Saturday, November 20, 2004
Prologue
Spasm usually leaves at around 2:30am but today he stayed well until dawn. We were working on adjacent machines, our eyes tired, but minds still alert. I finished and saved my work.
"Coming Spasm?" I asked him.
"Just a moment," he said. I waited. After about five minutes, he was done and shut the machine.
"Let's go have some tea," he suggested. We walked silently down the stairs and towards the college gates.
"Spasm, how secure are the systems here? I mean, how difficult would it be to be supervisor on one of our systems?" I asked. Spasm stopped in his tracks, looked at me for a moment and started walking again.
"I don't know," he said. "Maybe it's possible to crack them. Why do you ask?"
"I'll tell you a story. Last week, my house keys were missing. I must have dropped them somewhere, or maybe I had walked out without getting them. I went to the city and started looking around for a locksmith. I finally found one who would make a 'house call.' He showed me a few stubs and asked me which one resembled my key. I selected one which seemed appropriate. He agreed to come with me on the condition that I drop him back on my motorcycle. I agreed and took him home.
"I looked at my watch as I intended to time him. He inserted a key stub in the lock, tried to turn it in both directions, took it out and looked at the marks. He began filing it and had a new key ready in one minute and fifty seven seconds." I paused for effect.
"I pointed out jokingly that he would be rich if he robbed a bank. He must have sensed that I was pleased with his work, for he demanded an exhorbitant price. I paid it, on the condition that he give me some key stubs. After he had left, I bought a file and proceeded to try a hand at
the locksmith's job. I inserted the stub in the lock and tried to read the marks. I could not make out any. I rubbed the surfaces of the stub with a candle and tried again. This time the marks were easily distinguishable. I jammed the key stub between two bricks and started filing it. I was clumsy and the stub slipped many times. It took me half an hour to make a key which opened the lock smoothly. I did this every day for a week until I had used up all the stubs. I can now crack the lock in five minutes.
"If someone wants to break into a house, it's that easy. We think we are secure. We tell ourselves we are secure. Locks don't protect us. But we believe in our illusions ... until it's too late. It's the same story in the computer world. We think that passwords protect our accounts, but they don't. If you want to, you can crack the toughest system with the minimum skill. You just have to look for a loophole."
"What do you mean by loophole?"
"You have to know what are the illusions of security in the system. Then proceed to circumvent it."
"Do you mean to say that, without any esoteric knowledge it is possible to crack a system, provided you know what are the assumptions behind it's design?"
"And the way it is enforced."
"I find that preposterous. It's easy to make speeches on computer security, inflation and violence in the movies. If cracking a system is that easy, why don't people crack systems everyday? Why do people believe in security systems at all?"
"People do crack systems everyday, you find 'how to' stuff all over the internet. Some of them dont announce thire findings. And those who can't are the ones that share the illusions of the general public. People can crack systems not because they defeat the concepts that are thought
of, but because they circumvent the assumptions behind them.
"Have you seen the system locks on some machines? People think that they can lock thier machines and go away. But they forget that most computer cabinets being mass produced, have identical locks. One key opens all of them. But even if you don't have a key, all you have to do is open the cabinet, trace the wires and pull the jumper off the motherboard. The system is open. The system lock is the concept. The assumption is that nobody will think of opening the cabinet. And what about the BIOS password? It's stored in the CMOS memory and kept alive by the battery. Discharge the battery and the password is gone. The BIOS password is the concept. The assumption is that no one will think of discharging the battery."
We sat down on one of the benches scattered carelessly around the trees near the university canteen. We ordered tea and drank silently. Spasm seemed to be thinking.
"So according to you, if we pick a system and apply your theory, we should be able crack it easily?" he asked.
"Yes, it might take some time, though. We might have to write some programs." I replied. We paid for the tea and walked back.
"Let's try the Kirloskar system. But not now, we need sleep. After classes, I'll meet you around 1:30."
Spasm was already in the lab when I got there. I came and sat near him. He was looking at the '/etc/passwd' file, which contains various information about the users of the system.
"What are you looking for? Trying to figure out how to decrypt the password?" I asked.
"No, I'm looking at the user-ids. The root has a user-id of zero, you know, and other accounts which have a user-id of zero will automatically be superuser equivalent. I'm searching for an account with user-id of zero and no password."
"I doubt that you will find one."
"I have, actually, but it is 'shutdown'. If I log into it, the system will halt. And I don't want to go through what happened to Nani."
"What happened to Nani?"
"Nani was generally exploring the system one day. Not here, on the HCL system." He pointed to the other side of the glass cage. "He was executing the commands in '/bin', '/usr/bin', '/etc' and '/etc/bin'- trying to learn more about the system, you know. He saw 'shutdown' and wondered what it was. He executed it. It printed something like 'shutdown in 30 minutes.' on all terminals. Remember, we used to play pranks by writing such messages on each other's terminals? Everybody thought it was a tasteless prank and ignored it. The messages kept coming every so many minutes. Soon it said 'shutdown in 2 minutes'. Nani panicked and left the room. Two minutes later, the system shut down. Nobody had saved thier precious work - they were doing COBOL, you know how lengthy COBOL programs are - and there was total pandemonium. The systems manager was called. He executed 'lastcomm', which lists all previously executed commands, and filtered the lines containing 'shutdown' using the 'grep' program. And he found out Nani was responsible. Nani had been caught playing 'hangman' the previous
week and, you can guess what must have been done to him."
"Shutdown is a command on HCL. Why is it an account here?" I asked Spasm. Spasm shelled out from the editor and ran the manual program to learn more about 'shutdown'. We saw that some parameters had to be passed to the shutdown program and we deduced that it was being done through the login script, apparently so that unskilled lab personnel could shutdown the system if need be.
"If only we could login without executing the login script," I said.
"Wait a minute!" exclaimed Spasm. "Su! su!! su doesn't execute the login script!" Spasm typed 'su shutdown' and pressed RETURN. The '#' prompt appeared on the screen indicating that we were superuser. We had cracked the system!
We looked around us. There were some students working on the system we had just cracked. The freshmen were looking around carefully before entering the password. "They obviously think they are safe," remarked Spasm.
"What's all the commotion about?" asked a voice to my left. It was Kid, a close friend. I hadn't noticed him come in.
"We cracked the system," I said in a low voice. "Shutdown doesn't have a password and it's user-id is zero."
Kid proceeded to type 'login shutdown'. "Wait! Wait! You'll shut the system down. Are you crazy?" I noticed a tinge of panic in my voice. But it was too late. He had pressed RETURN. I sighed, shut my eyes and hoped the admin wouldn't be too cruel to Kid. When I opened my eyes I saw a terse message: 'Not on system console.' on his terminal. On the next line was the '#' symbol. Kid's countanance stated with arrogant confidence that nothing unpleasant could happen to him. This was one difference between HCL and Kirloskar systems that I really appreciated.
"I must meditate on this concept for a while," said Spasm. "See you in the evening. Spasm didn't tell me that he planned to crack the HCL system. I didn't tell him that I planned to crack the Novell LAN.
"Coming Spasm?" I asked him.
"Just a moment," he said. I waited. After about five minutes, he was done and shut the machine.
"Let's go have some tea," he suggested. We walked silently down the stairs and towards the college gates.
"Spasm, how secure are the systems here? I mean, how difficult would it be to be supervisor on one of our systems?" I asked. Spasm stopped in his tracks, looked at me for a moment and started walking again.
"I don't know," he said. "Maybe it's possible to crack them. Why do you ask?"
"I'll tell you a story. Last week, my house keys were missing. I must have dropped them somewhere, or maybe I had walked out without getting them. I went to the city and started looking around for a locksmith. I finally found one who would make a 'house call.' He showed me a few stubs and asked me which one resembled my key. I selected one which seemed appropriate. He agreed to come with me on the condition that I drop him back on my motorcycle. I agreed and took him home.
"I looked at my watch as I intended to time him. He inserted a key stub in the lock, tried to turn it in both directions, took it out and looked at the marks. He began filing it and had a new key ready in one minute and fifty seven seconds." I paused for effect.
"I pointed out jokingly that he would be rich if he robbed a bank. He must have sensed that I was pleased with his work, for he demanded an exhorbitant price. I paid it, on the condition that he give me some key stubs. After he had left, I bought a file and proceeded to try a hand at
the locksmith's job. I inserted the stub in the lock and tried to read the marks. I could not make out any. I rubbed the surfaces of the stub with a candle and tried again. This time the marks were easily distinguishable. I jammed the key stub between two bricks and started filing it. I was clumsy and the stub slipped many times. It took me half an hour to make a key which opened the lock smoothly. I did this every day for a week until I had used up all the stubs. I can now crack the lock in five minutes.
"If someone wants to break into a house, it's that easy. We think we are secure. We tell ourselves we are secure. Locks don't protect us. But we believe in our illusions ... until it's too late. It's the same story in the computer world. We think that passwords protect our accounts, but they don't. If you want to, you can crack the toughest system with the minimum skill. You just have to look for a loophole."
"What do you mean by loophole?"
"You have to know what are the illusions of security in the system. Then proceed to circumvent it."
"Do you mean to say that, without any esoteric knowledge it is possible to crack a system, provided you know what are the assumptions behind it's design?"
"And the way it is enforced."
"I find that preposterous. It's easy to make speeches on computer security, inflation and violence in the movies. If cracking a system is that easy, why don't people crack systems everyday? Why do people believe in security systems at all?"
"People do crack systems everyday, you find 'how to' stuff all over the internet. Some of them dont announce thire findings. And those who can't are the ones that share the illusions of the general public. People can crack systems not because they defeat the concepts that are thought
of, but because they circumvent the assumptions behind them.
"Have you seen the system locks on some machines? People think that they can lock thier machines and go away. But they forget that most computer cabinets being mass produced, have identical locks. One key opens all of them. But even if you don't have a key, all you have to do is open the cabinet, trace the wires and pull the jumper off the motherboard. The system is open. The system lock is the concept. The assumption is that nobody will think of opening the cabinet. And what about the BIOS password? It's stored in the CMOS memory and kept alive by the battery. Discharge the battery and the password is gone. The BIOS password is the concept. The assumption is that no one will think of discharging the battery."
We sat down on one of the benches scattered carelessly around the trees near the university canteen. We ordered tea and drank silently. Spasm seemed to be thinking.
"So according to you, if we pick a system and apply your theory, we should be able crack it easily?" he asked.
"Yes, it might take some time, though. We might have to write some programs." I replied. We paid for the tea and walked back.
"Let's try the Kirloskar system. But not now, we need sleep. After classes, I'll meet you around 1:30."
Spasm was already in the lab when I got there. I came and sat near him. He was looking at the '/etc/passwd' file, which contains various information about the users of the system.
"What are you looking for? Trying to figure out how to decrypt the password?" I asked.
"No, I'm looking at the user-ids. The root has a user-id of zero, you know, and other accounts which have a user-id of zero will automatically be superuser equivalent. I'm searching for an account with user-id of zero and no password."
"I doubt that you will find one."
"I have, actually, but it is 'shutdown'. If I log into it, the system will halt. And I don't want to go through what happened to Nani."
"What happened to Nani?"
"Nani was generally exploring the system one day. Not here, on the HCL system." He pointed to the other side of the glass cage. "He was executing the commands in '/bin', '/usr/bin', '/etc' and '/etc/bin'- trying to learn more about the system, you know. He saw 'shutdown' and wondered what it was. He executed it. It printed something like 'shutdown in 30 minutes.' on all terminals. Remember, we used to play pranks by writing such messages on each other's terminals? Everybody thought it was a tasteless prank and ignored it. The messages kept coming every so many minutes. Soon it said 'shutdown in 2 minutes'. Nani panicked and left the room. Two minutes later, the system shut down. Nobody had saved thier precious work - they were doing COBOL, you know how lengthy COBOL programs are - and there was total pandemonium. The systems manager was called. He executed 'lastcomm', which lists all previously executed commands, and filtered the lines containing 'shutdown' using the 'grep' program. And he found out Nani was responsible. Nani had been caught playing 'hangman' the previous
week and, you can guess what must have been done to him."
"Shutdown is a command on HCL. Why is it an account here?" I asked Spasm. Spasm shelled out from the editor and ran the manual program to learn more about 'shutdown'. We saw that some parameters had to be passed to the shutdown program and we deduced that it was being done through the login script, apparently so that unskilled lab personnel could shutdown the system if need be.
"If only we could login without executing the login script," I said.
"Wait a minute!" exclaimed Spasm. "Su! su!! su doesn't execute the login script!" Spasm typed 'su shutdown' and pressed RETURN. The '#' prompt appeared on the screen indicating that we were superuser. We had cracked the system!
We looked around us. There were some students working on the system we had just cracked. The freshmen were looking around carefully before entering the password. "They obviously think they are safe," remarked Spasm.
"What's all the commotion about?" asked a voice to my left. It was Kid, a close friend. I hadn't noticed him come in.
"We cracked the system," I said in a low voice. "Shutdown doesn't have a password and it's user-id is zero."
Kid proceeded to type 'login shutdown'. "Wait! Wait! You'll shut the system down. Are you crazy?" I noticed a tinge of panic in my voice. But it was too late. He had pressed RETURN. I sighed, shut my eyes and hoped the admin wouldn't be too cruel to Kid. When I opened my eyes I saw a terse message: 'Not on system console.' on his terminal. On the next line was the '#' symbol. Kid's countanance stated with arrogant confidence that nothing unpleasant could happen to him. This was one difference between HCL and Kirloskar systems that I really appreciated.
"I must meditate on this concept for a while," said Spasm. "See you in the evening. Spasm didn't tell me that he planned to crack the HCL system. I didn't tell him that I planned to crack the Novell LAN.
Subscribe to Comments [Atom]
