Slashdot Mirror
Nmap Featured in The Matrix Reloaded
rajiv was among dozens to report that unlike most "Hacks" in film, The Matrix reloaded actually has an ounce of reality where other films would rely on fancy 3D graphics. You can see more at Insecure.org where they have screenshots. It's only on screen for a split second, but
Tritnity uses Nmap to find a vulnerable SSH server, and then exploits it using the SSH1 CRC32 exploit from 2001.
I like her password: Zion1010
In response to :-
;o)
> The Matrix reloaded actually has an ounce of
> reality where other films would rely on fancy
> 3D graphics.
So in several hundred years time people STILL won't have patched their bloody SSH holes?
Yah actually I guess that is reality
AL
When I went to the 1AM showing on release night, there were a lot of interesting people.. When it got to the hacking scene, only a few people cheered, however, they did it with enough vigor that everyone else was caught of guard.. And when I tried to explain to the guy nibbling his foot next to me, "Nmap," I just got a blank stare...
Where did the nmap folks get all these screenshots of a movie that's ostensibly fresh-in-theaters? And why oh why did they name their sources? I'm imagining Agent Smith from the MPAA will be giving out a few cease and desist visits soon.
[
Severla hundred years in the future and still, IPv6 hasn't been adopted. Personally, I'm not suprised. It'll take an act of god to get it deployed.
--CTH
--Got Lists? | Top 95 Star Wars Line
"...Tritnity uses Nmap to find a vulnerable SSH server, and then exploits it using the SSH1 CRC32 exploit from 2001.."
:)
Now THAT is sexy!
Now we know that we cannot hack into the Matrix from our Personal Computer:
As you can see on the screenshot, the IP is 10.2.2.2, which is on the 10.0.0.0/255.0.0.0 network reserved for private usage.
It's impossible to reach such an IP directly (without hacking their server / router / firewall first) from an arbitrary point of the Internet.
Damn!
Aside from the amusing idea of having someone hack a computer program using their avatar inside the computer-generated construct of the Matrix, this sameness of the Matrix over long time periods raises an unanswered question in my mind. Why don't the people notice the lack of advancement in the Matrix? Over a hundred years of 1999-ness... no stunning advances in CGI, or science, or anything!
Can't you see that everyone is buying station wagons?
While namp is a neat hack, before any of you juvenile deliquents think of using it to commit computer hacking felonies, be aware that it is easily fooled.
If you look at the source code, you can see which ports it queries, and which responses it maps against. We used this for great affect at Adequacy, http://www.adequacy.org, editing the registry of our Win 2k box, and the configuration files of the various TCP/IP programs to make it appear as a simple FreeBSD to the casual hacker.
Oh, the laughs were on us when those script children proceeded to attempt to hack us with canned scripts for use against FreeBSD, only to fail. The looks on their pimply, greasy faces were probably priceless, only to be matched when the local law enforcement arrived at their parents house to confiscate their computers.
A. Rightmann
How do they have screen shots ?! Is it possible that this movie has been leaked out to the INTERNET?!
It's madness I tell you, madness!!!
Still waiting for disc 2 to d/l, so I can verify this for myself. Purely for educational reasons.
"This must be a Thursday, I never could get the hang of Thursdays."
This was actually sorta cool when i read it in this story.. It was interesting to see her portscan then jump into the server.. The chick sittin next to me wasnt aware of anything about it because she doesnt use linux, but i was like "OI!!! Thats real! look look!!! SSH!!! LOOK!!" .. then a few people looked at me weird :s
I've left to find myself. If you happen to see me, please, keep me there until I return.
Pictures can be found on Fyodor's site.
Oh, and I must say, that Trinity freakin' kicks ass. As you can see from the pictures, nmap says "No exact OS matches for host". Trinity goes ahead and throws the sploit anyway without knowing the system's architecture AND IT WORKS!
That just kicks ass.
A big Eartha-Kitt-Cat-Woman growl for Trinity.
Now if only that human body as a power supply thing made a lick of sense.
I hope some Saberhagen Berserker's show up in the next movie and settle everybodies hash real good.
Keep seeing posts about "in the future they still have this hole" or similiar items.
;-)
Remember, folks, the hack wasn't taking place in the future - it was in the Matrix. They weren't hacking the machines, they were hacking the "fake" computers in the power plant.
Think of it like hacking into an ancient copy of usermode linux.
"The envelope, please."
"And the award for the best open-source hacking tool used in a motion picture goes to nmap, for it's cameo-appearence in Matrix: Reloaded"
"Camera scans the audience where we see tripwire, sitting with his girlfriend ethereal... cuts to ndiff, who is just beaming w/ pride..."
-- You can't idiot-proof anything, because they're always coming out with better idiots.
The great thing about watching the Matrix in a theater in Mountain View, CA, is that when that hacking scene came up, half the theater laughed or cheered. We're all geeks here.
[insert witty quote here]
If you will remember the movie, that computer _was_ on a private network. She had to break into this private secure office building before she even began hacking. So she was behind the firewall already because she was physically in the building.
The trilogy status hasn't been so obvious with The Matrix because, at the time of making the first part, the producers weren't sure if it would be worth it. As a side effect, the first part is a rather well contained story in itself, which is not a bad thing in a trilogy. Still, the first part left many important questions open, like the awakening of the rest of humanity, and any details on Zion.
Escher was the first MC and Giger invented the HR department.
Actually, it's common for there to be exploits that are not generally well known. As long as you are aware of the bug that makes the exploits useful, and are made aware of how to patch ssh to prevent the bug from being exploited, it doesn't matter how many different exploits there are. If you have patched, or taken the advisory's other actions, you won't be affected by techniques that exploit that bug, whether public or not.
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. (Einstein)
What gets me is how some people go out of their way to nippick the movie to pieces "oh this is stupid, this makes no sense" and others love it so much that they read WAY too much into it.
:P
Take all the religous and phylosphical stuff about it. Yes, there is a lot of connections in there, it was put in the same way that other good story tellers use myth to make their world and stories feel more real and grander. The first Star Wars trilogy comes to mind. But then you have people who think every little thing is an intentional reference to something or other.
One example. I heard that Neo dies for 72 seconds before he comes back to represent the 72 hours (3 days) Jesus died. I timed it, and it's crap. You can find 72 seconds in there, sure, but there is no place you can say "okay logically you start Neo's death here and his coming back to life here" and it adds up to 72 seconds. Very fuzzy logic going on there. But it is symtimatic of how much people want to find meaning in things like this.
Is this a bad thing? Perhaps. One of the complaints I've heard of the sequal is that it's trying even harder to sound psudo-religious-phylosophical as a result of this faction of the fandom base.
Tolkien said it best when he got annoyed at how people thought The Lord of the Rings was an analogy for World War 2 (and would be rolling over in his grave if he knew how people tried to equate the movies with September 11 and the war against terrorism).
"I think that many confuse 'applicability' with 'alegory'; but the one resides in the freedom of the reader, and the other in the purposed domination of the author"
Hey, didn't Morpheus himself say "free your mind"? Stop thinking every gawd damn word is meant to be spiritually profound!
Fuzzy Knights: New RPG Strips Tuesday and Friday!:
http://www.fuzzyknights.com
Comment removed based on user account deletion
1) You have not stopped telnet or other services run from inetd.
2) Killall only does what you think it does on Linux. On Solaris, for instance, it does something rather more destructive.
3) getty is started from init, killing it won't help.
4) killing login will only stop people in the middle of logging in.
"I know this. It's a Unix system!"
Off-topic on the nmap discussion, but on-topic as far the Matrix goes, here is something I just thought of. It's pack full of spoilers for reloaded and speculation about revolutions, so consider that your warning.
SPOILERS AND SPECULATION FOLLOW:
Now, the theory that Zion is really a matrix within a matrix has been floating around and I happen to agree with it. The premise of the movie, I think, is that not only is Neo "The One" from the first layer of the matrix (which was exposed in the first movie), but happens also to be the small percentage that becomes "The One" in the second layer of the matrix, something the machines didn't count on.
As for him having to make a decision between saving Trinity and saving mankind, I don't think he's gotten to the choice yet and that will come in revolutions. The Architect said that the expulsion of humans from the first matrix servered a purpose for the machines, so, theoretically, perhaps Morpheus, Trinity and the rest of them are actually computer programs, to assist moving the dissident population of the first layer of the matrix to the second layer. Of course, there is a possibility they are not aware of their own existance. This would explain Morpheus' adamant belief in "The One" (it's been programmed in him). Of course, Neo's love for Trinity complicates things and I think that will be the choice in the third matrix. He will have to decide between destroying this second layer of the matrix, which would destroy Trinity the computer program too, or preserving it because of his love for her.
Feel free to point out flaws, because I'd really appreciate that.
The "Alias" series on TV also features quite realistic computer manipulation. SSH, "ping -f", traceroutes, recompiles, etc...
:)
They pushed realism quite far: in one particular episode (can't remember the name, but this scene takes place in Mexico), one of the agents goes undercover as a DJ, and uses an iBook (macs are popular among musicians and DJ's) instead of his PC laptop, for more realism... Cool
Hello! I'm a disaster waiting to happen!
Your mind is closed, Grasshopper. You see only with your eyes. You think only what you wish to think. Close your eyes, Grasshopper. Open your mind.
I also was sitting next to a really hot chick at The Matrix, but I didn't dare ask her name for fear of what her boyfriend would do to me.You were 80% angel, 10% demon. The rest was hard to explain. - Over The Rhine
"Math in a song is good."-Linford
Maybe the pimply-faced 14 year old stereotype is just a myth put about by the gorgeous women that actually deface websites, and DDoS IRC networks?
I mean, who's **actually** met a script kiddie?
Get your own free personal location tracker
Ever heard of custom software?
:)
Besides, why would the average grid operator want to individually log into the grid substations and disable them? A nice concise unix command would fire off scripts to do all that.... and yes, if I were the operator I'd want confirmation..
Finally, this is just fiction, ya know? Heck, they used SSH though to make an appeal to geeks
TurboD
She's got sense enough to use a sploit, but she chooses a feeble password like Z1ON0101. Come ON, Trin, only 2 character classes, only 8 characters ? -sigh-
25% Funny, 25% Insightful, 25% Informative, 25% Troll
Congrat-u-fucking-lations.
You have determined that the controller for the power grid was on a private network. Maybe this explains the need for Trinity to infiltrate the lab to use a specific computer rather than any internet cafe. (hint: behind firewall)
People like to talk a lot of shit about the matrix, but when you do it, you might as well make an argument that makes some small amount of sense.
I used to bulls-eye womp-rats in my pants
*SPOILER BELOW: continued reading forfits all rights and spoiler bashing ;)*
;)
;)
I agreee with your insights.. something is definatly strange about the entire last scene of the movie.
One thing I believe that may have slipped in on your observations is that in the end of the movie - Neo can feel the machienes. The first matrix was about the ability to go beyond relaity, and to move past the possible (in a pysical sense). This looks like the next matrix will evolve more so then the previous. Neo does not seem to have superpowers - but his instinct told him something about the machienes.
Also.. the guy next to him in the bed. Remember in the begining - the agent goes through the phone after turning into an agent? I'm speculating that programs have the ability to go into different parts of the matrix..
Ever wonder if the second matrix (what they think is them outside of the matrix) is just a test to see if anyone can ever break the matrix - and everyone who thinks they have broken free of the matrix are still actually in the matrix?
Perhapds the machines digging are a futureistic anti-virus programs just taking their own representation in the "real life" matrix?
The third movie is definatly going to get my money on opening night
Comments, opinions? Insights!!? Please tell
Mod me down im a newf (wiki)
This spoils nothing but the first film.
The statute of limitation on spoliers runs out once the film shows up at Blockbuster.
The REAL jabber has the user id: 13196
What you do today will cost you a day of your life
All of this managed to make my Matrix experience just that much harder to enjoy.
-h-
Will NOT be Z1ON0101. However, I will be adding that to my dictionaries (:
No sig for you. YOU GET NO SIG!
How can this guy get modded up for being insightful when he doesn't know the name of a major player in the film?
The Merovingian dynasty was the first kingdom of France to emerge from the ruins of the Roman empire, led by Clovis I. Unlike most ruling families in Europe, though, it's not named after it's founding member. Or I guess you could say it is, since "Merovec" is considered to be a half sea-monster. This gives the cruel character a little more depth
----------
I am an expert in electricity. My father held the chair of applied electricity at the state prision.
Anyone who complains about 555- numbers in movies should be forced to live in a home with two phone lines:
8675309
8535937
~Philly
I think it's pretty sad. In a movie they do a hack "correctly" and everybody is amazed. How much of their million dollar budgets does it take to properly research this stuff? not much. They never cared about impressing the geek before now. They want to entertain audiences.
In all reality this hack would have not been left open by the Zion admin. He's a unix operator.
If you really wanted a hack more in line with reality, she should have called a Zion employee while pretending to be Zion admin. They would have gladly gave up their password.
z1on0101 is the password trinity uses when overriding the powerplant password...
I would put this password first in line on my dictionary for password attacks....
I know all my servers will have this password from now on..
many of the "higher" programs (oracle, architect, seraph, merovingian etc.) "hang out" in the matrix? why?
The man of knowledge must be able not only to love his enemies but also to hate his friends.
So, the actual history of the Merovingians, not so exciting. The mythology is better though, and far more relevant to "The Matrix." The founder of the Merovingians, Merovec, is considered to be somewhat mythical. The first Merovingian for which there is good historical evidence for is Merovec's supposed grandson, Clovis. As the above poster notes, one story has Merovec as half beast. Other accounts (with connections to Gnostic Christianity, a subject that has been much discussed in relation to "The Matrix") claim that Merovec was the descendant of Jesus (and Mary Magdelene). Yeah, I know, but just bear with me. Now, after the Carolingians took over, supposedly a secret society was formed to reinstall the Merovingians to the throne (after all, who could have more authority than someone with the bloodline of David and Jesus?). This society is named the Prieure de Sion, or the Priory of Zion. (ominous music plays for effect)
This secret society, as all secret societies eventually must (seems to be a rule of conspiracy theory), has been linked to the Knights Templar (which were quite real, actually (formed during the Crusades, became quite wealthy through guarding banking transactions, like a medieval Brinks, were annihilated by Philip the Fair in 1307), though the mythology that has sprung up regarding them is vast) and through them to every secret society you've ever heard of- the Freemasons, the Illuminati, etc.... In other words, the character "the Merovingian" is connected in name to bunch of real world secret conspiracy plots, just the sort of thing you'd like for a fictional character connected in deep with secret conspiracy plots. I must admit it's nice to see that the brothers Wachowski have really done their homework.
"FDA staff reviewers expressed concern about the number of patients who were left out of the study because they died."
There are a lot of references to Merovingian being something of a "devil" character.
In Reloaded, Persephone was Merovingian's discontent wife. In Greek mythology, Persephone was forced to marry Hades, the god of the Underworld.
Also, if I recall correctly (I've only seen it once), Merovingian said that he was once like Neo, but had since grown bored of that, or stopped caring or something. In Christian mythology, the devil was once an angel, but had fallen.
In both cases (or all three, including Merovec), the Matrix's Merovingian is meant to be a character who enjoy playing tricks, hatching plots, and otherwise being a thorn in the side of the protagonist.
META: Why do I never find the interesting posts and think of good replies until after they're a day old.