Some interesting moments from the Snowden film

From the collection of WTF moments, not to undermine the new film by Oliver Stone – Snowden. In the early part of the movie there is an interesting unix terminal session scene which is worth a closer look.

snownden-08The scene where the CIA instructor Corbyn O’Brian assigns the task to his students:

“We are gonna start with an aptitude test, each of you is gonna build a COVER(?) communications network in your home city. You are gonna deploy it, backup your site, destroy it and restore it again.  The point of this exercise is to keep our infrastructure up and running securely. The average test time is five hours. If you take more than eight, you will fail”

snownden-02

root@localhost:~ # nmap -p1433 --script=ptest.nse

– scanning mysql port 1433 where ? no host given or ip range..
– ptest.nse must be some uber pentest nmap script :)

root@localhost:~ # tar cvfg sqlfiles.tar.tb2 /dbdump

– Created a bzipped tarball with .tb2 extension of /dbdump directory :)

root@localhost:~ # sudo nmap -sP 10.14.0.0/24

– Why  doing an nmap ping scan via sudo if we are root anyway ?
– no stdout ?

  root@localhost:~ # tar --extract --file=sqlfiles.tar.bz2 /dbdump

– Now what the fsck is this command supposed to do ?

 root@localhost:~ # bash sntoolscr.sh

– I wonder what this script does :) Only a blurred set of strings is visible. Strange way of starting a script but hey. this is NSA..

snownden-07

In the background we can see the following browser agents:

 Gecko/20100101 Firefox/33.0 gray
 MSIE 7.0; Windows NT ...

– From when is  Firefox 33 ?   – Answer: October 2014
– The timestamps in the terminal however shows 2005 (screen further below)

 

Entering the CIA instructor and checking the test results …

snownden-03

 root@localhost:~# cd backup  
 root@localhost:~# ls -aril

– What is the CIA instructor looking for ?
– explanation -a(all) -r(recursive) -i (print inodes per file) -l (long list format)
– we get a strange looking result

 2271953 -rw-r--r-- 1  psx   root 1056  2005/06/21 10:
 ./dump496 2005/06/21 10:14:25:
 212602 212602 .
 212603 202603 ..
 212604  drwxr-xr-x 9 local  root 2912  2005/06/21 10:
 212605  drwxr-xr-x 3 local  root 3264  2005/06/21 10:

– Shouldn’t  directories under unix have 4096 size ? I don’t get it :)
– Maybe its some uber Unix clone the guys in CIA use …

snownden-04

Now some time passes and we finally get to the scene where the NSA files are stolen :)

snownden-05– Using Windows 7 EXPORER.EXE to copy files to a SD card inserted into a reader slot in a keyboard ??
– I thought there was more to it …. but I guess the simplest things always work the best.

snownden-06 – I see windows … more windows …. yuk..  People already discuss this on IMDB under Goofs

http://www.imdb.com/title/tt3774114/trivia?tab=gf&ref_=tt_trv_gf

Its not a bad movie and I just wanted to comment on some technical aspects shown.

Advertisements
Gallery | This entry was posted in Uncategorized. Bookmark the permalink.

4 Responses to Some interesting moments from the Snowden film

  1. Aniko says:

    Thank you for this post :) I just watched the movie and googled “snowden sudo when root” and found this haha

  2. brite says:

    I found my way here by googling this bogus command “sntoolscr.sh” only one person had enough interest to discuss these commands ^^ I gave up hacking ages ago and now I’m as technically dumb as your neighborhood’s strolling cat, but seeing a black screen leaves me nostalgic.
    Enjoyable post, you’ll excel your field with such curiosity.

  3. koosha says:

    I believe the `-r` switch on `ls` is for “reverse”, and `-R` for “recursive”. Usually useful when sorting by size or date, but on it’s own…?

    `-i` in this context seems useless to me. Maybe a hardcoded-in-my-fingers-habit by the instructor, just the way I always add `-l`.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s