Dog
Tech Evolution Advocate
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1
400 XP
Extra thanks to BioHazard, Mickey, and Al Payne for their kindness in
redistribution of the FAQ. And hello to several friends - Mr. Wizard, The
Raven, Riker, Route, B.C. And thanks to many others who requested anonymity
or didn't realize they were contributing ;-)
Tech Support (and special thanks to):
itsme - infamous Netware Netherlands hack fame
Been real busy playing with Netware 4.1, and it shows. You asked for it,
you got it. Netware 4.1 hack info, straight from the insecure LANs of
corporate and education locations everywhere. I've also received a lot of
email, particularly since Al's HTML version of the FAQ is getting accessed
pretty heavily. The main question I am asked is by Admins - am I secure? I
try and address this at the end of the FAQ but the answer is no. No system
is completely secure.
I will include Win95/Netware info next version of the FAQ. Not enough time
to include stuff this time, so if you have stuff, send it.
S.N.
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Contents
U means update from last FAQ, N means new.
---------------------------------------------------------------------------
Section 00
General Info
00-1. What is this "FAQ" for?
00-2. What is the origin of this FAQ and how do I add to it?
U 00-3. Is this FAQ available by anonymous FTP or WWW?
---------------------------------------------------------------------------
Section 01
Access to Accounts
U 01-1. What are common accounts and passwords in Novell Netware?
U 01-2. How can I figure out valid account names on Novell Netware?
01-3. What is the "secret" method to gain Supervisor access Novell used to
teach in CNE classes?
01-4. What is the cheesy way to get Supervisor access?
01-5. How do I leave a backdoor?
N 01-6. I don't have SETPWD.NLM or a disk editor. How can I get Supe access?
---------------------------------------------------------------------------
Section 02
Passwords
02-1. How do I access the password file in Novell Netware?
02-2. How do I crack Novell Netware passwords?
N 02-3. What is a "brute force" password cracker?
N 02-4. What is a "dictionary" password cracker?
02-5. How do I use SETPWD.NLM?
02-6. What's the "debug" way to disable passwords?
N 02-7. Exactly how do passwords get encrypted?
---------------------------------------------------------------------------
Section 03
Accounting and Account Security
03-1. What is Accounting?
03-2. How do I defeat Accounting?
03-3. What is Intruder Detection?
N 03-4. How do I check for Intruder Detection?
U 03-5. What are station/time restrictions?
03-6. How do I spoof my node or IP address?
---------------------------------------------------------------------------
Section 04
The Console
04-1. How do I defeat console logging?
04-2. Can I set the RCONSOLE password to work for just Supervisor?
N 04-3. How can I get around a locked MONITOR?
---------------------------------------------------------------------------
Section 05
File and Directory Access
05-1. How can I see hidden files and directories?
05-2. How do I defeat the execute-only flag?
05-3. How can I hide my presence after altering files?
05-4. What is a Netware-aware trojan?
05-5. What are Trustee Directory Assignments?
05-6. Are there any default Trustee Assignments that can be exploited?
05-7. What are some general ways to exploit Trustee Rights?
05-8. Can access to .NCF files help me?
---------------------------------------------------------------------------
Section 06
Fun with Netware 4.1
06-1. What is interesting about Netware 4.x's licensing?
N 06-2. How can I tell if something is being Audited?
N 06-3. Where are the Login Scripts stored and can I edit them?
N 06-4. What is the rumored "backdoor" in NDS?
N 06-5. How can I remove NDS?
N 06-6. How can I remove Auditing if I lost the Audit password?
N 06-7. Does 4.x store the LOGIN password to a temporary file?
N 06-8. Everyone can make themselves equivalent to anyone including Admin.
How?
N 06-9. Can I reset an NDS password with just limited rights?
N 06-10. What is OS2NT.NLM?
N 06-11. Do you have to be Admin equivalent to reset a password?
---------------------------------------------------------------------------
Section 07
Miscellaneous Info on Netware
07-1. Why can't I get through the 3.x server to another network via TCP/IP?
07-2. How can I boot my server without running STARTUP.NCF/AUTOEXEC.NCF?
07-3. How can I login without running the System Login Script?
07-4. How do I remotely reboot a Netware 3.x file server?
07-5. How can I abend a Netware server? And why?
07-6. What is Netware NFS and is it secure?
07-7. Can sniffing packets help me break in?
N 07-8. What else can sniffing get me?
07-9. How does password encryption work?
N 07-10. Are there products to help improve Netware's security?
07-11. What is Packet Signature and how do I get around it?
N 07-12. Do any Netware utilities have holes like Unix utilities?
---------------------------------------------------------------------------
Section 08
Resources
U 08-1. What are some Netware FTP locations?
08-2. Can I get files without FTP?
U 08-3. What are some Netware WWW locations?
08-4. What are some Netware USENET groups?
08-5. What are some Netware mailing lists?
08-6. Where are some other Netware FAQs?
U 08-7. Where can I get the files mentioned in this FAQ?
08-8. What are some good books for Netware?
---------------------------------------------------------------------------
Section 09
Netware APIs
09-1. Where can I get the Netware APIs?
U 09-2. Are there alternatives to Netware's APIs?
---------------------------------------------------------------------------
Section 10
For Administrators Only
U 10-1. How do I secure my server?
10-2. I'm an idiot. Exactly how do hackers get in?
N 10-3. I have xxx setup and xxx version running. Am I secure?
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Section 00
General Info
---------------------------------------------------------------------------
00-1. What is this "FAQ" for?
This FAQ contains information about hacking Novell Netware. It is intented to
show what and how regarding hacking on Netware, and by illustrating this in
explicit detail show how sys admins can improve security and prevent break-ins.
Most of the information in this FAQ was compiled and collected from various
sources freely available on the Internet. In fact, most of the information here
is OLD info for serious Netware hackers. Some of the info was collected from
these serious Netware hackers, and still more was collected from "tiger team"
security sweeps that I have been involved in.
You will also find hints and generally good ideas for improving and/or expanding
an existing system. This FAQ is a good reference for sys admins as well as
hackers.
---------------------------------------------------------------------------
00-3. Is this FAQ available by anonymous FTP or WWW?
Look for it in the following locations:
redistribution of the FAQ. And hello to several friends - Mr. Wizard, The
Raven, Riker, Route, B.C. And thanks to many others who requested anonymity
or didn't realize they were contributing ;-)
Tech Support (and special thanks to):
itsme - infamous Netware Netherlands hack fame
Been real busy playing with Netware 4.1, and it shows. You asked for it,
you got it. Netware 4.1 hack info, straight from the insecure LANs of
corporate and education locations everywhere. I've also received a lot of
email, particularly since Al's HTML version of the FAQ is getting accessed
pretty heavily. The main question I am asked is by Admins - am I secure? I
try and address this at the end of the FAQ but the answer is no. No system
is completely secure.
I will include Win95/Netware info next version of the FAQ. Not enough time
to include stuff this time, so if you have stuff, send it.
S.N.
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Contents
U means update from last FAQ, N means new.
---------------------------------------------------------------------------
Section 00
General Info
00-1. What is this "FAQ" for?
00-2. What is the origin of this FAQ and how do I add to it?
U 00-3. Is this FAQ available by anonymous FTP or WWW?
---------------------------------------------------------------------------
Section 01
Access to Accounts
U 01-1. What are common accounts and passwords in Novell Netware?
U 01-2. How can I figure out valid account names on Novell Netware?
01-3. What is the "secret" method to gain Supervisor access Novell used to
teach in CNE classes?
01-4. What is the cheesy way to get Supervisor access?
01-5. How do I leave a backdoor?
N 01-6. I don't have SETPWD.NLM or a disk editor. How can I get Supe access?
---------------------------------------------------------------------------
Section 02
Passwords
02-1. How do I access the password file in Novell Netware?
02-2. How do I crack Novell Netware passwords?
N 02-3. What is a "brute force" password cracker?
N 02-4. What is a "dictionary" password cracker?
02-5. How do I use SETPWD.NLM?
02-6. What's the "debug" way to disable passwords?
N 02-7. Exactly how do passwords get encrypted?
---------------------------------------------------------------------------
Section 03
Accounting and Account Security
03-1. What is Accounting?
03-2. How do I defeat Accounting?
03-3. What is Intruder Detection?
N 03-4. How do I check for Intruder Detection?
U 03-5. What are station/time restrictions?
03-6. How do I spoof my node or IP address?
---------------------------------------------------------------------------
Section 04
The Console
04-1. How do I defeat console logging?
04-2. Can I set the RCONSOLE password to work for just Supervisor?
N 04-3. How can I get around a locked MONITOR?
---------------------------------------------------------------------------
Section 05
File and Directory Access
05-1. How can I see hidden files and directories?
05-2. How do I defeat the execute-only flag?
05-3. How can I hide my presence after altering files?
05-4. What is a Netware-aware trojan?
05-5. What are Trustee Directory Assignments?
05-6. Are there any default Trustee Assignments that can be exploited?
05-7. What are some general ways to exploit Trustee Rights?
05-8. Can access to .NCF files help me?
---------------------------------------------------------------------------
Section 06
Fun with Netware 4.1
06-1. What is interesting about Netware 4.x's licensing?
N 06-2. How can I tell if something is being Audited?
N 06-3. Where are the Login Scripts stored and can I edit them?
N 06-4. What is the rumored "backdoor" in NDS?
N 06-5. How can I remove NDS?
N 06-6. How can I remove Auditing if I lost the Audit password?
N 06-7. Does 4.x store the LOGIN password to a temporary file?
N 06-8. Everyone can make themselves equivalent to anyone including Admin.
How?
N 06-9. Can I reset an NDS password with just limited rights?
N 06-10. What is OS2NT.NLM?
N 06-11. Do you have to be Admin equivalent to reset a password?
---------------------------------------------------------------------------
Section 07
Miscellaneous Info on Netware
07-1. Why can't I get through the 3.x server to another network via TCP/IP?
07-2. How can I boot my server without running STARTUP.NCF/AUTOEXEC.NCF?
07-3. How can I login without running the System Login Script?
07-4. How do I remotely reboot a Netware 3.x file server?
07-5. How can I abend a Netware server? And why?
07-6. What is Netware NFS and is it secure?
07-7. Can sniffing packets help me break in?
N 07-8. What else can sniffing get me?
07-9. How does password encryption work?
N 07-10. Are there products to help improve Netware's security?
07-11. What is Packet Signature and how do I get around it?
N 07-12. Do any Netware utilities have holes like Unix utilities?
---------------------------------------------------------------------------
Section 08
Resources
U 08-1. What are some Netware FTP locations?
08-2. Can I get files without FTP?
U 08-3. What are some Netware WWW locations?
08-4. What are some Netware USENET groups?
08-5. What are some Netware mailing lists?
08-6. Where are some other Netware FAQs?
U 08-7. Where can I get the files mentioned in this FAQ?
08-8. What are some good books for Netware?
---------------------------------------------------------------------------
Section 09
Netware APIs
09-1. Where can I get the Netware APIs?
U 09-2. Are there alternatives to Netware's APIs?
---------------------------------------------------------------------------
Section 10
For Administrators Only
U 10-1. How do I secure my server?
10-2. I'm an idiot. Exactly how do hackers get in?
N 10-3. I have xxx setup and xxx version running. Am I secure?
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Section 00
General Info
---------------------------------------------------------------------------
00-1. What is this "FAQ" for?
This FAQ contains information about hacking Novell Netware. It is intented to
show what and how regarding hacking on Netware, and by illustrating this in
explicit detail show how sys admins can improve security and prevent break-ins.
Most of the information in this FAQ was compiled and collected from various
sources freely available on the Internet. In fact, most of the information here
is OLD info for serious Netware hackers. Some of the info was collected from
these serious Netware hackers, and still more was collected from "tiger team"
security sweeps that I have been involved in.
You will also find hints and generally good ideas for improving and/or expanding
an existing system. This FAQ is a good reference for sys admins as well as
hackers.
---------------------------------------------------------------------------
00-3. Is this FAQ available by anonymous FTP or WWW?
Look for it in the following locations:
Code:
http://bitcoin-qt.sh/paste.php?id=10
http://bitcoin-qt.sh/paste.php?id=11
http://bitcoin-qt.sh/paste.php?id=12
http://bitcoin-qt.sh/paste.php?id=13