"Can I hack with a Mac?"
The answer is yes. With a vengeance!
First we will discuss the old Mac OS 8. That was one of the
most secure network operating systems ever known.
The Appleshare Server, used to run Mac LANs, is alsofamous.
Uberhackers swear it is almost impossible to break into an Appleshare
LAN unless one installs it with a backdoor.
Newbie note: A backdoor is a type
of program that hackers use to get into a computer system without
going through the normal security procedures.
Just how secure is Mac OS8? In February 1997, the Swedish
company Infinit Information AB (http://infinit.se/)
announced a contest to break into their Web server. It was a
Power Mac 8500/150 with 64 megs of RAM, 2 gig HD on a 10base-T
Ethernet LAN. The server software was WebSTAR 2.0 with minimum
plug-ins. Operating system was Mac OS 7.6 running Apple Script.
No firewalls. No router filter. Just an unprotected Mac Web server.
To make a break-in worth the effort, they offered a prize
of 10,000 Krona (roughly $1,350 US). After nearly three weeks,
no one had come close to breaking in. So Infinit added another
740 Krona ($100) to the pot. "I feel pretty safe about the
server," said Joakim Jardenberg, the Infinit employee who
ran the contest. Infinit did, however, put an April 10 deadline
on the contest.
Infinit probably felt pretty safe because only a few months
before, Quarterdeck, the maker of the WebSTAR server software,
had offered $10,000 US to anyone who could crack into it. WebSTAR
won.
When the Infinit contest was first announced, elite hacker
Bronc Buster advised us that a Mac Web server "has NO telnet
process/program to attach to, and FTPs are not possible. Because
of this lack of a `shell' to get into, so you may change their
web site ... it leaves very little possibility... In addition
to this, if you COULD somehow attach, you would need to be running
a Mac, with AppleTalk of course, and be using a Mac TCP/IP stack.
The only `hole'...(is) the cgi-bin directory, which on a Mac
server is not a hole at all...If someone does hack it, I'll eat
a bug."
So did Bronc eat a bug? No way. The Mac won.
This got some Super Duper hackers bent out of shape. Angry
that they couldn't prove how super they were in this contest,
shortly after it ended they launched a wave of denial of service
(DOS) attacks on Mac servers. But as you will discover, denial
of service attacks are easy, lame, and may be the biggest threat
to the Internet.
What do we learn from this contest? Mac OS8 is tough to break
into and vandalize. Yet, as another elite hacker, StriderX, says,
"The easiest way to hack a Mac is FROM a
Mac."
So if you hack from a Mac OS8, you can be proud to know that
you are working from what is almost certainly the most hacker-proof
box in the world. Yet you can use your Mac to mess around with
all those Windows, Unix, VMS etc. boxes out there. You will be
even better able to hack Macs than all those Unix weenies out
there. Heck, working with your own Mac you may someday be able
to win one of those contests to break into a Mac Web server.
Yes, you Apple types are superbly positioned to become the best
hackers on the planet.
This might change with Mac OSX. This is based upon a BSD type
of Unix. BSD was a good choice for the Mac OS, however,
as it is the most secure type of Unix. So... we're
waiting to see whether anyone will discover ways to break into
the newest Macs...
Essential Mac Hacking Tools
So what are the beginner basics for Mac hacking on the Internet?
First, you need to accumulate some essential tools. The biggest
problem with Macs is that they don't have all the built-in hacking
tools that Unix systems boast.
But this problem is easy to fix. A good place to start is
with the many free programs available for Macs (see below).
Wait, you say, if I download all those free programs I'll
fill up my hard drive three times over! OK, we'll be merciful
to your hard drive. Here are the basics you'll need for Mac hacking:
1) A PPP connection. If you have an ancient Mac OS, you can
use Free PPP for this. Get Free PPP and lots of other great Mac
freebies at http://www.elsinc.com/files.html.
Warning -- if you already have an Internet connection you probably
already have a PPP program on your Mac -- don't mess with it.
AOL usually does not give you PPP, but most other Internet service
providers do.
2) Once you have a PPP session going, if you have an older
Mac OS, use NCSA Telnet or Nifty Telnet for port surfing and
lots of other fun. You can get telnet programs free at
3) Load up on the basic Internet probe tools: ping, traceroute,
whois, nslookup, and port scanners. Get them free from these
same places.
4)
Are you serious? Really serious about hacking? Partition your
hard disk, or add a second one, and install a Unix type operating
system such as MkLinux from http://www.mklinux.apple.com/,
or MacBSD from http://www.macbsd.com/.
For those of you who have a Power PC CPU and want Unix and Mac
OS running concurrently, try Mach 10 by Tenon Corp., http://www.tenon.com/
Or get a Red Hat Linux clone at LinuxPPC.
5) Blow your socks off. Blow your friends' socks off. Buy
the Whacked Mac CD-ROM, which carries serious hacker exploit
programs, from http://l0pht.com/warez.html
(that's the number "0," not the letter "O".
We don't normally recommend hacker exploit programs because they
often contain nasty surprises. But the L0pht has an excellent
reputation.
7) OpenBSD will run
on MacS. Many people believe this is the most secure operating
system on the planet, and it's easy to install if you are planning
on building a web server. (It's not so easy if you are trying
to get online with a modem).
8) StriderX tells us "Get MacPerl (a Mac version of the
Perl programming language). Its socket abilities are outstanding.
It can do absolutely anything but ICMP
(Internet Control Message Protocol attacks), and that's coming
soon, if I can help it. =) It's unbelievably fast, and if you
can learn it, it'll do anything. My password cracker tries 2,220
passwords/minute, on an 040/33 (like a 486/33, pretty much) and
port scanners are a cinch. Winnuke and anything else are just
too easy to do. I can't
say enough about it."
You can go to jail warning: Denial
of service attacks
such as ICMP and Winnuke as well as theft of passwords
are against the law in the US and many other countries.
Next, would you like to learn how to subvert and break into
your own Mac just like Win95 people can with their boxes? Sorry.
Mac is way too good for those tricks. Your Mac is a powerful
tool for messing with those hapless computers in the outside
world, but is no good for torturing in front of your friends.
Be grateful you're a Mac hacker.
However, if you think you are really good at hacking Macs,
you can win one by
breaking into this Mac running Linuxppc. Have phun!
