulate the escape. Think chroot vs. user-mode Linux. But that's a small point.

If you watch again, you will notice the Merelvengian (sp) say that Neo's predecessors had much more respect, and also that he has survived those predecessors, and he will survive Neo. But that's all said before you know what he means. But what I got is that eventually, the shit hits the fan, and they just reboot the whole damned thing every hundred years or so (not a bad uptime).

Also, unlike you, I think he made the choice. Neo chose not to go to the source. At first, I thought this was weird, because the Neos on TV did the same. I thought this was the previous recordings (i.e. all 6 made the same choice); but after watching again, it looks like the TVs are showing now, not the past. That makes sense. This is the first time Neo made the wrong choice. I'm thinking this fits the Hollywood formula pretty well. The previous 5 Neos were simply benevolent mankind-lovers; but this time, we get the predictable theme that love conquers all or such.

I thought it was pretty cool, but the plot is treading into dangerous ground. When you start blurring reality with dreams, you're walking on cheesy, overused deus ex machina storylines. It's easy to get lame and make crap. E.g. look at how dumb Existenz ended up being. But then, I liked Total Recall, so there is hope for a great finale.

So I think there's still a lot up for grabs. Since Zion and the war are still a computer simulation, for all we know, there might not even be a war going on at all! Although there probably is, since it wouldn't be very Hollywood to just handwave away two movies worth of bad guys.

Anyway, I'm thinking now that they know they're still in the matrix, perhaps the people in Zion will start breaking the rules and have some actual means of fighting the approaching machine army? Or maybe they'll all just pop up a level, leaving the machine army there to twiddle their thumbs.

Re:Theories and Spoilers

[OmniVector]

****SPOILER ALERT****

I think the best explination i've heard, or at least the one I like the most, is someone said Neo is really just a computer program too. The purpose of Neo, and the whole reason 5 different versions of him have existed alreay, is to try and find the "perfect" AI. The Matrix is really run by humans, the the humans are trying to find a version of Neo that will truely be human enough to be considedered actual AI.

If you remember where Trinity types in her password to crack the power system, Z1ON0101, the binary 0101 translates to 5. Is Trinity aware of this being the 5th incarnation through the fact that she too is just a computer program or is this just odd coincidence?

For the people who say the 2nd was too much action, and not enough plot i think it was twice the plot and action... This second one raises a lot more mindfuck questions.

Re:Theories and Spoilers

[Kirijini]

I don't think Neo and Trinity are programs.

I think the idea that Neo is a project to develop AI is interesting, but in that case, no one else can be a program, because then they would also require AI, and if Neo is the project to develop AI... then...? those ideas are mutually exclusive.

I don't think that Trinity and Neo are programs, simply because they fall in love. That's a stereotypical non-machine thing to do.

Morpheus, however, very well could be a program. Think about it - Morpheus's role must always be fulfilled in each iteration of the Matrix. He has a singular purpose - to find Neo, train him, make him believe in the prophecy, and then fulfill it. Everyone else - Trinity, Niobe, the council, Tank, Dozer, Cypher, etc. are all just peripheral roles that could be done by anyone. Neo, due to his nature as the One, may or may not be a program, though I think he isn't. Without Morpheus, no one would believe the prophecy, and consquently, the One (which I just now realize is an anagram of Neo. Feel kinda stupid about that) would never be found. Therefore, Morpheus is required for the cycle, just as are the Oracle and Keymaker.

"Alias"

[ElGanzoLoco]

The "Alias" series on TV also features quite realistic computer manipulation. SSH, "ping -f", traceroutes, recompiles, etc...

They pushed realism quite far: in one particular episode (can't remember the name, but this scene takes place in Mexico), one of the agents goes undercover as a DJ, and uses an iBook (macs are popular among musicians and DJ's) instead of his PC laptop, for more realism... Cool :)

Re:Nice Password

[salimma]

101 is featured a lot in the film

Was not there a room 101 in George Orwell's 1984? The torture chamber where you face your worst nightmares?

Re:Nice Password

[GMontag]

Yes and he pulled that from real life from when he worked at the BBC. Room 101 was the room where the editors worked.

Many of his experiences from the BBC and other places made it into his books, like the cleaning women singing in the halls in thee early morning hours became the proles singing in 1984. Bad, sand-dry tobacco during the Spanish Revolution-Civil-War (Homage to Catalonia) that ran out of the cigarette before you could smoke it became Victory cigarettes in 1984, etc.

Good catch!

Theories and Spoilers

[Demanche]

*SPOILER BELOW: continued reading forfits all rights and spoiler bashing ;)*

I agreee with your insights.. something is definatly strange about the entire last scene of the movie.

One thing I believe that may have slipped in on your observations is that in the end of the movie - Neo can feel the machienes. The first matrix was about the ability to go beyond relaity, and to move past the possible (in a pysical sense). This looks like the next matrix will evolve more so then the previous. Neo does not seem to have superpowers - but his instinct told him something about the machienes.

Also.. the guy next to him in the bed. Remember in the begining - the agent goes through the phone after turning into an agent? I'm speculating that programs have the ability to go into different parts of the matrix..

Ever wonder if the second matrix (what they think is them outside of the matrix) is just a test to see if anyone can ever break the matrix - and everyone who thinks they have broken free of the matrix are still actually in the matrix?

Perhapds the machines digging are a futureistic anti-virus programs just taking their own representation in the "real life" matrix?

The third movie is definatly going to get my money on opening night ;)

Comments, opinions? Insights!!? Please tell ;)

Re:Uhm...

[The+Only+Druid]

No, I disagree.

I believe that when Neo thought he was leaving the Architect's room, he didn't. He entered a sub-simulation, created by the Architect, that included imitations of Trinity et al. This included even the imitation of "leaving" the matrix.

In other words, I think the third movie will open with Neo back in the Architect's room.

Re:Uhm...

[CAIMLAS]

Nmap run completed -- 1 IP address (1 host up) scanneds
# sshnuke 66.35.250.150 -rootpw="z10n0101"
Connecting to 66.35.250.150:ssh ... successful.
Attempting to exploit SSHv1 CRC32 ... successful.
Resetting root password to "z10n0101".
System open: Access level
# ssh 66.35.250.150 -l root
root@66.35.250.150's password: :)

I thought it was interesting that access level was '9' because '0' is the UID for the root account. What might this '9' indicate? Maybe it's something they added/changed to not promovide crackers with all-too-much pertinent information? "Oh no, I gained access, but it's only level 0. I guess I'll have to try elsewhere." I don't doubt that at least one person will be exploited by this, as a direct result of this film.

Why is this so amazing

[sublimespot]

I think it's pretty sad. In a movie they do a hack "correctly" and everybody is amazed. How much of their million dollar budgets does it take to properly research this stuff? not much. They never cared about impressing the geek before now. They want to entertain audiences.

In all reality this hack would have not been left open by the Zion admin. He's a unix operator.

If you really wanted a hack more in line with reality, she should have called a Zion employee while pretending to be Zion admin. They would have gladly gave up their password.

Re:Uhm...

[The+Only+Druid]

Exactly.

The only other alternatives I can think of at the moment are:
1: Neo's power, unbeknownst to him, actually extends to distorting the real world, not just the matrix. This seems implausible and undesireably theological.
2: Neo's power extends to controlling the machines somehow in or outside of the matrix. This could be a result of the machines' conception of Neo always including his matrix-bending powers. In other words, this would be a programming flaw in the machines. This seems a little lame.
3: The ENTIRE "real world", including Zion, is inside the matrix. Just as the oracle seems to be part of a control scheme, so is the supposed ability to leave the matrix. I like this explanation, although its a bit dark for most people: it would be a serious philosophical blow to Morpheus, of course.

Re:isn't it easier...

Cleaner, maybe, but why would it be easier? If you've been using Unix for a while, "-l" is deeeeeeply ingrained in your brain from they days when rsh was the way. Plus, "user@host" is clearer, but they're about equally easy to type. (The number of keystrokes differs by one, but with the "@" you have to do overlapping keystrokes (chording), which is harder.)

Re:nmap is easily fooled

[Paddyish]

Nice. You are, of course, operating under a number of false assumptions:

1.) No script kiddies frequent /.
2.) No true hackers frequent /.
3.) NMap is the sole hacking tool used in the world.
4.) Adequacy has adequate security to field an attack where a skilled attacker knows key information about the server and configuration.

Based on these four false predicates, and the fact that Adequacy.com's server quickly went MIA after your post, I deduce that come Monday, you will be in a heap of shit and a world of hurt. Elementary, my dear Rightmann.

Thanks for the laugh. Good luck on your new job hunt.

More allusions

[BernardMarx]

There are a lot of references to Merovingian being something of a "devil" character.

In Reloaded, Persephone was Merovingian's discontent wife. In Greek mythology, Persephone was forced to marry Hades, the god of the Underworld.

Also, if I recall correctly (I've only seen it once), Merovingian said that he was once like Neo, but had since grown bored of that, or stopped caring or something. In Christian mythology, the devil was once an angel, but had fallen.

In both cases (or all three, including Merovec), the Matrix's Merovingian is meant to be a character who enjoy playing tricks, hatching plots, and otherwise being a thorn in the side of the protagonist.

META: Why do I never find the interesting posts and think of good replies until after they're a day old.