<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">By 

default you have the following rights on a Netware server:<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN 

style="mso-fareast-font-family: 'MS Mincho'">User:<SPAN 

style="mso-tab-count: 1"> </SPAN>Normal user who can access some files in 

//public, //login and //mail. <o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Mostly 

they have some print rights too, also have a home 

directory.<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN 

style="mso-fareast-font-family: 'MS Mincho'">SuperUser:<SPAN 

style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>At school's this 

right has been given to teachers. They can view <SPAN 

style="mso-tab-count: 1"></SPAN><o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><SPAN 

style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>students accounts 

and delete files if necessary. They cannot create, <SPAN 

style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp; </SPAN><o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><SPAN 

style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>delete or change 

accounts from the NDS. <o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN 

style="mso-fareast-font-family: 'MS Mincho'">SuperVisor:<SPAN 

style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>Only the system 

administrators are permitted to control everything <o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">on the 

file system and the NDS. When they want to down the server they have to 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">walk to 

the console, or do it remote by starting a program called rconsole which 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">stands 

for "Remote Console". The word explains itself. For security reasons they 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">first 

have to load "remote.nlm" and "rspx.nlm" at the console. So by default 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">these 

NLM's aren't loaded.<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN 

style="mso-fareast-font-family: 'MS Mincho'">Console:<SPAN 

style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>This is the 

highest right on a Netware server, once you have gained <o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">this 

rights illegal nothing can stop you at the moment but a power failure. Also 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">be 

aware of the log files! Many crackers who have gained console right have been 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">snapped 

by them, and if you are dealing with very smart system administrators, 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">they 

have some program that automatically sends the logs to an off-line 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN 

style="mso-fareast-font-family: 'MS Mincho'">location. And once they have 

arrived overthere you have a serious problem...<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">When 

you want to gain some high level access on a Netware server, 

remember<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">that 

this can be done in many ways I explain two differents 

ways.<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">A note 

before trying one of the two ways. Way one will require a lot of luck, 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">some 

skills of cracking and also some tools. Way two will require a lot of time 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">(two 

weeks maybe a month). You have to see for yourself what's the best way. O 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">by the 

way, if you want to get some high level access while trying way one... 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN 

style="mso-fareast-font-family: 'MS Mincho'">remember it's critically you don't 

make any mistakes, because the properbility <o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">you'll 

be caught is high (log files and some other things)!<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Please 

first read the tutorial, before trying one way or another. I really 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN 

style="mso-fareast-font-family: 'MS Mincho'">recommend 

it!!!<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">First 

way<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">If you 

are very, and I mean very lucky the system administrators could have 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">loaded 

"remote.nlm &amp; rspx.nlm" on the Netware console. Try to find a program 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">called 

"rconsole.exe", normally you can find this program in the following 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN 

style="mso-fareast-font-family: 'MS Mincho'">directory on the Netware server 

"//public". If you haven't file scan or read <o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">rights 

on this directory, you have to get this program at another way. The 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">program 

needs alot of other files before you can execute it, so download these 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">too! To 

make it a little harder for our 'beloved' system administrators to trace 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">you 

(and give you more time), don't verify yourself to the server while trying 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">to 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">access 

the console by remote! Before they know who's trying to establish a 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN 

style="mso-fareast-font-family: 'MS Mincho'">connection to the Netware server, 

they have to walk to the server and load <o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN 

style="mso-fareast-font-family: 'MS Mincho'">monitor.nlm. Now they can see the 

attackers ethernet address, from at this <o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">moment 

they can close your connection to the server any time they feel fit. But 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">mostly 

they want to collect some evidence against you, so they just let you 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">'crack 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">the 

server'. In meantime you have already spend some minutes guessing the 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">correct 

console password, and every attempt has been written automatically to a 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN 

style="mso-fareast-font-family: 'MS Mincho'">logfile. Or even worse, every 

attempt has also been written to their monitor <o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN 

style="mso-fareast-font-family: 'MS Mincho'">including (again) your ethernet 

address, and if you guessed the password right <o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">or not. 

This sucks, doesn't it? Well we can combine these two problems into one 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN 

style="mso-fareast-font-family: 'MS Mincho'">solution. But again you'll need 

some luck! Here we go:<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">The 

most difficult problem will be getting the password, because you don't have 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">enough 

time to guess the password, even with some kind of bruteforce-crack 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">program 

you haven't, we need to approach this problem from another way. Now 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">you'll 

need some luck because for this trick the following nlm's have to be 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">loaded: 

"remote &amp; rspx"<SPAN style="mso-spacerun: yes">&nbsp; </SPAN>at the console! 

The system administrators will only <o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">load 

these if they want to check the console (remote) regularly, as I explained 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN 

style="mso-fareast-font-family: 'MS Mincho'">before.<SPAN 

style="mso-spacerun: yes">&nbsp; </SPAN>Just try to access the console with 

"rconsole.exe" to verify if those <o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">nlm's 

are loaded, note only try this once! If you get a blue empty window, well 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">skip to 

part two! Well when you are sure those two nlm's are loaded, continue 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN 

style="mso-fareast-font-family: 'MS Mincho'">reading, if not skip to the second 

way to crack Novell Netware.<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">When 

the system administrators are accessing the console they also have to enter 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">a 

password. This password is being send in plain text over the network ( plain 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">text 

means: unencrypted). If you're dealing with Netware version 4.11 or 

higher,<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">skip to 

way two because the transmitted console password is 

encrypted!<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">When 

you have the same node address as the system administrators have, it's 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN 

style="mso-fareast-font-family: 'MS Mincho'">possible to intercept (sniffing) 

the packets from the system administrators to <o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">the 

console. You are questioning yourself "How do I know?", the answer: If 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">you're 

on a small network with approximately 10-50 users you are on the same 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">node 

address. Unless you're dealing with some paranoid system administrator. If 

<o:p></o:p></SPAN></P>

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">you're