There is no way that you keyboard danced for 12 seconds and completed a nmap scan, identified an unpatched target with a remote code execution bug, delivered the payload, pivoted to an account with the permissions you needed, and found the server running the internal application you are looking for.
exactly. running an nmap scan alone involves minutes on end of just sitting there, waiting for nmap to do its thing, and hoping that the network administrator doesn’t notice your computer running the most obvious port scan of all time, barge into your borrowed cubicle, and say “what the hell are you doing”
There’s a scene in NCIS where somebody is losing a “hacker fight” so to turn it around a second person joins in and starts typing on the same keyboard.
To be fair, that’s your personal thing, because you have knowledge about this topic. In movies and TV a crap ton of stuff is abbreviated to not bore the audience to death. Some shows portrait a certain domain more or less realistically but still take dramatic license with other things. After all, we watch this stuff to escape from reality.
“Oh I figured out the default passwords and naming conventions for new employees awhile ago.”
Funnily enough I got my college to change password policies because for a report for one of my classes I wrote about how stupid it was that all new users passwords were First intial + last initial + last four of social security number, with usernames being firstname + lastname + year. Since they had no max number of attempts on logins, and didn’t prompt you to change password on logging in, it took a few minutes to get into anyone’s account once you knew their name. (That school was very incompetent, and they are closed now)
OR
“Give me 20 minutes, I’m on hold with IT. They’ll reset the password and tell me it if I give them an employee ID, dob, and name. Which I see clearly on this guys facebook picture where he has his badge visibile.”
Or a hacking guy trying to brute force for days. Then the “no nonsense” guy goes out for 20 minutes, and comes back with it and refused to answer questions. Oh wait… that’s just XKCD.
Hacking.
There is no way that you keyboard danced for 12 seconds and completed a nmap scan, identified an unpatched target with a remote code execution bug, delivered the payload, pivoted to an account with the permissions you needed, and found the server running the internal application you are looking for.
telnet 127.0.0.1
I’m in!
Ah legacy systems.
All the young kids use ::1
You say that but it’s pathetic how little has been upgraded to add support for IPV6.
Hack the planet!
Only Mr Robot
Hey now, War Games had pretty dang realistic hacking!
exactly. running an nmap scan alone involves minutes on end of just sitting there, waiting for nmap to do its thing, and hoping that the network administrator doesn’t notice your computer running the most obvious port scan of all time, barge into your borrowed cubicle, and say “what the hell are you doing”
It’s really simple, you just search the evil corporation’s hard drive for a file named
EVIDENCE.txtThere’s a scene in NCIS where somebody is losing a “hacker fight” so to turn it around a second person joins in and starts typing on the same keyboard.
I’m not exaggerating.
Like there’s suspension of disbelief, and then there’s whatever psychological issue watchers of NCIS suffer from.
Hehe that scene was the one that made me think of this post.
NCIS should just dive into self parody at this point.
To be fair, that’s your personal thing, because you have knowledge about this topic. In movies and TV a crap ton of stuff is abbreviated to not bore the audience to death. Some shows portrait a certain domain more or less realistically but still take dramatic license with other things. After all, we watch this stuff to escape from reality.
Realistic hacking scenes would be funny.
“Okay I’m in”
“Wait… how?”
“Oh I figured out the default passwords and naming conventions for new employees awhile ago.”
Funnily enough I got my college to change password policies because for a report for one of my classes I wrote about how stupid it was that all new users passwords were First intial + last initial + last four of social security number, with usernames being firstname + lastname + year. Since they had no max number of attempts on logins, and didn’t prompt you to change password on logging in, it took a few minutes to get into anyone’s account once you knew their name. (That school was very incompetent, and they are closed now)
OR
“Give me 20 minutes, I’m on hold with IT. They’ll reset the password and tell me it if I give them an employee ID, dob, and name. Which I see clearly on this guys facebook picture where he has his badge visibile.”
Or a hacking guy trying to brute force for days. Then the “no nonsense” guy goes out for 20 minutes, and comes back with it and refused to answer questions. Oh wait… that’s just XKCD.