Daemon

structure was engulfed in flames reaching fifty feet into the air. The half-dozen outbuildings burst into flames, too, and were quickly roaring infernos.
    Trear numbly watched the scene. It was the nightmarish Waco visual he’d dreaded – one almost certainly combined with the worst casualties ever suffered by the FBI in a single operation. And all of Sobol’s data were going up in flames. Along with Trear’s career.

Chapter 19:// Sarcophagus
    It took Gragg nearly three and a half hours to crack the WPA key on Boerner’s second Wi-Fi network. He had to keep his car running the entire time to be certain he didn’t drain his laptop battery. Once he cracked the key, he configured his card to use it, and DHCP soon handed him an IP address on the wireless network. By that time it was roughly four in the morning.
    But he’d slept a little, and buoyed by the successful crack, he felt good. If this was a test, he’d passed the first part. He might get out of this alive yet.
    Gragg used
Superscan
to run a ping sweep and port scan for machines on this new network, but he discovered only the single workstation running the wireless access point. The workstation returned information on its operating system and coughed up the status of several running services – but its hard drive was sealed tight.
    Gragg considered his options. He wanted a quick exploit that would give him a remote shell on the host machine with sysadmin rights. From there, he should be able to see into the hardwired LAN not yet visible to him.
    Since he didn’t have the luxury of time, he opted for an attack that was effective against a wide range of devices: SNMP – a buffer overrun that exploited a known vulnerability in unpatched implementations of Simple Network Management Protocol. This service was present on the target, and it was worth a shot.
    He switched to the command console and quickly keyed in the commands, pointing his exploit code to port 161 on thetarget machine. If the target was running an unpatched OpenBSD, he’d get to root pretty quick.
    He executed the command, waited, and in a moment he got a return instructing him to telnet to port 6161 at the target IP address. He sighed in relief. Another hurdle overcome.
    Gragg launched a telnet session and soon had a root prompt. He now
owned
Boerner’s workstation. Time to escalate network privileges.
    Gragg searched the target machine’s domain but was disappointed by the results. His victim was linked to a single server – and that was sealed up tight. It barely divulged any information. Gragg took a look in the server’s shared directory and raised his eyebrows.
    The directory contained a single Web page file. A page named HackMe.htm.
    Gragg smiled. He was beginning to feel a connection with Sobol. Sobol
wanted
him to get this far – that’s what this was all about.
    Gragg double-clicked on the file. A plain white Web page appeared in a browser window. It had logon and password text boxes and a submit button – nothing more.
    There were options here. Unicode directory traversal? Gragg smiled.
Logon
. Sobol was encouraging him. This had all the earmarks of an SQL-injection attack, and he had a favorite one. In the logon and password boxes he entered:
    ‘ or 1=1– –
    He clicked the SUBMIT button. After a moment’s pause an animation appeared with the words ‘Logon successful. Please wait …’ Gragg felt a rush of endorphins. He’d just received high praise from his new mentor. He was getting more comfortable by the minute in this environment.
    In a few moments a slick Flash-based diagram of a cinder-block building appeared with various features highlighted. It was an isometric view depicting the building right in front of Gragg’s car. He could see the antenna tower with a call-outlabel captioned ‘ WI - FI ANTENNA ARRAY .’ He moved his pointer around the diagram and noticed rollovers come to life as his mouse passed over certain features.
    Gragg saw a sensor array depicted on the roof, and the illustration looked like it included at least one camera. Gragg pointed at the array, and a translucent drop-down menu unfolded to the right of it containing a submenu:
    Ultrawideband Transceiver
    HD Video Multiplexer
    Acoustical Sensor Array
    He was beginning to feel the rush now. This wasn’t a game, and it was clearly designed by a well-funded and technologically capable person. He had always sought the
edge
– and this was it. This was as far from Main Street as he’d