3D Hacking Environment Links Kinect, Blender, and Metasploit

baxpace writes with a link describing a way to test your own security systems for vulnerabilities using Kinect-interpreted natural gestures in tandem with the Metasploit Framework and the Blender game engine, writing: "The idea is to hack into your own systems while in a 3D, first person shooter style environment that interfaces with the Kinect sensor. The game engine was built using Blender and looks to be one of the most pleasing ways of uncovering your own systems' architectural/networking vulnerabilities."

The Gibson

[Anonymous Coward]

We can finally hack it!

Re:

[squidflakes]

Is that a twenty eight point eight kay bee pee ess modem?

Re:

[justforgetme]

No, it's an active matrix LCD screen! A million psychedelic colours!

Re:

[Anonymous Coward]

This is UNIX! I know this!

Re:

[Stupendoussteve]

Except fsn [siliconbunny.com] was real file manager for IRIX. You can get fsv [sourceforge.net] to recreate your own favorite Jurassic Park scene from the comfort and safety of your own home.

Swordfish

[Ramin_HAL9001]

I hate Hollywood style hacking with all that fancy 3D graphics that flash around on the computer screen while the "programmer" sits in front of it typing randomly on the keyboard saying, things like "512 bit encryption", "almost, almost", "come on!", "don't do this to me", "got it!".

So now we have an actual hacking application with actual 3D graphics that actually mean something. Too bad it doesn't look as cool as in the movies.

Re:

[Ramin_HAL9001]

Actually, now that I think about it, it looks more like Johny Quest.

Typing speed is everything!

[StoneyMahoney]

Prior art: Wargames, hacker types on keyboard while saying what he's typing for the benefit of the audience who aren't looking at the screen.

"What... {bashbashbashbashbashbashbashbashbash} ...is... {bashbashbashbashbashbashbashbashbashbashbashbash} ...the primary... {bashbashbashbashbashbashbashbashbashbashbashbashbashbashbashbashbashbash} ...goal?"

Hollywood couldn't even do a chatbot session right back in the 80's!

Re:

[pinkstuff]

This is what me and my friends refer to as "HOS", Hollywood Operating System

Re:

[EdZ]

As opposed to the other HOS [imageshack.us], which results in rampaging construction machines due to malicious backdoor code.

Re:

[Opportunist]

Userfriendly called it Movie-OS [userfriendly.org] a decade ago.

Re:

[Speare]

How about Global Thermonuclear War? --David

This is Unix! I know this! --Lex

All I see now are... Blonde, Brunette, Redhead. --Cypher

Re:

[LordLimecat]

This is Unix! I know this! --Lex

If I remember correctly, it actually WAS Unix.

Re:

[robthebloke]

Irix running on an SGi machine (ILM would have had hundreds of the things lying around....)

Re:

[Fatch Racall]

I distinctly remember seeing a c:\ prompt(DOS, usually), a Mac OS(trash can, quicktime, etc), Lex said it was Unix, and I remember them mentioning that they were 'supercomputers' which suggests CrayOS. In other words, the most retarded system ever created.

Re:

[_0xd0ad]

http://en.wikipedia.org/wiki/Fsn [wikipedia.org]

Re:

[Opportunist]

You just can't top this [youtube.com] in terms of utter stupidity. Yes, it's German, but the idiocy should need no translation.

But then, it's from an action show that seems to build its cars out of C4 explosives, so cut them some slack. :)

Re:

[robthebloke]

Hmmm..... Fancy 3D graphics? Unable to describe "programmers" without the use of quotes. Frequent uses of phrases such as "Come on!" "FFS" "Don't do this to me!!".

You do realise you are describing Window Aero? :p

Re:

[account_deleted]

Comment removed based on user account deletion

And you really need all this

[aglider]

in order to audit your own systems?
Cool, but rather complex for an audit!

Re:And you really need all this

[DarkOx]

Manager: What do you think you think you're doing you can't play video games at the office, at least not during business hours!

Jr. Network Admin: Sir I am conducting a Pen test of against our dev environment.

Manager: Yea I think my kid likes one too, its Japanese right?

Network Admin: Sir I am its not a game.

Manager: Look I know you guys take you aviators seriously, but try to do it on your own time ok.

Jr Network Admin: Sir I think you mean avatar and like I said this is actually not a game its a front end for metasploit.

Sr Network Admin: He cut the crap Jr that interface is not scriptable at all and how many times do I have to tell you if you think you're going to do it twice, script it once! It leaves more time for slashdot.

Manager: What is slashdot?

Sr Network Admin: Its a um.. hmm.. I guess you'd call it a computer based continuing education tool.

Manager: Really, that sounds great, I want the whole department spending a couple hours a day on this slashdot.

Re:

[Anonymous Coward]

Continuing education? I weep for the industry.

Re:

[Opportunist]

I informed my manager that /. is a communication tool with various other experts in the business and that it is very beneficial to find all the security concerns quickly, so I have to spend a lot of time there.

I think I mentioned before what's the key benefit of being in IT security is, didn't I? People know even less about ITSEC than about the rest of IT, so bullshitting them is even easier.

Re:

[orgelspieler]

I tell my boss it's where I find out about changes in patent law and important pending technology litigation.

Command line for me

[king_grumpy]

Call me old school, but I'd prefer a command line. Can't see this taking off for security professionals.

Re:

[Ramin_HAL9001]

I'm with you.
With Compiz as your window manager, and an ordinary VT100 terminal emulator, or perhaps Emacs-GTK with a black background, you can make your computer look like a Hollywood movie hacker's computer, with it actually BEING a hacker's computer that can actually hack things. It's not the 3D that matters, it is how quick and efficient you are at searching through lots of code and modifying it. If the 3D isn't helping you be more efficient at that, get rid of it.

Re:

[king_grumpy]

Yeah doesn't Hugh Jackman have something like kinectasploit on a PDP-10 somewhere :)

Re:

[eriqk]

I'm with you. With Compiz as your window manager, and an ordinary VT100 terminal emulator, or perhaps Emacs-GTK with a black background, you can make your computer look like a Hollywood movie hacker's computer, with it actually BEING a hacker's computer that can actually hack things.

Hollywood's way ahead of you. [boingboing.net]

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Opportunist]

Get offa my lawn, whippersnapper! Only a young'un could poop on that whistle, it saved me thousands of dollars worth of phone bills back in the ol' days!

Re:

[robthebloke]

Call me old fashioned, but I'd prefer to see rows and rows and rows of blinky lights. No practical reason for this. I just like blinky lights.

Re:

[_0xd0ad]

They're called blinkenlights.

Waste of time?

[Errol backfiring]

Gee, if you have so much time to waste, can you lend me some?

The hacking movies of the 90s were right!

[rebelwarlock]

Damn, now I have to buy roller skates and glow sticks. Penetration testing used to be so simple!

Re:

[SlashV]

But hey, if you're lucky, you'll get to kiss Angelina! That should be worth your trouble.

Re:

[Opportunist]

Nah, that part of the movie is so unrealistic...

Re:

[olden]

Yes! That's exactly what this reminds me of: psDooM ! http://psdoom.sourceforge.net/ [sourceforge.net]
Why merely check for vulnerabilities when you can obliterate them, along with the rest of the system you're "auditing" :-)

Re:

[Kompressor]

Kill 'em all and let root sort 'em out!

I know what OS they are using at least

[brunes69]

It's a UNIX system!!!!!

http://www.youtube.com/watch?v=dFUlAQZB9Ng [youtube.com]

Re:

[flimflammer]

At least the software she was using was real.

All these times...

[BenevolentP]

All these times you tried to explain people that what they see in the movies is bullshit when it comes to "hacking". And now, that SOME slowly get it - bam - they will inevitably see this and think that you have no idea what you're talking about when it comes to computers.

Re:

[Anonymous Coward]

I smell bullshit. No real-life colleague could make the linguistic jump from taxonomic to taxonomy unaided.

Re:

[Anonymous Coward]

Perhaps the colleague was an English major?

Re:

[justforgetme]

or a taxonomy major :-)

Re:

[T.E.D.]

Good. That'll keep them from asking me to fix theirs.

Re:

[tacokill]

Good! Maybe they'll quit bugging me for help and asking stupid questions about "apps". For them to think I know nothing about computers is not the world's worst outcome....

Pleasing? WTF?

[Qbertino]

How on earth is this 'a pleasing way of uncovering system architecture'?
3D visuals? OK, I get that. However, I'd leave out crappy wall textures and 3rd grade FPS props and stick to abstract platonic and geoedic shapes with distinct colors, connected with various forms of lines and indexed with a cool looking 3D-enviroment-friendly font. ... The pointy balls aside, I'd basically do pretty much everything exactly opposite of how they did the 3D. ... This guy [quelsolaar.com] has it pretty much nailed in terms of 3D enviroment

Re:

[Sinthet]

I'm pretty sure this hack was done "just because" and "for fun" rather than a serious attempt at a front-end for metasploit.

Re:

[spaceman375]

While you visit a friend, give his kids a bootable USB stick and let THEM play the game. When they "win", show him what they just did.

movie

[goarilla]

Reminds me a little bit of the movie nirvana, with christopher lambert of highlander fame.

Works for me

[Lieutenant_Dan]

I found a trojan of some sorts in the NT kernel; someone left the message "Created by Warren Robinett". Weird, only happens when I hit this invisible spot with Metasploit in the Kinect/Blender interface. I wonder if he's still employed by Microsoft.

Zumba?

[polle404]

"3D Hacking Environment Links Kinect, Blender, and Metasploit"....and Zumba!

So now I can "hack" like a scriptkiddie, while playing 'Dance Dance Revolution'?
come to think of it, my 7 Year old goddaughter would probably be a better "hacker" than me, if it comes to this.

The positive sideeffect is that the scriptkiddies soon will have the physique to run from the cops/feds.
"news at eleven: Hackers fitter than jocks!" (still can't catch a fuusball, though)

Scary!

[Ian-K]

Now that's scary.

Hacking is going to be waaaaaay more fun with this thing... And lots of people are now going to have a go at it just for the fun of it.

Hmmm

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Khyber]

How about creating a gesture-based 3d modeling program? Act like you're sculpting out stuff in a 3d space and instant model!

Re:

[Khyber]

That's not even remotely close to what I'm talking about.

I'm talking about starting with a blank space, you make a movement or gesture, a sphere appears. You start "grabbing" the sphere and start creating a model. There is nothing to interact with besides what you see on screen. You 'rotate' the sphere, it rotates on screen.

Doom

[sgt scrub]

wasn't there a network management interface or something like that based on doom? supposedly you went around shooting stuff to make changes or something. i wish i could remember its name.

Re:

[49152]

http://www.cs.unm.edu/~dlchao/flake/doom/chi/chi.html [unm.edu]

Re:

[sgt scrub]

That's it! You shoot processes to kill them. Awesome.

Eduard

[haggus71]

Am I the only one picturing Ed on the Bebop making little fish to munch through someone's firewall?

Re:

[ginbot462]

You mean it's not Cowboy BeBop at his computer [tvtropes.org]?

parallels in real life?

[Thu Anon Coward]

without reading any further, almost sounds like what they used in that movie 'Disclosure' with Michael Douglas; wearing the 3-D glasses and whatnot. or somewhat similar to 'Minority Report'

What, no Johnny Mnemonic references yet?

[JSC]

Seriously? I mean, 3D VR hacking attempt, reaching out with VR Gloves to manipulate/hack interface, face palm into VR Gloves, etc.

And no Pr0n jokes about 3D VR Penetration testing?

Who are you and what have you done with my SlashDot?

Re:

[WWWWolf]

Seriously? I mean, 3D VR hacking attempt, reaching out with VR Gloves to manipulate/hack interface, face palm into VR Gloves, etc.

"Sogo 7 Data Gloves, a GPL stealth module, one Burdine intelligent translator... Thompson iPhone."

Well, folks didn't foresee the future in 1995. Blender is GPL, but Metasploit is BSD. And iPhones come from Apple. (And why Johnny Mnemonic would use iPhone to begin with? All that jailbreaking! Bleh.)

Re:

[BetaDays]

I'm with you and that there is no VR5 references yet with it's 10 levels of vr. http://en.wikipedia.org/wiki/VR.5 [wikipedia.org]

Garbage File

[MoldySpore]

Joey. I need you to drop your viruses, go after the worm. You're the closest. It's root slash period workspace slash period garbage period.

Getting closer every day

[squidflakes]

Corporations having as much power as national governments, able to hire their own police forces.

Implants that are making steps to improving biological abilities.

3D visual hacking.

Shadowrun seems closer and closer every day.

Re:

[Opportunist]

Come to think of it, the guy on the subway yesterday sure looked like a troll...

Re:

[_0xd0ad]

TRON (1982) [imdb.com]

Add some EEG...

[wjousts]

...and we'll finally have Neuromancer!

Sorry, I'll stick with CLI

[Opportunist]

In all seriousness, "3D input", i.e. flailing limbs and gyrating in front of your computer, is a cool toy, a nice pastime and maybe even some kind of workout for kids who wouldn't think about actually going outside and move a limb, but for hacking, they just fail. Why? Because we are still far from the ability to never misunderstand a gesture. Hell, we, as humans, trained and raised as creatures to understand each other, sometimes misjudge and misunderstand each other. The very last thing I need when dealin

Done with the Doom engine 12+ years ago

[imgunby]

I remember seeing this and thinking "YES!!!!!" http://www.cs.unm.edu/~dlchao/flake/doom/ [unm.edu]

Speaking as a security consultant...

[stixn]

I'll use that lame 3D UI for pen testing right after they pry Backtrack 5 out of my cold, dead hands. Try and make sqlmap a better tool by giving it a flashy ui. Go ahead, make my day.

But hey, the script kiddies will love it.

So Hackers (the movie) wasn't far off after all

[xyourfacekillerx]

We all used to laugh about the ridiculous OS interface to the file system (flying through a 3D world of towers and things), the one they used to conduct their hacks.

And now it looks like it was not far-fetched after all. Why is our future being so... regressive ... ?