• Subscribe to the low volume list for updates.

Exploring the Hacker Tools of Mr Robot

Over the years, the most famous hacking tool that has made it into the movies is Nmap. When producers of a movie actually try to put a dose of reality into the computer hacking, scenes Nmap will often flash up on the screen. AFAIK Trinity was the first in the Matrix. Nmap has also appeared in Elysium, The Bourne Ultimatum, Die Hard 4, and many others

The debut season of Mr Robot has received a nod from the security focused twitters for its attempts at trying to keep things for the most part realistic. In the episodes so far, we have seen hacker types communicating using IRC, there are Linux boxes as far as the eye can see, and the main character wears a hoodie. Of course, it is a television show that has to be entertaining, so we have to give them some slack in getting a bit creative. So far, they seem to be doing a pretty good job of maintaining a balance between the story and what is technically possible.

Here is a quick overview of some of the tools that have appeared in the show so far.

Kali Linux

In multiple scenes, we can see references to the Kali Linux distribution, a complete operating system that has been packaged with configured and ready to use penetration testing (hacking) tools. If you are interested in learning about network security, get a copy of this and start playing! ** Only in your lab network of course! Breaking into computers you do not own is illegal in most parts of the world **.

Wget, Shellshock and John the Ripper

Wget is a terminal program to make HTTP requests. A popular use case is to simply download the source of a web page or grab a file from a web server in a terminal.

The screenshot shows this handy tool being utilized to compromise a system using one of the big vulnerabilities of 2014, the shellshock bug. You can see the commands being sent in the User Agent of the request to the web server, the command is simply cat /etc/passwd.

Success getting the /etc/passwd file, but without the /etc/shadow file that contains the password hashes, the next line where John the Ripper is launched is never going to work.

Canbus Hacking

Car hacking has hit the big time recently after computer security researchers remotely hacked into and took control of a Jeep as it was driving down the freeway. Canbus hacking has been around for some years, and both car enthusiasts and security researchers have been poking around to gain access to the computers that control the modern car.

In the screenshot from Mr Robot, we can see candump, one of the Linux utilities used for viewing the canbus messages.

USB in the car park

We see in this scene one of the few Windows desktops shown. During this scene, a security guard inserts a USB drive found in the car park into his system infecting his Windows XP machine with malware.

Leaving infected USB flash drives in the car park of the target organization is a well known trick to get code onto a system where network access is limited. In this instance, the malware is caught by AVAST anti-virus.

Bluetooth Scanner - btscanner

btscanner is used here to probe the targets phones for Bluetooth capabilities. The tool attempts to extract as much information as possible from a Bluetooth device without having to pair.

The btscanner program is included in the Kali Linux distribution and we can see from the title bar of the window that it is the operating system being used here.


In this screenshot bluesniff can be seen, this is another tool for attacking bluetooth enabled devices.

In this screenshot, the actual plan here is to perform a man in the middle attack against the target's Bluetooth keyboard. With keyboard access, the next move is to drop a Meterpreter shell onto the system for access to the target network.

Metasploit Framework - Meterpreter

In this shot, we see a few lines from a Meterpreter shell. Anyone who has used this tool knows a little bit of Meterpreter goes a long way, so there was no need for an extensive shot of this powerful tool. Part of the Metasploit penetration testing framework by Rapid7, a Meterpreter shell gives an attacker full control of the target system as well as the ability to move around the network.

Social Engineer Toolkit - SET

The Social Engineer Toolkit Social Engineer Toolkit or SET is a framework that makes setting up social engineering attacks easier.

Email based spear phishing attacks, fake websites, and wireless access points can all be launched through its menu system. In this case, they are using the SMS spoofing module.

Netscape Navigator the hackers browser of choice

Windows 95 and Netscape Navigator are mentioned when the lead character is thinking about his first steps as a hacker.

In the screenshot, you can see the source being viewed... careful if you see someone viewing the source they are no doubt a dangerous hacker.

The humble web browser is actually a very useful tool for an attacker, whether they are launching web application attacks or researching LinkedIn for social engineering attacks.

Wrapping up

There you go, a bit of fun for the end of the week. If you are after more information on any of the tools explore the included links or try searching. The great thing about all these open source tools is there are lots of tutorials and documentation available.

It is refreshing to see a television show making an effort to not only highlight capabilities of current hacking techniques but trying to stay reasonably close to reality.

Know Your Attack Surface
Don't miss the low hanging fruit


  • BlackCadillac
    It's also important to keep in mind they HAVE to skew some of the hacking. If they showed you all the steps (or the correct sequence, and/or tools) they could be held liable for any hacking done as a result of what was learned on the show.
    • albertr38
      Stop this bullshit
    • Steven Polley
      What are you talking about? No they couldn't. If a TV show depicts someone getting murdered, and then someone goes out and murders someone, the TV show producers are not liable. People are in control of their own actions.
      • bt
        Yes and no. Breaking Bad couldn't show how to cook meth.
        • OlCam
          They can do what they want that's probably a.due to the channel and the time the program is shown and b. The network telling them not to, due to the networks ethics. Legally you can make whatever the HE double L you want to, as long as you have the right certificate for example if it's a pg13 or a X rating etc.
          • sentient_cheese
            You cannot give detailed instructions on television on how to do something illegal. You absolutely cannot show someone how to make an illegal drug.
          • OlCam
            Cable and Satellite are exempt from this crap, I can make and show whatever I want, as long as people are willing to pay for it, and as long as it's properly certificated, and you have to put in a pin or whatever to rent it.
        • DonDrapersAcidTrip
          Except they did? There was a never one single scene that showed step by step the entire process but it's all there if you look at all the cooking scenes. The only off thing I noticed was they acted like methylamine was some highly controlled hard to get substance and phenylacetic acid was easy to synthesize and I think it's actually the opposite. How do people feel so comfortable stating things they "think that's how it works" like it were actual fact lol
      • Ryan
        I'll just leave this here https://en.wikipedia.org/wiki/Steve_Jackson_Games,_Inc._v._United_States_Secret_Service
    • Greg
      Maybe think before posting next time. Your comment had a complete dearth of correctness or intelligence. Furthermore, I highly doubt you've ever played the game. You can't just "show" someone how to be a hacker. It doesn't work like that. You have to UNDERSTAND what you're doing.
      • Ryan
        Did you really pick Dade M'fin Murphy for an avatar in a conversation where you're schooling someone about being a hacker? I hope that was a sly attempt at irony. Hahaha!
        • John Carpenter
  • swattz101
    LoL for "...careful if you see someone viewing the source they are no doubt a dangerous hacker." :-)
    • Greg
      Here's this page's source. Now everyone reading this can be a "h @ ( k 3 r" (I ran it through a source cleanup tool just so it's prettier to look at) https://gist.githubusercontent.com/anonymous/d55400f29c56870a50de/raw/0cf6d465342c5ac2f783119782dae41afbf9ebb9/HTML%2520Example
  • jorge massoud
    While success was achieved here getting the /etc/passwd file, without the /etc/shadow
    • Ah, memories of unshad.c (used only on machines I owned of course)
      • Ryan
        Of course! For... science! Hahahaha! Like the MCP avatar BTW... that's bringin' it back REALLY old school!
  • Noodleman
    For those keen on kali 2.0 has just been released.
    • Sadly, 2.0 breaks on my notebook. I'm still dualbooting the older version so I reckon it's a matter of figuring out what X11 is trying to do with my video (that's the only thing I'm sure is broken - kind of a pain but fixable)
      • Ivan
        You will have to make a research about the grub commands like, modprobe.blacklist ones, you might have to disable a couple of video card modules to get the latest kali for your notebook
        • Indeed. Downloaded the newest rolling release and will see how it does.
    • Greg
      I did not know this. Thanks for sharing, Noodleman. Going to check it out and update mine now!
  • PacoBell
    So...did anyone else try to whois evilcorp-intl.com or The domain was created by NBC Universal on 2015-04-09 and the IP address is some seemingly random one in the Czech Republic.
    • Illistrix
      • Awesome website and its really incredible
  • Mathew Vyse
    I'm surprised that it wasn't noticed that he was looking at the source code for www.2600.com Great mail, site and times.
    • Ryan
      I miss that old site... that and astalavista... ohhhh and phrack... and Cult of the Dead Cow... and The Armory... Ahhhh, the days of my misspent youth. *sigh*
  • waz
    That's actually Windows 98, not 95 (or at least it looks like).
  • Samuel Bétrisey
    He used a class E IP address
  • Eric
    All I see is green code here
  • I've wanted to try some bluetooth hacking for awhile but with the bluetooth 4.0 is it now? they changed a lot of the past security issues heck everyone basically now days just gets a free phone upgrade when a new phone is released i'm gonna try ordering a SENA UD100 and see how well it works by the way from my experiences with Net Hunter 2.0 for the Nexus devices with the issues im having i'd stay away from Kali Linux 2.0 looks a lot better in Kali Linux 2.0 but I know net hunter is different but i'd wait a few more weeks and see if bugs get addressed.
    • Nicolas Lienart
      WifiKill Meatsploit and Zanti (y) You're a real user of Android dude. Wich is the other one please?
    • Chris
      You have GOT to learn to use punctuation... holy cow
      • But im not trying to win a spelling contest :D https://uploads.disquscdn.com/images/66b03830886d44ec45bdaf4fba3402f1fcda7637d5abb360c66b93c20dde99eb.png
    • Ryan
      Did it get any better? I haven't picked up a Nexus yet... don't want to spend the money unless I'm sure it'll be useful for pentests at client sites. That's more than I want to drop for something that may end up being a useful paperweight. I really need to do something though... the old 4S I have is a pain. Even jailbroken, it's not much more useful for this sort of stuff... or maybe it is and I just really want to justify a new toy. Is it worth it?
      • Nethunter 2.0 is really unstable at least for me it is I hardly use nethunter anymore im hoping a update will be released that will fix some of the issues it has. I think it has to do with Debian 8 cause the same problems I had with nethunter im having with Debian 8
  • psychsecurity
    The bluetooth sniffer is actually csrsniff which seems to be compiled from source (http://wireless-comm.blogspot.com.au/2008/07/creating-cheap-bluetooth-sniffer.html)
  • A great programming course for beginners (kids included): http://facebook.com/coding.course
  • Ajam Yuahalam
  • Life
    "careful if you see someone viewing the source they are no doubt a dangerous hacker" What a load of shit... There are numerous legitimate reasons to view and edit source.
    • Dekz
      That was a joke. Holy shit you're retarded.
  • 0ctac0der
    and then interestingly, none of the characters in the show... including the head of Allsafe ... uses a screen-lock on their phone .... Mr. Robot probably don't need these tool sets ....
  • milan dubuc
    does someone know in wich episodes were this techniques used. I need to know the techniques used in ep 4, 5 and 6
  • adam
    i wonder where did they get the version 98 of windows LOL :D
  • Bymynishus
    A nice change over the ridiculousness that is Scorpion. Which is a show based on a real person... who is full of shit.
  • Devin
    What about the screen of his webcam? When he purchase the image of Vera's gun?
  • Fuck hahaha
  • LoreeKitson2
    Excellent post . Coincidentally , if your company has been searching for a NUBC UB04 CMS-1450 , my friend filled a sample form here http://goo.gl/0N22l6/pre>
  • OlCam
    I thought Disqus censored comments with swearing, until a moderator approved them.
  • ale
    When i look the images posted here, automatically change to the next. Please, fix it.
    • John Carpenter
      there is a play/pause button at the top right corner of the image. You can just stop the auto-change feature there
  • Micheal Ethan
    The bar wasn’t exactly high for dystopian hacker suspense thrillers when USA Network’s Mr. Robot launched,but the show has gone on to surprise everyone. WIRED Security writer Kim Zetter called it “the best hacking show yet.” What makes the show, which airs its season finale next week1, work is how true it is to its subject matter, from the alienation at the heart of an always-connected life to the technologies the characters use to pull offthe story lines. http://academy.ehacking.net/