LLLLLLL OOOOOOOOOOOOO LLLLLLL LLLLLLL OOOOOOOOOOOOO LLLLLLL LLLLLLL OOO OOO LLLLLLL LLLLLLL OOO OOO LLLLLLL LLLLLLL OOO OOO LLLLLLL LLLLLLLLLLLLL OOOOOOOOOOOOO LLLLLLLLLLLLL LLLLLLLLLLLLL OOOOOOOOOOOOO LLLLLLLLLLLLL information exchange Prez DeadWhorse Prez Devil Locke e-mail lolie@freenet.hut.fi web: http://www.inmind.com/people/therock irc channel #lolie nick DedWhorse The Legion of Lame information Exchange. The LoLie is a service provided free of charge to anyone with an e-mail account and an interest in computer security, freedom of information, and censorship. The LoLie is a forum where people can submit articles on almost any topic, as long as it relates to computers. The LoLie was set up to cater to people interested in computer security, networking, phone system security, etc. If you would like to receive LoLie at your e-mail address, send a message to lolie@freenet.hut.fi LoLie depends on reader submissions. To keep LoLie the highest quality possible, you, the reader needs to write and submit articles, on whatever topic you specialize in. All supporting authors will be given credit. In this issue: Mac Hacking -Maniacy (maniacy@centuryinter.net) Generic Guide to Hacking -Dead Whorse ----------------------------------------------------------------------- Mac Hacking ----------------------------------------------------------------------- From maniacy@centuryinter.net At Ease, any version, for the Apple Macintosh Alright, here it is: At long last, a way you can get to the desktop of those damn machines they have at Best Buy and Sears. This is what you'll need: copy of the Apple Computer Utilities Disk ResEdit v2.1.3, available at ftp's everywhere Step one is to restart the computer, then hold down the space bar to bring up the extensions manager. Anything that says At Ease on it gets turned off, and anything else too if you're in a hurry (the computer will load up faster). After you get those extensions off, restart the computer. Welcome to the desktop. So what's the utilities disk for? First, insert the disk with ResEdit, and install it anywhere on the hard drive. Turn the computer off, and insert the Utilities disk. Restart. Took a while, didn't it? Apple drives are slow as shit, we know, but bear with us. Now, load up ResEdit, open a little file in the system folder called system. Highlight a resource, and tag the delete key. Do this until all the resources are gone. Do this as well to anything you find such as Finder, system 406 enabler, A/ROSE (I'm not sure if they still use that--it's in the extensions folder if it's anywhere). Now, restart the machine, and go home. It won't get anywhere near starting up. Unless they have someone who knows what they're doing walking around, and let's face it, Sears sells refrigerators, that computer is trash. About $2K worth. -Maniacy ----------------------------------------------------------------------- The Generic Guide to Hacking. -Dead Whorse ----------------------------------------------------------------------- Ok, so you want to be elite huh... Well guess what, everyone can't be elite! By definition, everyone cannot be elite, so what is it gonna be? Are you going to be one of the elite, or are you going to be one of The Few, The Proud, the Lame? If you want to hack, first you must define hacking. It can mean something completely different to everyone of us. The generic definition is gaining unauthorized access, for any reason, to learn, to extort, or anything. This may venture into gray areas of legality, and ultimately you are responsible for your actions. Information is power. Once you have your working definition of hacking, what it means to you in the situation you are in at that moment, then you can look for ways to hack. We will assume computers for this article, but these same methods would work with anything, phones, ATMs, physical security, people, etc. The thing common to all hacking is: You want something that you don't have, and you want to get it, and someone or something is going to try to stop you. You need your precise definition now. You need to identify what the thing is that you want, and what stands in your way of getting it. Hacking is built on these ideas: -There is no such thing as a secure system. -The something that is protecting the other thing that you want has holes in it somewhere. There is no such thing as a secure system, because someone has to be able to access it. If no one can access it, then it is of little use by anyone. So that means for every hacking goal, there is at least one person who can access the goal. One method of hacking involves watching the person access the goal, and then duplicating their actions. This includes a video camera to record keystrokes, or a small TSR program to record keystrokes. This can lead all the way up to phone taps, or tapping network lines to watch or data entered by the high-level authorized person. This way is extremely effective, unless the person uses an item that cannot be duplicated. Another method of hacking, often called social engineering, is making the person thing you are authorized to have the information necessary to retrieve the goal, and then getting it. This could involve anything, and is also extremely effective, the key is to know what you are talking about, before you contact the high-level individual. There is much information floating around publicly, that you can learn. This brings up another interesting point. Before you attempt a system, you should learn all you can, from data publicly accessible, and from lower-level access persons who are willing to talk about it. Even though the first two methods discussed above are very effective, they should be used as last resorts, because they are usually the more difficult methods. Holes in the software are usually easily exploited once found, but finding them is the hard part. First off you need to read the manual, and find any hole that may exist, just by reading and using the software. List all of these possible holes, and then try each one out. When you find one, don't tell anyone, unless you want it fixed. The other method of holes is to use holes that others have found before, and hope that your system is still vulnerable to the same attack. Also new features often have holes, because of incomplete testing. Once you have your method, you can use it to bypass your barrier, to get your goal. Once you have your goal, if you want to keep your goal, clean up after yourself, and make sure no one knows that you have the goal, until you are ready to lose it, and most likely the means to get it again. Summing it up I. Define your goal II. Define your barrier III. Select method A. Voyeuristic Penetration B. Social Engineering C. Holes 1. New holes 2. Old holes IV. Keep your goal. That's it... ----------------------------------------------------------------------- Well that's all for this issue, submit something, and you can be part of the next issue. Fading slowly away..... LoL information exchange. Issue 2. -EOF-