Released on http://www.securemac.com/ - Thanks to all the mac security experts Penetrating an AppleShare IP Network (by izzy, punkz.com) As you know, many school's have AppleShare IP as there primary FTP/Network server. A lot of these school's use foolproof/onguard/atease as there computer security. We all know that these ways of security have many flaws in them. Go to punkz.com or securemac.com to see for yourself. Now, depending on what security systems getting the admin password/passwords can be easy or relativly hard. If your admin gets very suspicouse of things, and has many logs then its a good idea to be very very carefull in what times you do things. 1. The First Step: Finding a decent computer to work with. Before you can get started, you need to find a computer hooked up to the network that you want to get the admin passwords for. If it is at school, a classroom computer is probably the best, since they are rarely monitored closely. At an office, just use your own computer. Make sure there are no suspicouse teachers/supervisors around. 2. Get past the security systems so you have admin access to the computer. Since I don't know foolproof that well, I will only go over AtEase and OnGuard using the well-kown exploits. For OnGuard, to get full acces it is fairly easy. Now, in order to do this, you must have a place on the HD or network that you can save documents to (a Students Folder, or Students Shared Folder, for students to save work on) and Mac OS 8 (i think, it could be earlier you have to see). Save a text document (or whatever) into the folder. Now, make an alias of that file. The next thing you do is delete the original file (not the alias). Now, open the alias and it should ask you if you want to delete the alias, find the original item or OK. Now, click find, or find the original item (or whatever it is) and then you should get a dialog box asking you to find the original item. Go to the macintosh HD, find the system folder and click "choose". Now, open the alias and you have acces to the system folder! From here, delete the onguard prefs (which sets the admin password and login to admin/blank (nothing)). Or you can open extensions manager and turn off onguard. For AtEase, do exactly the same as OnGuard, except delete the atease preferences or disable the atease control panel. 3. Fixing up the computer so it is untracable. This is important- you gotta make sure you dont login and get caught. First thing you need to do is CHANGE YOUR COMPUTER NAME! Go to the FileSharing control panel, change your name, and comptuer name to something different. Something not obviouse like"cck2user" or something. Then delete all other security software (Apple Admin toolkit), i mean you dont want the admin seeing your screen as your are doing this! You might wanna install cloakshare to hide you on the network (get it at freaky.staticusers.net). 4. Get the User and Groups Data File. You could have, in the begging just gotten the prefs out of the netsacep file:// command, but its not smart- beleive me you will be caught right away! Now that you have full access, just copy the user and groups data file, bring it home and crack it. If you dont know how, go to securemac.com and look at the Mac OS algorithm. If you still don't get it, I am sure some encryption friends will do it for you. I got a friend to do it for me myself :-) 5. After getting password for admin, look for the main network server. Now, open chooser and look for AppelShare IP server, or Main File Server or something like that in the chooser, or whatever your school calls your main server. Try the login on it, and it SHOULD work perfectly well. Now, there, you got full access. Now, the FTP password for the website might be different, so after loggin intot he main server from inside the network, get the user and groups data file from the main server (just copy it over the network from the system folder). Now, crack that and you should find the admin pass for the ftp there. Note: A lot of times, the admin login is not 'admin' or 'administrator' it is the admins name, or mothers name, or 'tech' or something. So, dont always look for an admin. Go to punkz.com and check it out. Join the punkz mailing list! Released on http://www.securemac.com/ - Thanks to all the mac security expert