Monday 05:45. The world around him was still asleep, the only sound violating the silence was the occasional bird outside. midfr0st was unaware of this, just as he was unaware of his mp3 playlist coming to an end three hours ago. His eyes had been fixed on his computer screen for the last sixteen hours. His mind had trouble remembering why. The screen was all black except for a line of text in the upper left corner: “follow the white rabbit.”<\/p>\n
I\u00e2\u20ac\u2122m going nowhere with this<\/em>, he thought as he erased the text he\u00e2\u20ac\u2122d written well over an hour go. Instead midfr0st brought up the network diagram he had been creating. It wasn\u00e2\u20ac\u2122t for his own network, rather a network his present client wanted to 0wn.<\/p>\n midfr0st had some history of doing an honest living but had found the illegal path to be more rewarding when it came to making doubloons. Besides I like being my own boss.<\/em><\/p>\n At the moment midfr0st was working on a job concerning communication or rather email. His current client, Dae, was so eager to read the emails from Gantern Construction that midfr0st had been paid in advance. This usually wasn\u00e2\u20ac\u2122t the way midfr0st worked but his confidence had grown a lot lately and he was positive he could pull it off. After his last contact with Dae he was beginning to regret his early payment.<\/p>\n Dae: How\u00e2\u20ac\u2122s our little expedition going? midfr0st wasn\u00e2\u20ac\u2122t overly concerned about Dae\u00e2\u20ac\u2122s threats. Dae didn\u00e2\u20ac\u2122t seem to know too much about Internet security and midfr0st did his best not to leave a trace back to him. Instead midfr0st traced the IP Dae had used in the irc session. He found that the IP belonged to a company called Wiamra Group, which according to their website was into construction. The way Dae could get to midfr0st was through M3m3th who had introduced them. M3m3th was a friend, but you never knew. midfr0st was pretty sure M3m3th wouldn\u00e2\u20ac\u2122t be able to track him.<\/p>\n 06:31, the dog started to bark. For some time midfr0st had been positive that his neighbors had that freaking dog running on ntp<\/a>, every morning at 06:31 it started. The walls in his apartment seemed to have been optimized to let sound pass through them unhindered. Once when it was really getting on his nerves he began feeding the times into rrdtool<\/a> to get some viewable graphs. After two weeks of manually running the update script he got fed up with the manual labor and considered setting up a microphone to record the barking automatically and then feed it to the update script. In the end he decided against it and figured he had better things to do with his time. Besides, during my testing the dog had been off 25 seconds one day and even if it was on ntp it had to be a very poor implementation.<\/em><\/p>\n midfr0st realized the music was silent and let a fresh load of mp3s drown the sound of the dog, it was time to get back to the task at hand. He had a lot of nmap<\/a> scans, information from the Gantern Construction website, he had hacked an ftp site on their DMZ but that hadn\u00e2\u20ac\u2122t been of further value. There were quite a few doors into the company but midfr0st hadn\u00e2\u20ac\u2122t been able to squeeze through. All the log files and notes had stopped making sense a long time ago.<\/p>\n At 07:05 something finally caught his eye, mail.gantern.com had port 25 open which would be common enough. However the mx records for the domain pointed elsewhere<\/p>\n MX = 10, mail exchanger = gantern.com.in10.antispamprovider.com Why didn\u00e2\u20ac\u2122t I see this earlier?<\/em> midfr0st began searching through his notes and after a few minutes he verified that mail.gantern.com was in fact accepting mails from the world. I hope this will work and that it\u00e2\u20ac\u2122ll be enough.<\/em> midfr0st checked the time 07:13, it was too early to begin.<\/p>\n
\nmidfr0st: It\u00e2\u20ac\u2122s moving along
\nDae: Where is it moving?
\nmidfr0st: I\u00e2\u20ac\u2122m still working on it
\nDae: I would hope so, when can you have the package delivered?
\nmidfr0st: I don\u00e2\u20ac\u2122t know, soon enough. These things take time.
\nDae: You sounded a bit cockier when we paid you.
\nmidfr0st: I haven\u00e2\u20ac\u2122t spent the money, you can have it back if you want to.
\nDae: The money is not important, my faith in you is. You do not want me to loose that faith.<\/p>\n
\nMX = 20, mail exchanger = gantern.com.in20.antispamprovider.com
\nMX = 30, mail exchanger = gantern.com.in30.antispamprovider.com
\nMX = 40, mail exchanger = gantern.com.in40.antispamprovider.com<\/p>\n