Hacker's Guide To Gaining Root On A Girl: Mysteries Revealed * * * 1.Analyzing the target * * * Purpose: to make sure $she is really worth it all. Be *sure* she isn't just another incompatible one before you take any action. All you need to do is check for dependancies. Find out what she gives priorities to. If looks are all that counts, it tells you she pays attention to you only because of your GUI. She might even call your $parents someday and say, "The product you released XY years ago has a considerably pleasing graphical interface. Thank you ever so much. I'm trying to upgrade him by adding some minor development paths." What is wrong with this, paying attention to the GUI only and not putting efforts to dig deeper reveals her being a weak hacker. The development she'd make on you wouldn't be the development you need (and, actually, want). Meanwhile, the following statements show her have the right attitude (check if she's prone to adapt any of them to you): - "I appreciate him because of his kernel (aka: personality), it's really stable." - "he's well documented" (aka: honest/fair). - "the source is pretty clear" (aka: simple, easy-going). - "debugging doesn't require much effort" (aka: flexible). - "he's easy to update" (aka: open-minded). - "modules are easily handled" (that is, moods). - "he's got several ports open for me" (aka: aproachable). - "... still he doesn't accept anonymous connections" (aka: faithful and devoted). - "a minor data leak occurs occasionally, but i guess it's ok" (aka: talkative). And, most important of all: - "he wasn't all the above before I did some coding on him. I've done a significant improvent to his source, and generally all the merits belong to me." (several things come out from this one: 1- she thinks she roots you; 2- that is only in her mind that she roots you, indeed; 3- you've succeeded in making her believe she roots you, that is good 'cos this attitude simplifies the process of you getting the root on *her* ---- once again, that reveals you being an experienced hacker). Once you finish analyzing the target, you may proceed to the second part of the process. * * * 2.Gaining access to the target * * * This step is a little complicated, you'll have to try combined tactics. Still the types of tactics can be roughly sorted: --> Man-in-the-Middle Tactic. Two typical approaches have been specified: -A- with such schematic appearance: Victim -------------------------> X Person (the girl) ^ | | Attacker (you) Explanation. Look for a data leak or weaknesses while watching her communicate with another person. Pick up the compatible information. Regard the whole action as data sniffing. -B- with such schematic appearance: Victim -------------------------> Attacker (the girl) ^ (you) | | X Person Explanation. A custom person provides her with positive information about you. Benefits: improves the reliability. --> Client To Server Tactic - requires direct communication. This tactic is a very important part of the proccess. Your aims are: - analyze her system and its behavior (aka: get to know her), locate possible vulnerabilities. Regard this action as port scanning. - get her linked (finding common interests seem to work well). --> Physical Access Tactic - usually has the lowest priority, because basic knowledge of the system is required which can only be handled after working with other tactic types. Don't try physical access unless you're sure you're acquaintant with victim's weaknesses enough. Take into consideration that if you request for physical access and $she doesn't grant it, the consequences will lead to a severe slow-down of the whole process. Considerable note: You might wish to try some social engineering on her friends or parents before actually taking any other action. That might provide u with useful information on possible logic errors or known weaknesses. * * * Gaining root on the remote system * * * Permissions of an ordinary user is entirely sufficient at the begining, tho the next step is much more demanding: your aim now is to become a super-user. The most reliable way to do that is by exploring such vulnerabilities as logic errors and weaknesses which you could locate in her source code while spectating her behaviour (see the previous step). --> When Buffer Overflow is a good choice to count on: consider a situation when you cannot locate any weaknesses or compilation errors. In such case, check if $she does the check for input errors and how $she behaves at receiving bigger amounts of data than $she can handle. Buffer Overflow Usage: if $she seems to be able to handle "A", feed her with "A + A^n". This might lead to the confusion of the victim which you can use for your personal purposes (aka: shock her a little, then use it). Note: be sure "A + A^n" is less than "A + A^6", otherwise it can lead to kernel panic and the remote system might stop responding. Buffer Overflow exploration might lead to a temporary hole in her security system. --> Just after you've located a hole: fill it with *your* pre-written data (aka: when you realize what she wants, *give* it to her. Or promise you'll give it later. Note that keeping promises is a nice, yet entirely optional, thing). Have phun ;P - kristi -