Wednesday, March 01, 2006

Hacker's Guide To Gaining Root On A Girl: Mysteries Revealed

* * * 1.Analyzing the target * * *

Purpose: to make sure $she is really worth it all. Be *sure* she isn't
just another incompatible one before you take any action.

All you need to do is check for dependancies. Find out what she gives
priorities to.

If looks are all that counts, it tells you she pays attention to you
only because of your GUI. She might even call your $parents someday and
say, "The product you released XY years ago has a considerably pleasing
graphical interface. Thank you ever so much. I'm trying to upgrade him by
adding some minor development paths." What is wrong with this, paying
attention to the GUI only and not putting efforts to dig deeper reveals
her being a weak hacker. The development she'd make on you wouldn't be
the development you need (and, actually, want).

Meanwhile, the following statements show her have the right attitude (check
if she's prone to adapt any of them to you):

- "I appreciate him because of his kernel (aka: personality), it's really
- "he's well documented" (aka: honest/fair).
- "the source is pretty clear" (aka: simple, easy-going).
- "debugging doesn't require much effort" (aka: flexible).
- "he's easy to update" (aka: open-minded).
- "modules are easily handled" (that is, moods).
- "he's got several ports open for me" (aka: aproachable).
- "... still he doesn't accept anonymous connections" (aka: faithful and
- "a minor data leak occurs occasionally, but i guess it's ok" (aka: talkative).
And, most important of all:
- "he wasn't all the above before I did some coding on him. I've done a
significant improvent to his source, and generally all the merits belong
to me." (several things come out from this one: 1- she thinks she roots you;
2- that is only in her mind that she roots you, indeed; 3- you've
succeeded in making her believe she roots you, that is good 'cos this
attitude simplifies the process of you getting the root on *her* ---- once
again, that reveals you being an experienced hacker).

Once you finish analyzing the target, you may proceed to the second part of
the process.

* * * 2.Gaining access to the target * * *

This step is a little complicated, you'll have to try combined
tactics. Still the types of tactics can be roughly sorted:

--> Man-in-the-Middle Tactic. Two typical approaches have been specified:
-A- with such schematic appearance:
Victim -------------------------> X Person
(the girl) ^
Explanation. Look for a data leak or weaknesses while watching
her communicate with another person. Pick up the compatible
information. Regard the whole action as data sniffing.

-B- with such schematic appearance:
Victim -------------------------> Attacker
(the girl) ^ (you)
X Person
Explanation. A custom person provides her with positive information
about you. Benefits: improves the reliability.

--> Client To Server Tactic - requires direct communication. This tactic
is a very important part of the proccess. Your aims are:
- analyze her system and its behavior (aka: get to know her), locate
possible vulnerabilities. Regard this action as port scanning.
- get her linked (finding common interests seem to work well).

--> Physical Access Tactic - usually has the lowest priority, because basic
knowledge of the system is required which can only be handled after
working with other tactic types. Don't try physical access unless you're
sure you're acquaintant with victim's weaknesses enough. Take into
consideration that if you request for physical access and $she doesn't
grant it, the consequences will lead to a severe slow-down of the whole

Considerable note: You might wish to try some social engineering on her
friends or parents before actually taking any other action. That might
provide u with useful information on possible logic errors or known

* * * Gaining root on the remote system * * *

Permissions of an ordinary user is entirely sufficient at the begining, tho
the next step is much more demanding: your aim now is to become a super-user.

The most reliable way to do that is by exploring such vulnerabilities as
logic errors and weaknesses which you could locate in her source code while
spectating her behaviour (see the previous step).

--> When Buffer Overflow is a good choice to count on: consider a situation
when you cannot locate any weaknesses or compilation errors. In such case,
check if $she does the check for input errors and how $she behaves at
receiving bigger amounts of data than $she can handle. Buffer Overflow
Usage: if $she seems to be able to handle "A", feed her with "A + A^n".
This might lead to the confusion of the victim which you can use for your
personal purposes (aka: shock her a little, then use it). Note: be sure
"A + A^n" is less than "A + A^6", otherwise it can lead to kernel panic
and the remote system might stop responding.
Buffer Overflow exploration might lead to a temporary hole in her security

--> Just after you've located a hole: fill it with *your* pre-written data
(aka: when you realize what she wants, *give* it to her. Or promise you'll
give it later. Note that keeping promises is a nice, yet entirely
optional, thing).

Have phun ;P
- kristi -