Copy Link
Add to Bookmark
Report
LoL information exchange Issue 02
LLLLLLL OOOOOOOOOOOOO LLLLLLL
LLLLLLL OOOOOOOOOOOOO LLLLLLL
LLLLLLL OOO OOO LLLLLLL
LLLLLLL OOO OOO LLLLLLL
LLLLLLL OOO OOO LLLLLLL
LLLLLLLLLLLLL OOOOOOOOOOOOO LLLLLLLLLLLLL
LLLLLLLLLLLLL OOOOOOOOOOOOO LLLLLLLLLLLLL
information exchange
Prez DeadWhorse
Prez Devil Locke
e-mail lolie@freenet.hut.fi
web: http://www.inmind.com/people/therock
irc channel #lolie
nick DedWhorse
The Legion of Lame information Exchange.
The LoLie is a service provided free of charge to anyone with an e-mail
account and an interest in computer security, freedom of information,
and censorship.
The LoLie is a forum where people can submit articles on almost any
topic, as long as it relates to computers. The LoLie was set up to
cater to people interested in computer security, networking, phone
system security, etc.
If you would like to receive LoLie at your e-mail address, send a
message to lolie@freenet.hut.fi LoLie depends on reader submissions.
To keep LoLie the highest quality possible, you, the reader needs to
write and submit articles, on whatever topic you specialize in. All
supporting authors will be given credit.
In this issue:
Mac Hacking -Maniacy (maniacy@centuryinter.net)
Generic Guide to Hacking -Dead Whorse
-----------------------------------------------------------------------
Mac Hacking
-----------------------------------------------------------------------
From maniacy@centuryinter.net
At Ease, any version, for the Apple Macintosh
Alright, here it is: At long last, a way you can get to the desktop of
those damn machines they have at Best Buy and Sears. This is what you'll
need:
A copy of the Apple Computer Utilities Disk
ResEdit v2.1.3, available at ftp's everywhere
Step one is to restart the computer, then hold down the space bar to bring
up the extensions manager. Anything that says At Ease on it gets turned
off, and anything else too if you're in a hurry (the computer will load up
faster). After you get those extensions off, restart the computer. Welcome
to the desktop.
So what's the utilities disk for? First, insert the disk with ResEdit, and
install it anywhere on the hard drive. Turn the computer off, and insert
the Utilities disk. Restart.
Took a while, didn't it? Apple drives are slow as shit, we know, but bear
with us. Now, load up ResEdit, open a little file in the system folder
called system. Highlight a resource, and tag the delete key. Do this
until all the resources are gone.
Do this as well to anything you find such as Finder, system 406 enabler,
A/ROSE (I'm not sure if they still use that--it's in the extensions folder
if it's anywhere). Now, restart the machine, and go home.
It won't get anywhere near starting up. Unless they have someone who knows
what they're doing walking around, and let's face it, Sears sells
refrigerators, that computer is trash. About $2K worth.
-Maniacy
-----------------------------------------------------------------------
The Generic Guide to Hacking. -Dead Whorse
-----------------------------------------------------------------------
Ok, so you want to be elite huh... Well guess what, everyone can't be elite!
By definition, everyone cannot be elite, so what is it gonna be?
Are you going to be one of the elite, or are you going to be one of The
Few, The Proud, the Lame?
If you want to hack, first you must define hacking. It can mean
something completely different to everyone of us. The generic
definition is gaining unauthorized access, for any reason, to learn, to
extort, or anything. This may venture into gray areas of legality, and
ultimately you are responsible for your actions. Information is power.
Once you have your working definition of hacking, what it means
to you in the situation you are in at that moment, then you can look for
ways to hack.
We will assume computers for this article, but these same methods
would work with anything, phones, ATMs, physical security, people, etc.
The thing common to all hacking is: You want something that you don't
have, and you want to get it, and someone or something is going to try
to stop you. You need your precise definition now. You need to
identify what the thing is that you want, and what stands in your way of
getting it.
Hacking is built on these ideas:
-There is no such thing as a secure system.
-The something that is protecting the other thing that you want has
holes in it somewhere.
There is no such thing as a secure system, because someone has to
be able to access it. If no one can access it, then it is of little use
by anyone. So that means for every hacking goal, there is at least one
person who can access the goal.
One method of hacking involves watching the person access the
goal, and then duplicating their actions. This includes a video camera
to record keystrokes, or a small TSR program to record keystrokes. This
can lead all the way up to phone taps, or tapping network lines to watch
for data entered by the high-level authorized person. This way is
extremely effective, unless the person uses an item that cannot be
duplicated.
Another method of hacking, often called social engineering, is
making the person thing you are authorized to have the information
necessary to retrieve the goal, and then getting it. This could involve
anything, and is also extremely effective, the key is to know what you
are talking about, before you contact the high-level individual. There
is much information floating around publicly, that you can learn.
This brings up another interesting point. Before you attempt a
system, you should learn all you can, from data publicly accessible, and
from lower-level access persons who are willing to talk about it. Even
though the first two methods discussed above are very effective, they
should be used as last resorts, because they are usually the more
difficult methods.
Holes in the software are usually easily exploited once found,
but finding them is the hard part. First off you need to read the
manual, and find any hole that may exist, just by reading and using the
software. List all of these possible holes, and then try each one out.
When you find one, don't tell anyone, unless you want it fixed. The
other method of holes is to use holes that others have found before, and
hope that your system is still vulnerable to the same attack. Also new
features often have holes, because of incomplete testing.
Once you have your method, you can use it to bypass your barrier,
to get your goal. Once you have your goal, if you want to keep your
goal, clean up after yourself, and make sure no one knows that you have
the goal, until you are ready to lose it, and most likely the means to
get it again.
Summing it up
I. Define your goal
II. Define your barrier
III. Select method
A. Voyeuristic Penetration
B. Social Engineering
C. Holes
1. New holes
2. Old holes
IV. Keep your goal.
That's it...
-----------------------------------------------------------------------
Well that's all for this issue, submit something, and you can be part
of the next issue.
Fading slowly away.....
LoL information exchange. Issue 2.
-EOF-
