?? novell netware - cracking netware.htm
字號:
dealing with some bigger kind of network you have to get yourself a copy
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">of a
program called "getconn.exe" that reveals the node address of the Netware
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">server.
Again you do need some luck, if you're not on the same node address as
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">they
are, skip to way two.<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Dont's
make the following mistake: When an user or the system administrator is
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">logging
into netware, it's completely senceless to 'sniff' this password.
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Because
this password is encrypted with RSA encryption. The next time the person
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">will
(re-)login the encryption will be changed. <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]> <![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">We now
arrive at properly the most difficult part of all.<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">What we
now need is a packetsniffer that supports IPX sniffing, I recommend
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">"SpyNet" for the job. Install and
execute SpyNet. Configure SpyNet so it will <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">write
all captured packets to one file. Let the program run a couple of hours,
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">because
the system administrators have to access the console remote. You can use
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">your
social engineering skills to speed up this process. One way to do this is
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">to call
them and say you think someone is trying to crack their network. Don't
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">sound
to professional because they could suspect you're the one doing something
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">illegal! Remember when you're
sniffing, and write the packets to disk:<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">First:
This will take really some network occupence, so if you'll run the
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">program
to long (a day or more) the system administrator will detect an
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">intruder... Oohw by the way, if the
network is protected by some intrusion <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">Detection Programs your sniff
attemps will automaticly reported to the system <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">administrator's. There are (as
usually) some anti-anti-sniffers. But this is a <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">whole
other story, so I decided NOT to mention it any further.<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Second:
It's almost impossible to write all sniffed packets(frames) to disk,
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">especially not when the network is
overloaded... also remember your ethernet <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">card is
10/100 mbit/s, and almost all times the network traffic does exceed
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">above
this value.<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Almost
all sniffers does have an option to only write packets from a specified
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">address
to disk. This has ofcourse some advantages... (more stealthy and less
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">disk
space is needed).<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Once
you've the packets which contain the password, you have to find a way
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">yourself to extract the password
from Spynet's logfile. Note, the password is <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">separated into many packets.
Example: If the password would be "Netware" you'll <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">could
find the password in this order:<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet
34643: j<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet
34644: 6<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet
34645: n<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet
34646:g<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet
34647: 8<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet
34648: e<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet
34649: f<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet
34650: t<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet
34651:2<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet
34652:w<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet
34653:a<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet
34654: l<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet
34655:r<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet
34656: d<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet
34657: 4<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet
34658:e<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet
34659: v<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">As you
see, this could take some time before you find it, note netware is not
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">case
sencetive! When you get the password, access the console remote as soon as
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">possible and create a supervisor
account. If you don't know how to create one, <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">just
download burglar.nlm from (blacksun.box.sk) and before trying anything with
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">the
program, first take a good look at the readme.<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">When
you're finished with anything you want to do at the Netware server,
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">remember to erase the logfile!
You'll find the file in the /etc/console.log, you <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">can
delete this file at the console. Just unload "conlog.nlm" and then load it
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">again!
Now the old logfile is being overwritten by the new one, if you terminate
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">the
connection between you and the server your ethernet address will be written
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">to the
new logfile! So before quitting I suggest<SPAN style="mso-spacerun: yes">
</SPAN>to unload once more the <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">"conlog.nlm". Now you can quit the
remote session with ALT-F1.<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]> <![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">NDS
Addon:<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]> <![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">If you
really want to do some damage you have to delete the files where the NDS
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">(Netware Directory Structure) is
being stored. These four files are located in <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">an
hidden directory named "/_netware". You can only access this directory from
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">the
console with the program "monitor.nlm". Remember: If the system
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">administrator's doesn't have
backup's of these files, they have a really big <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">problem.<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Some
problems i'm aware of:<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Nobody
can log into Netware anymore, even the admin can't!<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">All
information about the users, containers, scripts, printers, bordermanager<SPAN
style="mso-spacerun: yes"> </SPAN><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">are
permently lost!<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">If
there are multiple Netware servers (almost always) connected to eachother,
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">who are
sharing one NDS... well they have to install the Netware Server software
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">again
on all servers.<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">And the
system administrator's have an hell of a job to backup<SPAN
style="mso-spacerun: yes"> </SPAN>all data from <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">console.<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]> <![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">I
really recommend and I seriously do, to backup these four files to a
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">floppydisk, in case you'll get
caught. And if you have a little respect for them <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">please
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -