Project Mutator

... or retro bash scripts FTW!

Let's start with an old (2008) photo of a week titled "We all love AIX" ;P


Yup, 16 GB of RAM in 2007 was quite a lot and still it was hard to list files :>

How it all started

Well, this short post is about my early bash scripting straight from `99, so hopefully, it counts as retro ;)

Back in the '90s, broadband internet access was rather rare and expensive. Local ISPs were on top back then.
At that time I lived in an urban area rich in dull, concrete ten stories blocks to live in - a perfect ground for LANs.
Obviously, I wanted to have an Internet access but I wanted to check it first. Me and my few other friends, we had a LAN built already - without Internet but just for data sharing and gaming of course ;)
Of one these folks already bought an access from local ISP but since he also had RJ-45 leading straight to my flat, he could simply connect me through a 10Base-T HUB (anyone remembers these ? :P) so I could have a quick look at this ISPs network.

Bigger LAN

I've got myself an access but Internetz wasn't working ... now what ?!
After a bit of research and lurking I've figured that there is around, 160 PC's on a network connected through HUBs - no switching at all YAY !
Linux server worked as a router with SNAT.
Admin filtered access based on MAC address of clients ethernet cards, so I was kinda unlucky ... yeah kinda ... :>

The Plan

The plan was super simple - to spoof legit ( already in routers DB ) MAC address combined with legit IP and take over his/her access.
It can be done very easily under Linux - you throw few commands to a bash console and viola! it works !
However, in reality, it was not that simple. There were two problems to solve.

  • database of legit MAC+IP addresses - targets
  • easy and quick method to switch between 'em

A project Mutator was born.
Personally, I treated it as a bash scripting training.
Also, I desperately wanted this tool to stay in one file so I could quickly transfer it everywhere or just simply copy & paste it.

Script is super lame (bloated interface to ifconfig lol) but keep in mind that was `99 and I was doing my first steps in bash ;)

Here is a download link

Short walkthrough

When you first run it , script checks if the last line of it is set to #FIRSTRUN. If yes , it asks few configuration questions, like current MAC,IP,Gateway IP and so on. After that, it replaces #FIRSTRUN with #RUNNED so when you relaunch it, it sets vars and jumps straight to start function.
Example config:

gw=10.0.7.254;eth=eno1;selfnet=10.0.7;selfip=10.0.7.81;selfmac=f2:cb:b3:34:5b:d1

Menu has few options.

  • Mutate - This is a menu where a script scans LAN with
    fping and compares results with MACs+IP previously stored in a database - a set of subfunctions with config vars at the beginning of the file. Then you simply choose a target and mutate into it.


  • Mutate into yourself - This is where you can quickly configure your interface back to original settings - that is why first run config was needed


  • Database manual update - Allows to manually add entries to DB

  • Database auto learn update - scans LAN with fping then uses arping to get a MAC address of a target IP and writes results to DB


  • Show database - shows entries stored during scans
  • Clear database - clears DB
  • Configuration info - displays current config

As you can see this is quite a straightforward script flow. It boils down to scanning LAN for targets and waiting for targets to turn off their computers. Then you simply rescan LAN for those targets and mutate into them. Since their computers are offline you can spoof their MAC+IP and be accepted by the gateway as if you were a legit ISP client.

I did implement simple error handling but it is far away from alright. I didn't bother to finish this project so if you wanna improve it you are on your own ;)

Mutator worked very nicely, especially when everyone went to sleep - plenty of targets. Also, admins only way to catch you was to manually disconnect every RJ-45 from hubs scattered over 10-15 buildings so I was pretty safe. Some days later I finally joined that network too - at least officially .... and even became an admin of it a few weeks later.

That's it , this is how one could get a free internetz in the '90s :)

Cheers

Drygol

Chaos is your redemption .... better run .... better hide

I come from Internetz :>