novell hacking for complete newbies.html

a collection of mega hacking tools

  properties too which I'll cover later. If you have this 'N' you are definitely 
  on a Novell network. However some mean Admins turn off the nice little 'N'.<br>
  You can also right click on a network drive. A network drive is a directory 
  on a remote computer that has been made to look like a hard drive on your machine. 
  You'll find these in 'My Computer'. Right click on them. In this menu, there 
  will be several entries with the red 'N' next to them. Again this is a dead 
  give away that you are running on a Novell network.</p>
<p><b><font size="4"><a name="5"></a>Hmmmm..... I don't have an account. What 
  are the usual accounts and passwords and how do I find a valid account?</font></b></p>
<p> Well, there are quite a few standard user names and passwords that are used 
  on Novell networks. However not all of them are used and sometimes not one is 
  used. This list comes from the Netware Hack FAQ and I've found it to be quite 
  comprehensive :<br>
</p>
<table width="99%" border="0" cellspacing="2" cellpadding="2" align="center">
  <tr> 
    <td valign="top"><b>Account </b></td>
    <td><b> Purpose</b></td>
  </tr>
  <tr> 
    <td valign="top">PRINT </td>
    <td>Attaching to a second server for printing</td>
  </tr>
  <tr> 
    <td valign="top">LASER </td>
    <td>Attaching to a second server for printing</td>
  </tr>
  <tr> 
    <td valign="top">HPLASER</td>
    <td>Attaching to a second server for printing</td>
  </tr>
  <tr> 
    <td valign="top">PRINTER </td>
    <td>Attaching to a second server for printing</td>
  </tr>
  <tr> 
    <td valign="top">LASERWRITER </td>
    <td>Attaching to a second server for printing</td>
  </tr>
  <tr> 
    <td valign="top">POST </td>
    <td>Attaching to a second server for email</td>
  </tr>
  <tr> 
    <td valign="top">MAIL </td>
    <td>Attaching to a second server for email</td>
  </tr>
  <tr> 
    <td valign="top">GATEWAY </td>
    <td>Attaching a gateway machine to the server</td>
  </tr>
  <tr> 
    <td valign="top">GATE </td>
    <td> Attaching a gateway machine to the server</td>
  </tr>
  <tr> 
    <td valign="top">ROUTER </td>
    <td>Attaching an email router to the server</td>
  </tr>
  <tr> 
    <td valign="top">BACKUP </td>
    <td>May have password/station restrictions (see below), used for backing up 
      the server to a tape unit attached to a workstation. For complete backups, 
      Supervisor equivalence is required.</td>
  </tr>
  <tr> 
    <td valign="top">WANGTEK </td>
    <td>See BACKUP</td>
  </tr>
  <tr> 
    <td valign="top">FAX </td>
    <td>Attaching a dedicated fax modem unit to the network</td>
  </tr>
  <tr> 
    <td valign="top">FAXUSER</td>
    <td>Attaching a dedicated fax modem unit to the network</td>
  </tr>
  <tr> 
    <td valign="top">FAXWORKS </td>
    <td>Attaching a dedicated fax modem unit to the network</td>
  </tr>
  <tr> 
    <td valign="top">TEST </td>
    <td>A test user account for temp use</td>
  </tr>
  <tr> 
    <td valign="top">ARCHIVIST</td>
    <td>Palidrome default account for backup</td>
  </tr>
  <tr> 
    <td valign="top">CHEY_ARCHSVR</td>
    <td>An account for Arcserve to login to the server from from the console for 
      tape backup. Version 5.01g's password was WONDERLAND. Delete the Station 
      Restrictions and use SUPER.EXE to toggle this account and you have an excellent 
      backdoor.</td>
  </tr>
  <tr>
    <td valign="top">ROOT </td>
    <td>Found on Shiva LanRovers, gets you the command-line equiv of the AdminGUI. 
      By default, no password. A lot admins just use the AdminGUI and never set 
      up a password.</td>
  </tr>
</table>
<p>Some of these are used quite a lot of the time. ROOT is a good example because 
  it also ties in with superuser access on Unix and Linux servers. Having a user 
  called root is quite common now. Accounts by the name 'Admin' , 'Administrator' 
  and 'Manager' are in common use to.</p>
<p><b>How do I find out if an account is valid?</b></p>
<p> This is surprisingly easy. Type in the username you are trying to check. Type 
  in any password unless you know it ( if you know the password then the account 
  is obviously valid) and press enter. You will likely get an error message back. 
  If the message says something on the lines of &quot;Invalid password&quot; or 
  &quot;Unknown Error&quot; followed by a number , it is a fair bet that the account 
  exists. If you get the Unknown Error message, it is likely that the account 
  is there but has been locked out. This is also a cunning way of locking out 
  someone's account who you don't like.</p>
<p><b><font size="4"><a name="6"></a>How do I lock out my enemies accounts?</font></b></p>
<p> Well, this is particularly easy to do. Most Admins for security have a limit 
  on how many times someone can login incorrectly before the account gets locked 
  out. This is usually set to 5 times. Here's how you do it.<br>
</p>
<ol>
  <li>Type in your friend /enemies login name.</li>
  <li>Put it an obviously wrong password. Anything will do.</li>
  <li>Hit 'Enter'.</li>
  <li>The computer should bounce back with an error about an invalid password. 
    This is what we want so keep going.</li>
  <li>Repeat from stage three until the server comes back with an unknown network 
    error. </li>
</ol>
<p>Once you get the unknown network error, you have successfully locked out the 
  account. It won't work again until an admin manually unlocks it. This could 
  mean a disabled account for hours or even days. Snik snik!</p>
<p><b><font size="4"><a name="7"></a>Is there an easy way to get Admin access?</font></b></p>
<p>This only works on Netware 3.*. You use a program called NW-HACK.exe . A nice 
  little program that sits and waits till an Admin logs in and then creates a 
  nice account for you with super user access. You will be able to find this program 
  on the Internet but I'm not going to spend much time on it because it has a 
  full set of docs with the program itself.</p>
<p><b><font size="4"><a name="8"></a>What about the Net Plug attack?</font></b></p>
<p> This is an attack that I worked out myself before I was given Admin status. 
  It always works and I've yet to see it fail. Make sure you are at a windows 
  95 or 98 machine. I doubt NT would be fooled by this trick but I don't have 
  any NT machines so I can't test it for you.</p>
<p></p>
<p>Note : Most Admins, believe that they are the most knowledgeable about their 
  system. Many also believe that no one else knows much about computers. In other 
  words, for whatever reasons, they are not too concerned about us i.e. the idiots 
  attacking their servers. Why? Because we aren't good enough. So why waste valuable 
  time configuring security that won't be needed eh? I think I've made my point. 
  They don't see us as a threat. You don't consider a house spider a threat so 
  you don't go round putting up netting to keep them out. Why? You can't be bothered. 
  The same rule applies here. Even if you are a computer genius, play it dumb. 
  Admins like to lecture the uninitiated and would love to appear smarter than 
  you. This is the way you want it. The Admins will think you're a nice guy or 
  gal, totally harmless. This sometimes gives you more leverage because they like 
  you, they'll be willing to help you. They also won't expect you to launch a 
  huge assault on their servers either However sometimes there are some smart 
  people out there who will notice your talents and pull you over to their side. 
  This isn't a bad place to be and can be advantageous later.</p>
<p></p>
<p>First of all, login as yourself. Crash your computer and reset it . Walk over 
  to your favourite admin (the one that hates you most is the best choice ) and 
  apologise for being an idiot but the computer won't let you login and could 
  s/he please come and take a look for you. Mumbling and grumbling they'll come 
  over. The best way to test if it is the machine is for them to login. Of course, 
  they'll log in as an admin or equivalent. They'll check your account and see 
  that your account is fine. They'll tell you to log onto another machine and 
  your account will be okay. They'll now log off and walk off in disgust thinking 
  you are a computer moron. Not so my friend, we've just done them good and proper!<br>
  Turn off the computer and pull out the network lead. Turn it back on again. 
  The computer will detect that you aren't on a network and will dump you at a 
  desktop with restrictions of the last user. If this user is the admin then chances 
  are that he or she will have full access to everything including DOS and drive 
  access. Perfect for installing all those really kewl programs you have on a