Watch the video here : Click Here
Mr Robot one of the best tv show which depicted hacking mostly the way it isnearly all hacking scenes in mr.robot are accurate.
so i am going to talk about the hacks in mr.robot
From the very first few minutes in the first episode elliot confronts the owner of ron's coffee shop and states that he hacked into the his website because he is
hosting illegal content in his website so that the customers of his coffee shops can access from the shop's Internet connection.
Despite using the the onion router (tor) elliot is still capable of hacking the website and here elliot mentions
The onion routing protocol has three nodes which are three different servers maintained by three different volunteers most likely from three different parts of the world.
the three layered encryption of tor is only there to prevent individual relays from
knowing the original and final destination but when your connection leaves the exit nodes and the destination website is
unencrypted then the exit node can know what you are doing even if they don't know the original ip address .
So this hack was possible because before mr.robot was released tor was discovered with a vulnerability
so that A SECURITY RESEARCHER is able to intercept thousands of private e-mail messages sent by foreign embassies and
human rights groups around the world by turning portions of the Tor internet anonymity service into his own private listening post.
So at that time since the tor has this vulnerability this hack maybe possible but later it was resolved.and also if the website maintained
by ron is not secure the exit node can know the information about the requests sent to the website and can be intercepted.
Hacking Krista and Ollie
In both scenes if we pay attention where elliot hacks both krista and ollie , elliot uses the same tool called elpscrk which is elliot password cracker
and is specifically made for this series and clones of this tool are available on github.
In order to increase the chances of cracking the password
Here elliot is adding details like Dylan; June 3rd etc along with the general password list because most of the people set passwords containing their names or their birthdate etc. Here elliot is generating a password list including with the general password list
and trying to bruteforce the website to succesfully login into the website.
It took less time to hack ollie unlike krista because he is using most commonly used password
Now let's try to generate a password list using the similar tool used by elliot which is available on github.
Even though if we try to bruteforce using this generated password list there are no chances we can successfully login into the website
because most websites only provide specific number of login attempt,so it's a type of outdated hack.
Allsafe servers hack
Now in this scene there will be mentioning of DDos attack and rootkit
Rootkit : this concept arrived from the concept of root access which gives user broad permissions to change files and settings.
A rootkit is most of the times a malware which masks it's own existence or the existence of other software or malware so it is able to intercept system calls.
rookits are very difficult to remove because they are mostly invisible.
When elliot tries to stop servers infecting from each other then here elliot finds the rootkit in /root which is a dat file
it is not hidden well because elliot can see the file in the first place.
If we pay attention towards elliots terminal we can see the command astu which is similar to sudo in linux
here astu means AllSafe Toolkit Super User which does the same purpose as sudo which is to act as a root user.
Hacking Michael
Here When elliot tries to hack michael elliot uses technique called vishing which is a popular social engineering attack .
Vishing is basically voice + phishing where attackers try to call the victim pretending they are calling from a bank or a company and asks our personal information sometimes
maybe be passwords.
A Distrubuted Denial of service DDos attack is the type of attack which completely prevents users from accessing a website.
It makes the service unavailable by overwhelming it with traffic from multiple sources.
0 Comments