What's New!

Chat with
Hackers

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 

Hacker
Wargames 

Meet the 
Happy Hacksters 

Help for 
Beginners 

Hacker 
Bookstore 

Humor 

It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

Mac Hacking

"Can I hack with a Mac?"

The answer is yes. With a vengeance!

First we will discuss the old Mac OS 8. That was one of the most secure network operating systems ever known.

The Appleshare Server, used to run Mac LANs, is alsofamous. Uberhackers swear it is almost impossible to break into an Appleshare LAN unless one installs it with a backdoor.

Newbie note: A backdoor is a type of program that hackers use to get into a computer system without going through the normal security procedures.

Just how secure is Mac OS8? In February 1997, the Swedish company Infinit Information AB (http://infinit.se/) announced a contest to break into their Web server. It was a Power Mac 8500/150 with 64 megs of RAM, 2 gig HD on a 10base-T Ethernet LAN. The server software was WebSTAR 2.0 with minimum plug-ins. Operating system was Mac OS 7.6 running Apple Script. No firewalls. No router filter. Just an unprotected Mac Web server.

To make a break-in worth the effort, they offered a prize of 10,000 Krona (roughly $1,350 US). After nearly three weeks, no one had come close to breaking in. So Infinit added another 740 Krona ($100) to the pot. "I feel pretty safe about the server," said Joakim Jardenberg, the Infinit employee who ran the contest. Infinit did, however, put an April 10 deadline on the contest.

Infinit probably felt pretty safe because only a few months before, Quarterdeck, the maker of the WebSTAR server software, had offered $10,000 US to anyone who could crack into it. WebSTAR won. 

When the Infinit contest was first announced, elite hacker Bronc Buster advised us that a Mac Web server "has NO telnet process/program to attach to, and FTPs are not possible. Because of this lack of a `shell' to get into, so you may change their web site ... it leaves very little possibility... In addition to this, if you COULD somehow attach, you would need to be running a Mac, with AppleTalk of course, and be using a Mac TCP/IP stack. The only `hole'...(is) the cgi-bin directory, which on a Mac server is not a hole at all...If someone does hack it, I'll eat a bug."

So did Bronc eat a bug? No way. The Mac won.

This got some Super Duper hackers bent out of shape. Angry that they couldn't prove how super they were in this contest, shortly after it ended they launched a wave of denial of service (DOS) attacks on Mac servers. But as you will discover, denial of service attacks are easy, lame, and may be the biggest threat to the Internet.

What do we learn from this contest? Mac OS8 is tough to break into and vandalize. Yet, as another elite hacker, StriderX, says, "The easiest way to hack a Mac is FROM a
Mac."

So if you hack from a Mac OS8, you can be proud to know that you are working from what is almost certainly the most hacker-proof box in the world. Yet you can use your Mac to mess around with all those Windows, Unix, VMS etc. boxes out there. You will be even better able to hack Macs than all those Unix weenies out there. Heck, working with your own Mac you may someday be able to win one of those contests to break into a Mac Web server. Yes, you Apple types are superbly positioned to become the best hackers on the planet.

This might change with Mac OSX. This is based upon a BSD type of Unix.  BSD was a good choice for the Mac OS, however, as it is the most secure type of Unix.  So... we're  waiting to see whether anyone will discover ways to break into the newest Macs...

Essential Mac Hacking Tools

So what are the beginner basics for Mac hacking on the Internet? First, you need to accumulate some essential tools. The biggest problem with Macs is that they don't have all the built-in hacking tools that Unix systems boast.

But this problem is easy to fix. A good place to start is with the many free programs available for Macs (see below).

Wait, you say, if I download all those free programs I'll fill up my hard drive three times over! OK, we'll be merciful to your hard drive. Here are the basics you'll need for Mac hacking:

1) A PPP connection. If you have an ancient Mac OS, you can use Free PPP for this. Get Free PPP and lots of other great Mac freebies at http://www.elsinc.com/files.html. Warning -- if you already have an Internet connection you probably already have a PPP program on your Mac -- don't mess with it. AOL usually does not give you PPP, but most other Internet service providers do.

2) Once you have a PPP session going, if you have an older Mac OS, use NCSA Telnet or Nifty Telnet for port surfing and lots of other fun. You can get telnet programs free at


3) Load up on the basic Internet probe tools: ping, traceroute, whois, nslookup, and port scanners. Get them free from these same places.

4) Are you serious? Really serious about hacking? Partition your hard disk, or add a second one, and install a Unix type operating system such as MkLinux from http://www.mklinux.apple.com/, or MacBSD from http://www.macbsd.com/. For those of you who have a Power PC CPU and want Unix and Mac OS running concurrently, try Mach 10 by Tenon Corp., http://www.tenon.com/ Or get a Red Hat Linux clone at LinuxPPC.

5) Blow your socks off. Blow your friends' socks off. Buy the Whacked Mac CD-ROM, which carries serious hacker exploit programs, from http://l0pht.com/warez.html (that's the number "0," not the letter "O". We don't normally recommend hacker exploit programs because they often contain nasty surprises. But the L0pht has an excellent reputation.

7) OpenBSD will run on MacS. Many people believe this is the most secure operating system on the planet, and it's easy to install if you are planning on building a web server. (It's not so easy if you are trying to get online with a modem).

8) StriderX tells us "Get MacPerl (a Mac version of the Perl programming language). Its socket abilities are outstanding. It can do absolutely anything but ICMP
(Internet Control Message Protocol attacks), and that's coming soon, if I can help it. =) It's unbelievably fast, and if you can learn it, it'll do anything. My password cracker tries 2,220 passwords/minute, on an 040/33 (like a 486/33, pretty much) and port scanners are a cinch. Winnuke and anything else are just too easy to do. I can't
say enough about it."

You can go to jail warning: Denial of service attacks
such as ICMP and Winnuke as well as theft of passwords are against the law in the US and many other countries.

Next, would you like to learn how to subvert and break into your own Mac just like Win95 people can with their boxes? Sorry. Mac is way too good for those tricks. Your Mac is a powerful tool for messing with those hapless computers in the outside world, but is no good for torturing in front of your friends. Be grateful you're a Mac hacker.

However, if you think you are really good at hacking Macs, you can win one by breaking into this Mac running Linuxppc.  Have phun!


Carolyn's most
popular book,
in 4th edition now!
For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Email:
Visit this group

 

Return to the index of Guides to (mostly) Harmless Hacking!

 © 2013 Happy Hacker All rights reserved.