Ghost in the Wires_ My Adventures as the World's Most Wanted Hacker - Kevin Mitnick [124]
One day while working in the computer room with Darren and Liz, I noticed that Darren had turned his computer at an angle that would make it difficult for anyone else to see what he was doing, which naturally made me suspicious. I fired up a program called “Watch”; aptly named, it let me watch everything on his screen.
I couldn’t believe my eyes. He was in the law firm’s Human Resources directory and had pulled up the payroll file, displaying the pay and bonuses of all the lawyers, assistants, support staff, receptionists, and IT workers, as well as every other employee of the firm, from the highest-earning partner to the lowest-paid clerk.
He scrolled down to a listing that read:
WEISS, ERIC Comp Oper MIS $28,000.00 04/29/93
The nerve of this guy, looking up my salary! But I could hardly complain: I knew he was spying on me only because I was spying on him!
TWENTY-EIGHT
Trophy Hunter
Phtm zvvvkci sw mhx Fmtvr VOX Ycmrt Emki
vqimgv vowx hzh L cgf Ecbst ysi?
I’d fallen into a comfortable routine as a new citizen of Denver. During the day, I’d go into work at the law firm on a regular shift from about 9:00 to 6:00. Afterward, I’d go to the gym for a few hours, grab dinner at a local restaurant, then head home or back to the law firm and spend until bedtime doing you know what.
Hacking was my entertainment. You could almost say it was a way of escaping to an alternate reality—like playing a video game. But to play my game of choice, you had to stay alert at all times. One lapse in attention or sloppy mistake, and the Feds could show up at your door. Not the simulated G-men, not the black wizards of Dungeons and Dragons, but the real, honest-to-God, lock-you-up-and-throw-away-the-key Feds.
At the time, I was busy finding systems to explore and ways to match wits with the security experts, network and system administrators, and clever programmers I encountered in my alternate reality. I was doing it purely for the thrill.
Since I couldn’t really share my exploits with anyone, I set my sights on obtaining the source code for things that interested me, such as operating systems and cellular phones. If I could get the code, it would be my trophy. I was becoming so good at it that sometimes it seemed too easy.
Now that I had put everything on the line by cutting ties with my former life, I had nothing to lose. I was primed and ready. How could I raise the stakes? What could I do that would make every hack that came before it seem like child’s play?
The world’s leading tech companies supposedly had the best security in the world. If I really wanted trophies that meant something, I was going to have to try to hack into them and get their code.
I had already had good success with Sun. Now I targeted Novell, which, I discovered, used a server running the SunOS operating system as its firewall gateway. I exploited a bug in a program called “sendmail,” which was used, among other things, to receive email from the outside world. My goal was to get the source code for one of the leading network operating systems in the world, Novell’s NetWare.
I was able to create any file with any content I wanted by exploiting an unpatched security flaw in the sendmail program. I would connect over the network to the sendmail program and type in a few commands like these:
mail from: bin
rcpt to: /bin/.rhosts
[text omitted]
.
mail from: bin
rcpt to: /bin/.rhosts
data
+ +
.
quit
These commands caused the sendmail program to create a “.rhosts” file (pronounced “dot-R-hosts”), which makes it possible to log in without a password.
(For the technical reader, I was able to create a .rhosts file in the bin account configured to allow me to log in without having to provide a password. A .rhosts file is a configuration file used with certain