?? novell netware - cracking netware.htm
字號:
send them the disk with those four files anonymously. Because it will
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">take
weeks to restore everything. I do really mean this!<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]> <![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]> <![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Second
Way<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]> <![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">The
primairy goal here is to gain access to all files and folders at a Netware
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">server.
This is NOT the same as console access! Note: This way takes very lot of
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">time
and patience. <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]> <![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">When
you have a normal user account on any particularly Netware server, you only
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">have
read&write&remove rights at your homedirectory. But what you proberly
don't <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">know is
that you also have some read rights at: //public, //login and //mail.
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">But you
cannot 'see' these directory's because they aren't mapped to a logically
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">drive.
I explain... Whenever you have typed in your username and password, the
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Netware
server will granted you the rights to all directory's and files the
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">system
administrators have allowed you. If your homedirectory is at
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">//home/yourhomedir you have to
browse to //home/yourhomedir to view files over <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">there..
But if your homedirectory is located somewhere 'deeper' in the
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">directorystructure , like
//home//school/it/it2/class2c/yourhomedir then it <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">takes
some time to get to your own directory. So here's where drivemapping comes
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">along.
When you have created a drivemapping to <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">//home/school/it/it2/class2c/yourhomedir,
just click onto the specific station <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">(by
default "z:\") and now you are directly transmitted to yourhomedir. The
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">local
system administrators have created a login script that will do this task
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">for you
every time when you're logging into the network. Now you know what drive
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">mapping
means... So as I told before, by default all users (including normal
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">users)
have only read access to //public, //login and //mail.To access these
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">directory's you'll have to create a
drivemapping to them. The most important one <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">is
//public. In this directory you'll find all sorts of binary files and some
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">clients
like "rconsole.exe".<SPAN style="mso-spacerun: yes"> </SPAN>So, map this
directory to a logically drive for <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">example
"y:\".<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">It will
really come in handy if we have some 'other' accounts for the following
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">part.
Otherwise you'll have to explain to the system administrators what you
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">were
doing last week in the late afterhours at school or work. In other words we
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">need a
few other accounts at the netware server. It's really not advisible to
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">use an
account from a student or college at work, if you know his/her password
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">ofcourse! The best accounts for the
crack job is one of the printer or backup, <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">and
most times it has a NULL password! Sounds good, doesn't it? Well I can make
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">it even
better, remember I told you that ALL users have (by default) read rights
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">to
//public, //login and //mail? So does these accounts have them too... The
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">only
problem is to guess the correct usernames. Many Novell Netware tutorials
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">will
give you some default printer accounts, but many times these accounts
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">doesn't
exists anymore. So I'm going to explain how to get existing usernames at
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">your
local Netware server. Here weg go:<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">First
you'll need to run a binary file at //public/win95/nwclnt95.exe, when all
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">the
loading work is done you'll see a window like 'explorer' from Windows.
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">You're
now viewing at the NDS (Netware Directory Structure). Inhere all
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">information (containers, scripts,
printers & accounts) about the netware server <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">is
being strored. Search inhere for a name with the word(s) print, printer, ps
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">or
pservice. It's possible you find multiple printer accounts like printerti,
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">printersys or psserv. If you didn't
find anything you have to try to get some <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">accounts a different way, grab a
program called "chknull.exe" made by NOMAD (The <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">Noturious Netherlands Hacker). This
program will check all existing netware <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">account
for NULL passwords. If this program didn't find anything, you really
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">have a
bad day and it's advisible to stop reading this tutorial right here :'(.<SPAN
style="mso-spacerun: yes"> </SPAN><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">If you
did found something, always doublecheck before you are doing anything
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">(wrong)
with it. You really have to be sure if it's really a printer or
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">backup... <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]> <![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Now you
have some Netware accounts with NULL passwords we can continue.
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Note:
Never change passwords from hijacked accounts, the properbility the system
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">administrator will discover it, is
way to riscy. And if you change the password <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">from a
printer, nobody can print anything anymore! You can guess that it only
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">take a
few hours before the system administrator's will discover the leak. Now
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">log
into the Netware network with the 'stolen' accountinformation, and if you
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">are
lucky the system administrator's have granted some dir&filerights. By the
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">way if
the system administrators are using Netware Bordermanager as Firewall and
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">/ or
HTTP Gateway you can't surf the web without suffients rights. But most
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">proberly you can surf the web when
you are logged in as printer (i could)! This <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">could
come in handy when you need to reach the database from packetstorm for
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">some
kind of exploit. Nevertheless use HTTP only when it's really necessary!
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Because
the firewall will log all requests to the outside world. And we don't
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">want to
make the job to easy for the system administrator's! <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]> <![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Again I
hadn't enough time to complete this tutorial so I will continue this
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">subject
in Version 1.04. My problem is always the goddamn time.<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]> <![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]> <![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN
style="mso-fareast-font-family: 'MS Mincho'">Copyright (C) 2001, Data Wizard,
The Netherlands.<o:p></o:p></SPAN></P></DIV></BODY></HTML>
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -