Post Mon Aug 21, 2006 12:25 am

Skillz July 06 Winning Entry - Creative

Hans-Martin Vogt-Ostmann

After O-ren had taken Tanaka by surprise she sat back and rested in thoughts over the passed week.

What has happened? Was it real? Could it be that she became the leader of the worlds most feared club of assassins in such a smooth way?

Of course, after finishing off Tanakas J.A.E.P.I. she installed her very own organization in the midst of Tokyo in a cellar full of the world's most precious computer systems, allowing her to search the net much faster than she could herself, using a new algorithm to filter useful information from trash.

First of all she tried not to make the same mistake as Bill. Root access to the computer was only possible from the console, standing in a highly secured room. Access control being fingerprint and iris scan, voice analyzer and a password which changed automatically after every succesful login. O-ren could master remembering hunderds of them, so she had no need of writing them down or using some sort of readable code.

Once a month the computer would read out loud the passwords for the next weeks in an ancient language only few people spoke today.

And being a very careful person, O-ren avoided the other mistakes Bill made, as well. She edited her own /etc/sudoers file so that only root could use sudo without limits. Any other people having access to the system could only do what they needed, like

User_alias SHUTDOWNERS = tezuka,fujio,akatsuka,shotaru Cmnd_alias SHUTDOWN = /usr/bin/shutdown
root  ALL=(ALL) ALL
SHUTDOWNERS ALL=SHUTDOWN

From the output of "cat /etc/sudoers" she realized at once that Bill would not get a mail from the system, warning him that someone not authorized has done "sudo". "Stupid Bill", she thought.

Was it that easy to spy Bill's password? How did't he notice the file that existed only as an inode after unlinking it - she did remember the inode number with ls -i " " for retrieval of Bill's password afterwards.
O-ren knew that the running background job would keep the sniffer file intact until the tcpdump job stopped. After having done what she needed she removed the traces in the /var/log/sudo.log logfile and logged off so that her connection traffic wouldn't mess up the sniffer file.

In her own system a cron job tested the file system and job list with "fsck" and "ps" every hour to detect anomalies and report them directly to O-ren's cellular phone, so that she could react properly before logging on. She wouldn't be attacked as easily as Bill.

The two cups of tea and the workout on the mat soothed her mind in the time of waiting for Bill to log on. Two hours later and sweating she logged on again and looked for the first occurence of the keyword "snakecharmer@" in the output from the "tcpdump -r" command on the sniffer file she retrieved using the inode number, knowing that Bill's password would follow immediately. "What a shame", she thought. Bill had used a gpg-protected file. But O-ren was patient. She knew that doing this kind of sniffing a second time would reveal this password as easily as the first time. But she had to wait two days, because Bill went to the hills to contemplate.

O-ren hoped, that Bill would not open his gpg-protected file with the "--s2k-mode <n>" option to secure passphrase transmission or would not use a passphrase file. Her hopes were fulfilled. The world was in her hands.

O-ren wrote a haiku, the traditional form of japanese lyrics. In remembrance of Bill she tried to use the words "otaku", "Bill" and "Godzilla", these being the words Bill used as passwords. She admired him for his habit of thinking outside the box, using a chiffre to obscure his passwords. But it was too easy. He shouldn't have used the ASCII representation of the words. Those could be hacked even without using a sniffer, just by pure mathemetical analysis and cryptography.
And Bill was so leet... having used slang to camouflage the password for the netword. Well, it didn't help. O-ren was a master of the supreme art of war herself, knowing the words of Sun Tzu too well.

"Otaku" was the word she liked most, as she, too, was a fan of manga.

In order to relax a bit she began reading the newest manga from the stores. She was so lost in reading thad she didn't notice the thin blade of carefully folded metal coming through the pages. It didn't even move the booklet, so sharp it was. Being pinned to her seat, the last words from a well known voice she heard were "Hey my sweet little bear, don't come too close to the honeypot, you know what I mean?" Then it was quiet again.


Don
Last edited by don on Mon Aug 21, 2006 12:35 am, edited 1 time in total.
CISSP, MCSE, CSTA, Security+ SME