We're hackers, and we are good-looking. We are the 1%.


Tsutomu is a machine in the warzone that replicates the network and computer setup of Tsutomu Shimomura, who got hacked by Kevin Mitnick on December 25th 1994.

Kevin Mitnick used a TCP sequence prediction attack, known to exist since at least the mid-1980s, to fake a legitimate connection to Tsutomu Shimomura’s RSH server.

TCP handshake

In TCP sequence prediction attacks, an attacker impersonates a Client and completes a TCP handshake between that Client and a Server, without ever receiving any packets that the Server sends back to the Client. In order to do so, the attacker must correctly guess the initial sequence number (ISN) sent from the Server to the Client. The kernel on Tsutomu Shimomura’s machine generated easily predictable ISNs, making the attack possible.

The attack is featured in the movie Takedown, but it’s not a very good source of information on the technical aspects of the attack itself.

Easily predictable TCP initial sequence numbers became extinct in 1996 with the introduction of RFC 1984. The tsutomu machine inside the warzone reintroduces easily predictable ISNs so that you can try out this attack for yourself and test your skills.

How to play

This challenge is part of the OverTheWire Advent Bonanza 2018 CTF, which is now hosted on the warzone too.

After connecting to the warzone, tsutomu can be found at

To avoid interfering with others working on tsutomu, you may find it helpful to coordinate in the #warzone channel on our chat.