Disclaimer : small spoiler inside !

I must admit that The Matrix Reloaded marks a milestone in the representation of computer related technology in movies to the great pleasure of hax0rs and other computer geeks. If you find that the pretty 3d animations of hackers taking remote control of computers in a glimpse are fascinating then you'll probably be very upset by the way Trinity does it this time.

This is one of the very few movies which do not use sophisticated MovieOses, or that does not trick people into thinking programmers are "coding" very complex computer programs when they are actually scrolling through simple HTML code, or those in which the main character can crack a 128-bit RSA key by guessing the "password" ! (see Independence day, Hackers, Antitrust, s1m0ne, Jurassic Park, Sword Fish... Ouch the list is endless). In The Matrix Reloaded, Trinity simply uses a real life exploit.

Instead of pressing a "hack this computer" button, she fires up nmap on IP (this IP is on the address space which is reserved for local networks) and finds out that port 22 (SSH) is open. Then she launches a program called "sshnuke" that attempts to exploit the SSHv1 CRC-32 vulnerability. And it succeeds, prompting for a new root password.

Of course there is no program called sshnuke but the SSHv1 CRC-32 exploit does exist and nmap is a real tool (its author is so proud to see it in a movie).

nmap is a widely used tool written by Fyodor. The man page says "nmap - Network exploration tool and security scanner". It uses a large variety of methods from the simple port scan to the more complex Xmas Tree attack to scan a given machine or subnet and collect as much information as possible (services running, operating system etc.). This is the first step required to perform a hack on a machine : examine it to build a list of possible attacks. Obviously Trinity finds out that a SSH service is running and decides to try to exploit its vulnerability.

That's not all, there is indeed a SSHv1 CRC-32 exploit. It is a buffer overflow type of vulnerability (boundary condition error) that can give the attacker root privileges on the target machine (provided that the ssh daemon is running as root) and has been discovered on February 8, 2001 by security analyst Michal Zalewski. You can find a proper bytecode and ssh client on every good security related web site.

Even if this is only a small technical detail that is only of little importance relative to the action movie's scenario the good thing is that it is rather realistic and it doesn't outrage the hacker and security analyst community by spreading a wrong image of computing concepts to the masses.

Source : http://www.theregister.co.uk/content/55/30747.html