SSH shenanigans

Password security is a big deal. No more so than when you’ve got smart kids who have learned about SSH, with a Raspberry Pi in their bedroom. The kids from Gurgleapps would like to show you what they’ve learned recently about the shell.

We are impressed, and are reminded that we all need to change our passwords.
The Gurgleapps folks have made a short tutorial available for those who aren’t familiar with the shell – they’ve promised more tutorials soon, and we’ll be keeping an eye on what they get up to!

74 comments

Avatar

Naughty naughty. Hehe. Just kidding. Smart kid though. Keep it up. Learning that is. Not hacking things you souldn’t. ;)

Avatar

Hack everything, that is how we learn.

Avatar

I completely agree with that! :)

Avatar

Thats one awesome kid!

Avatar

Definitely change your passwords. I was in my Mac console this AM, to which my ssh port is forwarded, and noticed tonnes of failed logins for the user “pi”!

Avatar

mmwwarrrhaarrr! de evil genius girl!
the daughter I wish I had.
great job

Avatar

She didn’t even show the most fun possible on a ‘hacked’ Mac, the `say` command. `say` will verbalize any words typed after it on a Mac enabling devious little daughters to scare the Builder’s tea out of password-sharing parents. `say you have been hacked` for example.

Avatar

Oo – you learn something every day!

Avatar

Yep the kids have fun using that command, but she did use the say command in that video for the spoken warning.

Avatar

Best used with osascript -e "set Volume 10" ;)

Avatar

So now we think it’s OK to let kids hack computers? What next, the school computers? I think that is diabolical that you’ve promoted this here. SSH could have been explained in a much more positive way. Many hackers will say this is a harmless bit of fun, even a learning exercise – but I think not. It’s the slippery slope to acceptance that doing stuff like is perfectly acceptable. That’s why our standards in modern life particularly in this country have fallen so low. By the way Dad, if your passwords are that easy to obtain I wouldn’t leave your credit cards lying around the house.

P.S. This post will probably be either removed by the management or criticised by many of you. That’s probably because of your age.

Avatar

The girl did explicitly say she had permission from her mother to do this, and it seems more of a cautionary tail to the rest of us to keep our passwords 1) Difficult to guess and b) Secret.
By-the-bye I’m 50 and a bit and I though it was hilarious :)

Avatar

For ‘tail’ read ‘tale’….tsk

Avatar

I agree! One minute you’re playing a joke on your dad and the next thing you’ve tunnelled into the Tower of London, stolen a jewel-encrusted orb and left a nervous poo it’s place just like in Indiana Jones! It’s a slippery slope indeed! Like in Indiana Jones.

Not only is HACKING immoral and unnatural — like dressing up as Spiderman and standing outside Peacock’s shouting, “Do you want to smell my fish?!” — it is also a criminal OFFENCE (except of course when you have permission to access that computer system like the young lady did have in the video).

And it’s no wonder the country has gone to the dogs with all of these digital SHENANIGANS (your words, not mine HA!). In the old days you could leave your front door unlocked and when you came home a neighbour would have left a brace of woodcock on your family jewels. Without taking the jewels! Now look at the UK, it’s a shambles, they are even having a vote tomorrow to replace the so called ‘Prime Master’ and it’s all down to hacking and disrespect for PARENTS.

I mean, have you never seen War Games and that was based on a true story? Or The Matrix? As for that Edward Snowman, he’s not so smug now eh, locked in a cell with 20 computers and special rubber mittens bound to his hands so he can’t type. Torture! And all because he thought HACKING was cool. You only have to watch Reefer Madness to know where this will lead to. White Hat hacking? WHITE HOT hacking more like. HA!

So remember kids – just say “no!” to hacking. You might think that you are learning lots and having fun but you are on a slippery slope. And not a fun one like in Splatalot! on CBBC with bubbles and that.

Avatar

“You only see the reflection of your mind in the world outside.” :P

Avatar

That is not true! I’m about to do it and, by the way, hacking is OK, unless you join Annonymous!
When I first started up my B+ and saw the command line, after a week of trying the correct install code, I was so happy!
Do you see the bottom of this page? Registered UK charity?
Does it say “private”?
Was Eben Upton on the news once or a hundred times?
Yep,
So what my question is, is harmless hacking okay?
Yep.

Avatar

I confess. As a child I diassembled games to work out how they managed to make the graphics on a ZX Spectrum run ten or more times quicker than I could make them go myself. I even ended up writing a mouse driver for Virus (the spectrum port of Zarch from the Archimedes) so I could play like the proper version that the rich kids had.

As an adult this led me on to invent cruel and evil hacks like the upside-down-ternet

http://www.ex-parrot.com/~pete/upside-down-ternet.html

So it’s a slippery slope, and I’m not not allowed a position of responsibility near computers. Frankly I wish I’d stuck to only the school curriculum of learning to type and use business applications so I could be a productive member of society.

Avatar

“Frankly I wish I’d stuck to only the school curriculum of learning to type and use business applications so I could be a productive member of society.”

Well, I’ll let you know that your upside-down-ternet is really awesome and helped me out a ton with getting my router (a full blown Linux machine) to actually route data to the internet!

You were disassembling video games? That actually sounds pretty cool to me. :) Reverse engineering and looking at other peoples code is the best way to learn how to program in my opinion.

Avatar

Yes, it is absolutely correct for kids to learn about, and practice skills at hacking. There is nothing wrong here. The key is gaining permission first for active attempts.

Otherwise we should ban programming and electronics because someone may program a timer to control a home made bomb. (“Won’t someone please think of the children!”)

By learning about an activity that is perfectly legal (note that “permission” bit again) one can better understand how to protect oneself online. One can also gain the skills needed by pentest companies in future years to gain legitimate employment.

Hence, doing “stuff like this is perfectly acceptable (your words, my context) and needs to be encouraged. You learn the value of a password best by seeing how to subvert one and what you can do if you can do so.

Avatar

*Applause* – couldn’t have put it better myself.

Avatar

hahahahaha bless you.

Avatar

When was is it NOT OK? I wouldn’t be the professional I am today if I didn’t hack things as a kid. Why is that? because when I grew up there was no internet (not in its current form ay least!) so I had to learn things the hard way, by actually LEARNING, and not by listening to some ‘thrope that believes free thinking is evil, and that everyone has a ‘bad’ gene that’s gonna take them over and destroy the world.

Avatar

It is most definitely okay.

If my daughter where to successfully hack me then she will be rewarded. Because as a responsible adult it is *my* responsibility to keep my systems secure.

Hacking is one of the most valuable techniques in teaching security.

Avatar

We absolutely need to encourage this sort of thing.

I’ve already shown my children how trivial it is to forge emails. There’s no better way to understand security than to have a play with it. And who would you rather be hacked by – your child or an international criminal gang?

I’m 46, btw. Not sure what that’s got to do with it.

Avatar

At Pi Towers, we range from 25 to 60-something. We all think this is an admirable way to learn, and we’re not quite sure what age has to do with it either.

Avatar

I am young (13) and I have worked out for myself how to forge emails. Watch out for emails from yourself at Pi towers ;-)

Avatar

Just kidding of course!

Avatar

Oh geez, knock it off… You’re just mad because you use your cats name and birthday for a password….

Avatar

Damn. I thought that password was safe….

Avatar

“My password just got hacked again. That’s the third time I’ve had to rename my cat. #PasswordConfession”

Avatar

Well, at least it leaves them with 15 names to try…
(Yes, I might be considered a crazy cat man)

But learning stuff by disassembling various things (bikes, power drills, etc) or hacking around on computers is how you learn things best.

If you think that is bad, then either you have had a terrible childhood, or you misplaced your inner child a long time ago. (This last option frightens me most)

Avatar

I don’t know about the age crack… I’m 46 and a Director of Technology, and I absolutely approve of kids hacking computers and technology.
Every kid should have these opportunities.

Avatar

I look forward to you making that statement (without further qualification) to your Board, when some bored 13yo costs your company money and potentially does lasting damage.

Avatar

This isn’t hacking, this is playing a harmless prank on someone. We used to do this kind of stuff all the time back in uni, great way to learn. I don’t see how it goes from “harmless prank” to “evil hacking” just because a computer and a network connection are involved.

One of the most popular pranks we played on each other was setting the console text to black on black if the user forgot to log out their shell when AFK – it’s a harmless way of instilling good practices: never leave unattended computers logged in because you never know who’ll come by and what they might do using your credentials.

And yeah, killing running applications that are in use by someone else is a bit of a no-no; there’s chance of losing unsaved work. But on the other hand, Sublime Text is pretty good at handling unintended exits. It even remembers text that you typed in a new tab that was never saved to a file yet.

Avatar

I don’t think you know what hacking is if you believe it is an “illegal” activity. And if you are that ignorant, how did you find yourself reading on raspberrypi.org?

Hacking (tinkering with the intent to modify or push limitations) is the best way to learn about information technology, and also gives insight into how one may thwart those with malicious intentions.

People won’t criticise your comment because of their age; they’ll criticise your comment because you come across as ignorant and irrationally grumpy.

Good day to you.

Avatar

Noted, noted and double noted…

Avatar

Amazing! Wish I could do that now. Need to take tutorials. Hope she uses her powers for the good not the bad.

Avatar

As a child, there is no wrong nor right, they do it just for fun and to learn

It is LATER that the concept of good or bad seeps in.

And i think both the young lady and her parent has learned something valuable….

USE STRONG PASSWORDS :)

Avatar

I disagree with that. There is a right and wrong even for children. The girl here was in the right cause she had her parents permission to do that. Btw I am 14 (everybody else is listing there age so I thought I would to :D)

Avatar

A friend of mind told me about a similar trick on a colleague, by sshing in to a remote computer (running Linux) and typing eject (if the user has a cd drive) causes the cd drive to come out, this worked only the cd drive was quite low and came out and knocked coffee off a table.

Avatar

There used to be a worm infecting certain computers called Cuckoo. On the hour it would repeatedly eject and close your CDROM while playing the sound “cuckoo, cuckoo” from your speakers. Most amusing, and most annoying.

Avatar

I got a internship at a pen testing company and I am 15 years old and love it! If you love hacking that is great just don’t attack other people’s stuff or do a attack that would involve hurting other people’s computers. I started writing browser exploits and now I mainly write in python because it is easy to write them. Now I currently am working on trying to write a exploit for ssl but it is long but very fun. I am living the dreams of my 8 year old self! You go little girl. Now go and learn python 3!

Avatar

@John, that is seriously cool. Kudos.

Avatar

This sort of hacking has a long and glorious history. See below for the evidence, and notice the date. (Not that this particular jape involved any hacking per se, but the effect was similar.)

From: elf@halcyon.wa.com (Elf Sternberg)
Newsgroups: alt.folklore.computers
Subject: Anecdotes
Date: 23 Sep 90 19:53:19 GMT

Personally, my favorite notes (oh, this is my first usenet
posting, ever) was done by a hacker friend on and PDP 11/34 and a pair of
VT100’s with remote power supplies. It was installed in a high school,
and sometime in the late evening when some poor fifteen year old kid was
grunging away at some assigned code, the terminal to his left came on
(you remember VT100’s and that obnoxious >BEEP<) and said, in letters two
row high:

THERE IS NO GOD

A few second later, the terminal to his right came to life, and replied:

OH YEAH? THEN WHO PLUGGED US IN?

They both shut down a few seconds later.

Avatar

And this is how Dad got a new Raspberry Pi for a few weeks!

Avatar

Well done, kiddo.
Definitely keep hacking.
Programming is the new magic.

Avatar

Wonderful,

The best bit, the sense of enjoyment and achievement when she ‘broke’ in. That is now one cyber-security savvy young lady

Never loose the joy of finding things out.

Avatar

Can I move in with them? :-)

Their tech points are off the charts

Avatar

For those upset over her ‘hacking’ she actually didn’t hack into anything… she said she already had the password, probably provided by her Mother. Hacking implies the modification of ‘something’ that changes it’s behavior (for good or malicious intent) and/or improves it. Hacking would be if she compromised the home dhcp server by running it out of available leases, set her pi up as a dhcp server, routed all traffic through it to analyze for clear-text passwords, the transfer of private ssh keys, hashes, etc in order to gain access. At best, this could be considered social engineering since she was given the password.

Avatar

I’m guessing by how quickly she finished up her video that the wrath of Daddy was on his way! lol

Avatar

She and her brother are very cute.

I like the part at the end where she says, “My evil plan worked !!!”.

That is adorable.
Her parents must be very proud.

Great kids.

Avatar

lol,Good video. I learned something from her.

Avatar

smart kid for sure

Avatar

Brilliant, I absolutely applaud this and hope I get hacked similarly by my own kids in the years to come :)

There is no better way to intimately become versed to a complicated functionality and methodology than bending it to your own means. For me, that is the truest definition of ‘hacking’, irrespective of motive.

Avatar

First off, great video, thoroughly enjoyed the cheekykidiness of it.
But after reading some of the comments I’m greatly surprised people have forgotten the origins of hacking, maybe some are too young and simply go along with the media blurb about the Snowdens and Assanges of the world who are/use tools to gain access to stuff that generally causes more harm than good.
Hackers were originally programmers, hacking away at the keyboard, whizzkids, geeks, whatever.
When these whizzkids found they could get onto other computers and have a laugh, they did, and it was a laugh.
On the flip-side there were crackers who were more interested in circumventing security on networks and in software for financial gain.
The whole thing’s gotten blurred over time and you never hear of crackers.
Keep your dad on his toes girl ;)

(Even viruses started out innocently

Avatar

Actually, the origins of hacker go back even further as it originally was used to describe model train hobbyists, but has since evolved to define a broader spectrum of hobbyists who all share the same passion of pursing a deeper, intimate understanding of how something functions.

Avatar

This is why you should never forward SSH ports to the Internet.

Avatar

Actually it’s fine to do that, just use RSA or ECDSA keys and disable password logins.

Avatar

Use the force for good young padawan. A little knowledge… Great video.

Avatar

I’d bet the negative comments on the video are coming from folks who don’t have Pi, or know what SSH is.

I’m curious about her screen saver, and how she made the Mac talk!

Avatar

You can make it talk by simply typing

say hello

The computer will then say hello just type say and then whatever you want to make it say. I learned that from another comment above and I think it is so awesome!

Avatar

On linux debian, sudo apt-get install cmatrix
That might be her “screensaver”.

Avatar

I have to say i thought the presentation was well researched and made. I have to firstly take my hat off to the girl for being courageous enough to set up and video it. Secondly for thinking it through to even promoting the correct (seeking permission and passwords) way of doing it. Thirdly for having a forward thinking family that immerses their children in the latest technologies and giving them the edge in life. What technologies a child learns becomes the norm when they grow up.

I for one enjoyed the demonstration and would promote the education of children (in the right way) and think the grownups should learn coding rather than jump on the negative bandwagon.

Avatar

Amazing. These kids are both cute and brilliant.
But – seriously – do all of you really believe there was no adult’s hand in this? With all the cover editing, screencasts and overlays? Well, maybe, if the kid is so smart with other stuff, she could do is. But I do suppose that a smart Mom or Dad were in on the game. It’s not like that’s total unscripted …
I really love the hand drawn animation, by the way – low tech and smart.

Avatar

“clever” editing, of course.
I think someone is hacking my keyboard again.

Avatar

I can’t imagine being able to do what the young lady did at her age*. Not just doing it, but being able to explain what she was doing. And her brother is a dab hand with the video camera, framing the key parts of the subject very nicely. Very impressed with both of them.

For those people moaning about permissions and hacking, they say this on their website:
<q cite="We had to get permission from our Mum to do this, in case our Dad lost any important work. We also have to get permission every time we want to connect to the Internet. If you don't get permission then you could get into big trouble!"°

————————————————-
*For one thing, SSH hadn't been invented.

Avatar

I had seen this post go up earlier but only now watched the video. Absolutely brilliant! As an IT professional who uses ssh on a daily basis, I think this is _exactly_ what we need more of – to raise awareness of just how important it is to understand how things work. That learning about these tools can be fun, and you can only defend yourself against malicious use if you understand the underlying mechanisms. And yes, these tools can be used for both good and evil, just like a knife can be used to take or save a life.

Avatar

Hi all,

Just a small comment: don’t use kill with signal numbers, use it with signal names: it’s much more portable…
i.e: kill -KILL

Enjoy,
Jacques-D.

Avatar

And don’t kill with signals at all, unless you need a signal. Using -9 or -KILL as a first instinct will inevitably lead to harm later, on one hand not giving programs a chance to shut down nicely, and to your fingers typing things like ‘kill -9 -1 3456’ when you brain meant ‘kill -1 3456’ instead.

Avatar

Holy crap! I’m a programer and don’t even know how to do this! That’s one clever kid! How did she learn this?!

Avatar

Or perhaps being a “programmer” doesn’t mean you know anything useful. This is basic computer skills that any 10 year old should know

Avatar

I am proud. I’d love to do that!

Avatar

I have a question… HOW DO YOU GET THE RPI TO CONNECT TO YOUR WINDOWS PC??????????????? Both my pi and my WINDOWS 7 pc are connected to the internet, pi by ethernet, pc by wifi, got the ip address from my computer, got the right name ITS JUST NOT CONNECTING AT ALL

Avatar

Because Windows isn’t UNIX based, like Linux or OS X, it needs special software in order to run SSH, called OpenSSH for Windows.

Leave a Comment

Comments are closed