Exploring the Hacker Tools of Mr Robot

Over the years the most famous hacking tool that has made it into the movies is Nmap. When producers of a movie actually try to put a dose of reality into the computer hacking scenes Nmap will often flash up on the screen. AFAIK Trinity was the first in the Matrix. Nmap has also appeared in Elysium, The Bourne Ultimatum, Die Hard 4 and many others.

The debut season of Mr Robot has received a nod from the security focused twitters for its attempts at trying to keep things for the most part realistic. In the episodes so far we have seen hacker types communicating using IRC, there are Linux boxes as far as the eye can see and the main character wears a hoodie. Of course it is a television show that has to be entertaining so we have to give them some slack in getting a bit creative. So far they seem to be doing a pretty good job at maintaining a balance between the story and what is technically possible.

Here is a quick overview of some of the tools that have appeared in the show so far.

Kali Linux

In multiple scenes we can see references to the Kali Linux distribution, a complete operating system that has been packaged with configured and ready to use penetration testing (hacking) tools. If you are interested in learning about network security, get a copy of this and start playing! ** Only in your lab network of course! Breaking into computers you do not own is illegal in most parts of the world **.

Wget, Shellshock and John the Ripper

Wget is a terminal program to make HTTP requests, a popular use case is to simply download the source of a web page or grab a file from a web server in a terminal.

Here this handy tool is used to compromise a system using one of the big vulnerabilities of 2014 the shellshock bug. You can see the commands being sent in the User Agent of the request to the web server, the command in the screen shot is simply cat /etc/passwd.

While success was achieved here getting the /etc/passwd file, without the /etc/shadow file that contains the password hashes the next line where John the Ripper is launched is never going to work.

Canbus Hacking

Car hacking has really hit the big time recently after computer security researchers remotely hacked into and took control of a Jeep as it was driving down the freeway. Canbus hacking has been around for a number of years and both car enthusiasts and security researchers have been poking around to gain access to the computers that control the modern car.

In the screen shot from Mr Robot we can see candump, one of the Linux utilities used for viewing the canbus messages.

USB in the car park

We see in this scene one of the few Windows desktops shown - during this scene a security guard inserts a USB drive found in the car park into his system infecting his Windows XP machine with malware. Leaving infected USB flash drives in the car park of the target organization is a well known trick to get code onto a system where network access is limited. In this instance the malware is caught by AVAST anti-virus.

Bluetooth Scanner (btscanner)

btscanner is used here to probe the targets phones for bluetooth capabilities. The tool attempts to extract as much information as possible from a Bluetooth device without having to pair. The btscanner program is included in the Kali Linux distribution and we can see from the title bar of the window that it is the operating system being used here.

Bluesniff

In this screenshot bluesniff can be seen, this is another tool for attacking bluetooth enabled devices. In this screen shot the actual plan here is to perform a man in the middle attack against the targets bluetooth keyboard. With keyboard access the next move is to drop a Meterpreter shell onto the system for access to the target network.

Metasploit Framework (Meterpreter)

In this shot we can see a few lines from a Meterpreter shell. Anyone who has used this tool knows a little bit of Meterpreter goes a long way so there was no need for an extensive shot of this powerful tool. Part of the Metasploit penetration testing framework by Rapid7, a Meterpreter shell gives an attacker full control of the target system as well as the ability to move around the network.

Social Engineer Toolkit (SET)

The Social Engineer Toolkit Social Engineer Toolkit or SET is a framework that makes setting up social engineering attacks easier. Email based spear phishing attacks, fake websites and wireless access points can all be launched through its menu system. In this case they are using the SMS spoofing module.

Netscape Navigator the hackers browser of choice

Windows 95 and Netscape Navigator are mentioned when the lead character is thinking about his first steps as a hacker. In the screen shot you can see the source being viewed... careful if you see someone viewing the source they are no doubt a dangerous hacker. The humble web browser is actually a very useful tool for an attacker whether they are launching web application attacks or researching LinkedIn for social engineering attacks.

There you go a bit of fun for the end of the week. If you are after more information on any of the tools explore the included links or try searching. The great thing about all these open source tools is there are lots of tutorials and documentation available.

It is refreshing to see a television show making an effort to not only highlight capabilities of current hacking techniques but trying to stay reasonably close to reality, unlike the nonsense seen in CSI:Cyber. 🙂

Did you know?
Poor security on home routers or configuration errors can leave your home network open to attack. Use our Free Online Port Scanner to test your home router for open management ports or Play at the Next Level with a BASIC Membership.

, , ,

54 Responses to Exploring the Hacker Tools of Mr Robot

  1. BlackCadillac August 21, 2015 at 5:01 pm #

    It’s also important to keep in mind they HAVE to skew some of the hacking. If they showed you all the steps (or the correct sequence, and/or tools) they could be held liable for any hacking done as a result of what was learned on the show.

    • albertr38 August 21, 2015 at 9:59 pm #

      Stop this bullshit

    • Steven Polley August 22, 2015 at 3:11 am #

      What are you talking about? No they couldn’t. If a TV show depicts someone getting murdered, and then someone goes out and murders someone, the TV show producers are not liable. People are in control of their own actions.

      • bt August 22, 2015 at 7:00 pm #

        Yes and no. Breaking Bad couldn’t show how to cook meth.

        • OlCam August 22, 2015 at 7:22 pm #

          They can do what they want that’s probably a.due to the channel and the time the program is shown and b. The network telling them not to, due to the networks ethics.

          Legally you can make whatever the HE double L you want to, as long as you have the right certificate for example if it’s a pg13 or a X rating etc.

          • sentient_cheese August 25, 2015 at 10:30 pm #

            You cannot give detailed instructions on television on how to do something illegal. You absolutely cannot show someone how to make an illegal drug.

          • OlCam August 26, 2015 at 6:22 pm #

            Cable and Satellite are exempt from this crap, I can make and show whatever I want, as long as people are willing to pay for it, and as long as it’s properly certificated, and you have to put in a pin or whatever to rent it.

        • DonDrapersAcidTrip October 20, 2015 at 2:29 am #

          Except they did? There was a never one single scene that showed step by step the entire process but it’s all there if you look at all the cooking scenes. The only off thing I noticed was they acted like methylamine was some highly controlled hard to get substance and phenylacetic acid was easy to synthesize and I think it’s actually the opposite.

          How do people feel so comfortable stating things they “think that’s how it works” like it were actual fact lol

      • Ryan December 24, 2015 at 1:01 am #

        I’ll just leave this here

        https://en.wikipedia.org/wiki/Steve_Jackson_Games,_Inc._v._United_States_Secret_Service

    • Greg August 22, 2015 at 10:41 pm #

      Maybe think before posting next time. Your comment had a complete dearth of correctness or intelligence.

      Furthermore, I highly doubt you’ve ever played the game. You can’t just “show” someone how to be a hacker. It doesn’t work like that. You have to UNDERSTAND what you’re doing.

      • Ryan December 24, 2015 at 1:04 am #

        Did you really pick Dade M’fin Murphy for an avatar in a conversation where you’re schooling someone about being a hacker? I hope that was a sly attempt at irony. Hahaha!

        • John Carpenter July 28, 2016 at 9:53 am #

          lol

  2. swattz101 August 21, 2015 at 6:13 pm #

    LoL for “…careful if you see someone viewing the source they are no doubt a dangerous hacker.” 🙂

  3. jorge massoud August 21, 2015 at 6:27 pm #

    While success was achieved here getting the /etc/passwd file, without the /etc/shadow

    • TeotWaWKI August 22, 2015 at 3:18 am #

      Ah, memories of unshad.c (used only on machines I owned of course)

      • Ryan December 24, 2015 at 1:14 am #

        Of course!

        For… science!

        Hahahaha!

        Like the MCP avatar BTW… that’s bringin’ it back REALLY old school!

  4. Noodleman August 22, 2015 at 1:23 am #

    For those keen on kali 2.0 has just been released.

    • TeotWaWKI August 22, 2015 at 3:16 am #

      Sadly, 2.0 breaks on my notebook. I’m still dualbooting the older version so I reckon it’s a matter of figuring out what X11 is trying to do with my video (that’s the only thing I’m sure is broken – kind of a pain but fixable)

      • Ivan June 1, 2016 at 3:16 pm #

        You will have to make a research about the grub commands like, modprobe.blacklist ones, you might have to disable a couple of video card modules to get the latest kali for your notebook

        • TeotWaWKI June 10, 2016 at 3:50 pm #

          Indeed. Downloaded the newest rolling release and will see how it does.

    • Greg August 22, 2015 at 10:15 pm #

      I did not know this. Thanks for sharing, Noodleman. Going to check it out and update mine now!

  5. PacoBell August 22, 2015 at 7:38 am #

    So…did anyone else try to whois evilcorp-intl.com or 213.29.3.172? The domain was created by NBC Universal on 2015-04-09 and the IP address is some seemingly random one in the Czech Republic.

  6. Mathew Vyse August 22, 2015 at 7:47 pm #

    I’m surprised that it wasn’t noticed that he was looking at the source code for http://www.2600.com
    Great mail, site and times.

    • Ryan December 24, 2015 at 1:13 am #

      I miss that old site… that and astalavista… ohhhh and phrack… and Cult of the Dead Cow… and The Armory…

      Ahhhh, the days of my misspent youth. *sigh*

  7. waz August 22, 2015 at 10:12 pm #

    That’s actually Windows 98, not 95 (or at least it looks like).

  8. Samuel Bétrisey August 22, 2015 at 10:30 pm #

    He used a class E IP address

  9. Eric August 22, 2015 at 11:56 pm #

    All I see is green code here

  10. Matthew Knight August 23, 2015 at 2:11 am #

    I’ve wanted to try some bluetooth hacking for awhile but with the bluetooth 4.0 is it now? they changed a lot of the past security issues heck everyone basically now days just gets a free phone upgrade when a new phone is released i’m gonna try ordering a SENA UD100 and see how well it works by the way from my experiences with Net Hunter 2.0 for the Nexus devices with the issues im having i’d stay away from Kali Linux 2.0 looks a lot better in Kali Linux 2.0 but I know net hunter is different but i’d wait a few more weeks and see if bugs get addressed.

    • Nicolas Lienart August 24, 2015 at 4:44 am #

      WifiKill Meatsploit and Zanti (y) You’re a real user of Android dude. Wich is the other one please?

    • Chris September 1, 2015 at 8:37 am #

      You have GOT to learn to use punctuation… holy cow

    • Ryan December 24, 2015 at 1:11 am #

      Did it get any better? I haven’t picked up a Nexus yet… don’t want to spend the money unless I’m sure it’ll be useful for pentests at client sites. That’s more than I want to drop for something that may end up being a useful paperweight.

      I really need to do something though… the old 4S I have is a pain. Even jailbroken, it’s not much more useful for this sort of stuff… or maybe it is and I just really want to justify a new toy.

      Is it worth it?

      • FreeCST December 24, 2015 at 10:14 am #

        Nethunter 2.0 is really unstable at least for me it is I hardly use nethunter anymore im hoping a update will be released that will fix some of the issues it has. I think it has to do with Debian 8 cause the same problems I had with nethunter im having with Debian 8

  11. psychsecurity August 23, 2015 at 3:38 pm #

    The bluetooth sniffer is actually csrsniff which seems to be compiled from source (http://wireless-comm.blogspot.com.au/2008/07/creating-cheap-bluetooth-sniffer.html)

  12. Elliot Alderson August 26, 2015 at 1:49 am #

    A great programming course for beginners (kids included): http://facebook.com/coding.course

  13. Ajam Yuahalam September 8, 2015 at 9:32 pm #

    HI NEED TO CRACK A BLOGSPOT.COM SITE .
    IF YOU KNOW HOW LET YOU TELL ME.

  14. Life September 8, 2015 at 10:30 pm #

    “careful if you see someone viewing the source they are no doubt a dangerous hacker”

    What a load of shit… There are numerous legitimate reasons to view and edit source.

    • Dekz October 2, 2015 at 7:13 pm #

      That was a joke. Holy shit you’re retarded.

  15. 0ctac0der September 9, 2015 at 4:24 am #

    and then interestingly, none of the characters in the show… including the head of Allsafe … uses a screen-lock on their phone …. Mr. Robot probably don’t need these tool sets ….

  16. milan dubuc September 26, 2015 at 2:53 pm #

    does someone know in wich episodes were this techniques used. I need to know the techniques used in ep 4, 5 and 6

  17. adam February 3, 2016 at 1:19 am #

    i wonder where did they get the version 98 of windows LOL 😀

  18. Bymynishus February 21, 2016 at 3:17 am #

    A nice change over the ridiculousness that is Scorpion. Which is a show based on a real person… who is full of shit.

  19. Devin April 17, 2016 at 9:01 am #

    What about the screen of his webcam? When he purchase the image of Vera’s gun?

  20. Walter April 22, 2016 at 6:32 pm #

    Fuck hahaha

  21. LoreeKitson2 May 27, 2016 at 2:24 pm #

    Excellent post . Coincidentally , if your company has been searching for a NUBC UB04 CMS-1450 , my friend filled a sample form here http://goo.gl/0N22l6/pre>

  22. OlCam May 29, 2016 at 7:21 pm #

    I thought Disqus censored comments with swearing, until a moderator approved them.

  23. ale May 30, 2016 at 12:45 pm #

    When i look the images posted here, automatically change to the next. Please, fix it.

    • John Carpenter July 28, 2016 at 9:54 am #

      there is a play/pause button at the top right corner of the image. You can just stop the auto-change feature there

  24. Micheal Ethan July 30, 2016 at 4:43 am #

    The bar wasn’t exactly high for dystopian hacker suspense thrillers when USA Network’s Mr. Robot launched,but the show has gone on to surprise everyone. WIRED Security writer Kim Zetter called it “the best hacking show yet.” What makes the show, which airs its season finale next week1, work is how true it is to its subject matter, from the alienation at the heart of an
    always-connected life to the technologies the characters use to pull offthe story lines. http://academy.ehacking.net/

  25. Nir August 28, 2016 at 10:53 pm #

    The first Mr.robot if of course Kali Linux!
    But did you know that how made Kali Linux are- “Offensive-Security” AKA Offsec?
    https://www.offensive-security.com/
    and that you can have your “information security training and certifications” and have “panatration testing” environment that will make you TOP DOG on that market – as an OSCP
    https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/
    because it is known that with OFFSEC you learn how to hake first – to be a much better information security professional!
    and getting it from the source! the creators of Kali Linux must know a thing or two…

  26. Diego De Santiago Ruiz September 1, 2016 at 6:48 pm #

    The tools are for real, but how to use differently, i think that’s the point.