Is there such a thing in "good" hacking in media? Or are we doomed to watch two people type on one keyboard. Let's talk the good side before we go bad.
Discord: https://discord.gg/bJauPBBhHn
Website: https://whattheshellpod.com
Instagram: https://instagram.com/shell_pod
Bluesky: https://bsky.app/profile/shellpod.bsky.social
One thing you may or may not know about me is that I like movies. Growing up I remember a lot great moments in my life centered around film and sometimes TV too. Whether it was watching Mystery Science Theater 3000 with my dad or going out to the local AMC with my friends on a Friday night I just loved the worlds they brought you to.
Naturally, that would mean through the years I've seen my fair share of movies that try their hand at showing scenes that involve hacking or cyber in cool and unique ways. Don't get me wrong, I love this field but "Edgy, high speed, and all the things that come with Hollywood" don't tend to overlap as much as the screen would have you think.
But where do they get it right? Or at least as close to right as we can ask them to?
This week, in a special holiday episode of the show, I thought I'd take a break from normal cycle of advanced threats and look at some of my favorite hacking scenes that are actually close to getting it right. They'll rom some a couple different pieces of media and talk out what worked, what didn't, and maybe explain something you might not have known about with Hollywood.
I'm John Kordis, and this week I'm inviting you to come with me back to Hollywood. Although this time we'll be leaving Sony and the Lazarus group out of it. I want to talk about hacking and cyber in movies and What the Shell is going on when they're putting this stuff together.
INTRO
So, a couple things off the bat here. I originally had a whole episode around good and terrible hacking in movies and tv written and planned but I realized it didn't work as well as I wanted it to.
What I found, and what I'm sure you're all pretty familiar with as well, is that a lot, and I mean a lot, of bad hacking in media comes with some insane visuals. Whether it's 3d renders of a unix file structure in Jurassic Park, the hacking battles in Hackers, or a car chasing down a plane to plug in an ethernet cable…. a lot of this bad stuff just doesn't really work in an audio format. So as I mentioned in the last episode, I'm going to be trying my hand at a video format at some point at the start of the year, just on a trial basis, to talk about some of those more outlandish scenarios.
Today, I'm going to talk about the ones that get it right, or if they don't get it right the ones that at least come close and maybe have one foot in reality.
I'm going to start with what I think a lot of people consider the golden standard, and that's Mr. Robot. Now if you haven't heard of Mr. Robot, first off what are you doing, go watch it. It's truly one of my favorite shows. The writing, Mac Quayles score for it, the filmography. It's a great watch.
But really, here's the mile high view. The show follows Elliot Alderson. Elliot is a cybersecurity engineer by day and vigilante hacker by night. Pretty quickly we learn that he struggles with mental health issues and societal disillusionment. Elliot is gets by a mysterious anarchist known as Mr. Robot, to join an underground hacker group called fsociety.
Their mission is to take down E Corp, a powerful multinational conglomerate, and erase all consumer debt, which they believe will free society from financial tyranny. Now if all this sounds familiar it's because it seems like it takes inspiration from groups like lulzsec or anonymous. Fsociety in this case is a play on the phrase fuck society.
What sets "Mr. Robot" apart is that it has a level of dedication to authenticity and technical accuracy in its portrayal of hacking that we don't really get in other places. If you listen to interviews writing room consults with cybersecurity experts to depict realistic hacking techniques and tools, such as using Kali Linux, social engineering, and various forms of exploitation. But just how realistic is this? Well let's look at episode 1. The lead up to this is pretty simple, what did Elliot do last night? Well in this case…he went to eat and found himself putting out some justice. Listen in, he's leaving the restaurant when he stops and sits down with the owner.
Elliot Hacks A Pedophile | Mr. Robot
So let's take a couple of pieces out of here and talk about the initial interception and then move to the darknet stuff. When Mr Robot was filmed and premiered it was still the mid 2010s. That means a few things. A lot of encryption and traffic going over secure ports may not have been as common place. For example it would only have been a few years after https made its way to Facebook that this occurred. So some, smaller sites may not have moved over and there may even have been use of an open network that also left things insecure.
To someone like Elliot that means a couple things, once he's on the network he might need only go as far as using wireshark, a packet sniffing tool, to observe the traffic he's seeing on the network. There are some features that he might be able to use in wireshark like it's ability to identify certain protocols that would have hinted at traffic being sent over tor nodes. Additionally, if Elliot took all the source and destination addresses being shuttled across the network, it's possible he could have compared that to a list of known TOR nodes.
The second option we really have in a similar boat is that maybe Elliot places himself directly in the middle. Elliot could have performed what's called a man-in-the-middle attack, where he sets up a fake router to look like the real one, but is connected to the internet as well, perhaps even through that router.
What he can then do is use a free tool like Bettercap to manipulate and pass along any traffic that comes through. Bettercap can scan for devices, discover services, and even find open ports within a network. In this case, one of its standout features is its ability to perform attacks where it intercepts and manipulates communication between a user and a server without them knowing.
It would work like this. Say you're at the restaurant and you want to connect to Rons_Wifi. It's open and has a strong signal. So you connect, you get internet access, you're happy. But what you really connected to here was Elliot, who then hands your stuff off to Rons wifi for real and it keeps going along. When you browse to a website, you'll say something like go to gmail.com and your device will ask your router or naming server where gmail.com is and point it to that IP address. If Elliot controls the equipment that does the pointing he can say go to my fake gmail.com instead of real gmail.com. In an attack, an attacker might make a website that looks exactly like gmail, takes your credentials when you log in, send it along to gmail, and return the client to you like nothing happened but they get to make out with your username and password now.
So by placing himself in the middle of the Wifi, it's possible Elliot could have gotten enough information from Ron himself to gain some insight into a username and password, or to fool traffic to go through him for logging and abuse.
The last point I'll make here is that he could also very well have just brute forced the login credentials of the router. A router's IP address is not secret and the login portals are often pretty easy to find so that you can sign in and do any admin work that you might need to. There are literally hundreds of tools that you could use to bruteforce the username and password with a list and just automate and wait until something pops. And remember, how often am I complaining about default credentials and routers on this show? I'm sure that Elliot could use Metasploit, he could use Hydra, he could use a myriad of command line tools to take common wordlists and find a username/password to get in there.
So you'll remember we talked about TOR back in episode 25, What is the Darknet? If you didn't listen to that, TOR is basically a routing protocol that's commonly used to access the dark net. It works like this, using an entry point such as the TOR browser, you can get access to the dark web. The traffic that's passed through here maintains its privacy and security by bouncing itself through what are called "volunteer nodes" . Then, after the traffic hits the exit node, it will access the site you're looking for. It's really just passing your traffic around to the point where it becomes insanely difficult to trace it back to the originating source. We know here that Elliot says he's in control of the exit node so he knows theoretically where that traffic is going to go. What this means in the scope of the scene is that he's able to see what the final destination address is, research and observe what's going there, and ultimately get enough proof that this guy is doing this that the police come in and arrest him.
It's one of the first iterations of a vigilante hack that we really get from Elliot and it's a great introduction. And honestly in this case, it's a hack that's not even very uncommon or super out of the realm of an at home hacker to perform. Now, let me say by no means am I suggesting that you go out and do this. But to do something like this there's just so many ways to build your way into it or even buy your way in. Bettercap and ettercap can by loaded onto a raspberry pi device, and with the right kind of wifi adapter you can receive and broadcast networks. All in all even buying new I would wager that you could pull this off for under 150 dollars. It's one of the reasons why people are so cautious about connecting to open wifi networks. Hypothetically I could post up at something like a Panera bread, host a fake access portal to make it seem legit, then do some malicious redirecting and the only thing you might notice on your side would be some latency issues.
Let's move on to another example from another classic movie. You know what, the clip here is only 25 seconds long. I want to see if you can tell based on the audio what movie this is from.
Trinity uses nmap in The Matrix Reloaded
If you guessed the Matrix Reloaded, congratulations and wow. The scene in question here is when Trinity is hacking into a power grid to take parts of the city offline. For just a few seconds you're able to get a glimpse at her terminal and see what kind of commands she's running and tools she's using. Let's see if they make any sense. And I'll have screenshots on the website as well as links to the videos for this so you can all watch as well so don't forget to get to Whattheshellpod.com to take a look or look at my Instagram for some posts about it too.
The first glimpse we see of the command shows at the top that Port 22/tcp is in a state of open and labeled as SSH. It also says no exact OS matches for host, nmap run completed, and 1 IP Address found.
This shows us that trinity came in and ran a scan with a tool called Nmap. Nmap is a frequently used tool by hackers and professionals as well. At it's core, it's a network mapper that will send packets across the network and see what comes back to you in a way that allows you to get an idea of what's on the segment you're scanning. I won't go into the fine details but it will hit the designated ports and return a status, if that status is something of value it can give you information on the port itself that it has in it's available information. So here it saw that port 22 was accesible, which it then labeled open, and then was able to tell you based on what the system returned that it was running a remote access protocol called SSH. This means that Trinity could use SSH to access the system. But she still would need some level of credentials or access to an exploit that would get her in.
So let's look at the next line because that also gives us a little bit of information. According to the next line of dialog, she launches this command:
sshnuke 10.2.2.2 -rootpw="Z10N0101"
We see that the terminal returns that it's connecting over ssh, that is' going to exploit SSHv1, and it's successful, that it's resetting the root password to that password it listed, and then it gives a confirmation.
From there trinity uses a standard ssh command to access the system with the password she just reset. But is this a real exploit? Let's take a look at what sshnuke actually is.
SSHNuke itself isn't an actual exploit kit, but it does attempt to use a very real buffer overflow vulnerability to exploit SSHv1 CRC32. So it's possible that trinity just has some flair and wanted to name it something fun.
The bug was discovered in 2001 by Michal Zalewski. Since this movie came out in 2003 the bug would have been just over 2 years old at the time of release. The SSH CRC-32 bug is a very real buffer overflow in a chunk of code designed to guard against cryptographic attacks on SSH version one. If it's properly exploited, it grants full remote access to the vulnerable machine.
We can look at exploit-db and find some information with available exploit code to see what could work with this. The first few lines of descriptive comments allow for some more information on our end. Quote: "An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory.
https://www.exploit-db.com/exploits/20617
This would occur in situations where large SSH packets are received by either a client or server"
A very dumbed down way to describe this is that if you give too big of a packet to this system on ssh, it's possible that you can go out of the boundaries of where the application runs and into the system memory. If you control the memory of the system you could potentially point it to somewhere else maliciously and get to execute a command in the context of what's currently happening.
So what it's safe to assume here is that what trinity did was combine some of her own exploit code to force that buffer overflow to execute a command to reset the root password in the context of the root user. Then she can use that new password to legitimately get access to the system and start turning stuff off in the PowerGrid! Honestly, it's another great example even if it's only on screen for about a combined 10 seconds. For such little screentime, it's a lovely detail that aged super well.
For the last one, let's move over to the 1983 classic "Wargames," a film that, while filled with unrealistic hacking, shines when it comes to the reconnaissance aspect. If you're not really familiar, "Wargames" follows Matthew Broderick as David Lightman, who inadvertently hacks into a U.S. military supercomputer. The movie's depiction of hacking will sometimes venture into the realm of sci-fi, but the reconnaissance techniques portrayed offer a surprisingly accurate look at early hacker methodology. And honestly, I think we're all gonna give it the pass if only for the iconic "Would you like to play a game" line.
But when it comes to the hacking itself, one of the most realistic aspects of "Wargames" is David’s initial research and information gathering. Most movies I think often gloss over the finer details of reconnaisance. Hollywood tends to assume that
David doesn’t just stumble upon a military computer by accident. Instead, he engages in social engineering, gathering information about the systems he wants to access, and uses dial-up modems to scan for open networks. This method of "war dialing" – dialing random numbers to find computer systems – was a genuine technique used by hackers in the 80s.
I'm going to cut some audio in, listen as David finds a bank, an airline, and eventually the system itself.
WARGAMES (1983) | David Discovers A List of Games | MGM
All he's doing here is just seeing what publically available infrastructure is letting him in and getting him access. And I like in particular this scene because even with the trip to Paris, what he's seemingly doing is adding a reservation to a database which isn't an unrealistic thing. Because there's no actual transaction though, it's nothing more than a reservation and not a confirmed ticket.
WARGAMES (1983) | David Discovers A List of Games | MGM
And with that the list of games pops up showcasing things like "Falken's Maze", Chess, Rummy, Hearts, Checkers, Poker, and you know just some casual Global Thermonuclear War.
Even his process here is fairly reasonable. The only thing I'd criticize here is running help commands from a logon prompt. You can't see it's asking for a username and he's running commands like he's already in as an unprivileged user. Taking that aside, it's really fairly common for someone to see a new application and ask for the help outputs to see what it can do. You'll find these a lot in CTF exercises as well, that's capture the flag. Things like hack the box will often have apps that you're not expected to have familiarity with but should learn to understand as a part of the exercise. So running help will really let you figure out what you can do, and in this case maybe enumerate.
If you're a hacker and you heard that list of games. What would have popped out to you? For David, it would have been Falken's Maze. Since that wasn't a real game he could make the assumption that Falken was a person and add it to his list of potentially enumerated usernames and passwords.
David's careful planning and data collection mirror real-life reconnaissance efforts, showcasing the importance of patience, strategy, and understanding the target before attempting any hack. While the movie takes many liberties with the actual hacking process, the groundwork laid by David's reconnaissance is both credible and crucial to the plot.
In real life during the early 80s, David would have started by using a phone book or public directories to find potential targets, manually dialing numbers to locate modems and computers connected to phone lines. This process, known as "wardialing," was a common method to discover accessible systems. Once he identified a potential entry point, David would likely rely on default passwords and well-known exploits of the time, given the limited security awareness. This meticulous, manual approach required patience and a keen eye for details, reflecting the slow and strategic nature of early hacking efforts before the advent of modern tools and techniques.
It's a technique that harkens back to episode 2 and 3 of the show with Kevin Mitnick. War Dialing and this type of reconnaisance were exactly the kinds of enumeration you'd expect a hacker to go for back then. While the rest of the movie might be a bit extreme, this little bit of grounded recon made me smile when I watched it again as an adult.
So we talked about some of my top hacking scenes in movies and tv today and it was only 3 instances. Mr. Robot, I could honestly probably do a side series breaking that down for a long time given how much they actually do in that show. The Matrix, an iconic film series with it's roots in hacking and cyber culture, and War games. The epitome of a hacker stumbling upon something he doesn't quite get and realizing that it's way more than he bargained for. On a side note, I bet he'd claim quite the bounty for that finding today.
I'm going to continue this series with the bad of hacking in January, but probably on my youtube channel. Don't feel pressured to subscribe there, really the only thing it's for is uploading the podcast to youtube podcasts and to house some of my old hack the box walkthroughs I did. I'll plug that when the episode comes out.
I've got one more bit of bonus content coming on new years eve. I talked about it last week but if you missed it this year I kept my own personal bingo card of goals and kept track of all the new media I watched, read, or listened to. I thought it would be a fun little offshoot to take that and do a small dive into the kinds of things I got up to this year, and maybe spread some recommendations your way.
In terms of the show, we're on BlueSky now! I've said it before, discord is the primary method I use for communicating with the show but I saw an avenue for expanding in Blue Sky so you can find me there at shellpod, one word. If you want to join the discord, I've got an invite link in the episode description. We'd love to have you over there.
One little favor or call to action if you don't mind though. If you can, share your favorite episode on a social and tag me! I'd love to hear what worked for you from the show. And if you don't mind a positive review or a 5 star rating would definitely help too.
Alright I think that's enough pandering to the audience for now. I'll see you all for the end of the year bonus episode!
End