novell netware - cracking netware.htm

黑客培训教程

<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">By 
default you have the following rights on a Netware server:<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">User:<SPAN 
style="mso-tab-count: 1"> </SPAN>Normal user who can access some files in 
//public, //login and //mail. <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Mostly 
they have some print rights too, also have a home 
directory.<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">SuperUser:<SPAN 
style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>At school's this 
right has been given to teachers. They can view <SPAN 
style="mso-tab-count: 1"></SPAN><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><SPAN 
style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>students accounts 
and delete files if necessary. They cannot create, <SPAN 
style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp; </SPAN><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><SPAN 
style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>delete or change 
accounts from the NDS. <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">SuperVisor:<SPAN 
style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>Only the system 
administrators are permitted to control everything <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">on the 
file system and the NDS. When they want to down the server they have to 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">walk to 
the console, or do it remote by starting a program called rconsole which 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">stands 
for "Remote Console". The word explains itself. For security reasons they 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">first 
have to load "remote.nlm" and "rspx.nlm" at the console. So by default 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">these 
NLM's aren't loaded.<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">Console:<SPAN 
style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>This is the 
highest right on a Netware server, once you have gained <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">this 
rights illegal nothing can stop you at the moment but a power failure. Also 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">be 
aware of the log files! Many crackers who have gained console right have been 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">snapped 
by them, and if you are dealing with very smart system administrators, 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">they 
have some program that automatically sends the logs to an off-line 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">location. And once they have 
arrived overthere you have a serious problem...<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">When 
you want to gain some high level access on a Netware server, 
remember<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">that 
this can be done in many ways I explain two differents 
ways.<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">A note 
before trying one of the two ways. Way one will require a lot of luck, 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">some 
skills of cracking and also some tools. Way two will require a lot of time 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">(two 
weeks maybe a month). You have to see for yourself what's the best way. O 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">by the 
way, if you want to get some high level access while trying way one... 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">remember it's critically you don't 
make any mistakes, because the properbility <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">you'll 
be caught is high (log files and some other things)!<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Please 
first read the tutorial, before trying one way or another. I really 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">recommend 
it!!!<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">First 
way<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">If you 
are very, and I mean very lucky the system administrators could have 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">loaded 
"remote.nlm &amp; rspx.nlm" on the Netware console. Try to find a program 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">called 
"rconsole.exe", normally you can find this program in the following 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">directory on the Netware server 
"//public". If you haven't file scan or read <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">rights 
on this directory, you have to get this program at another way. The 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">program 
needs alot of other files before you can execute it, so download these 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">too! To 
make it a little harder for our 'beloved' system administrators to trace 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">you 
(and give you more time), don't verify yourself to the server while trying 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">to 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">access 
the console by remote! Before they know who's trying to establish a 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">connection to the Netware server, 
they have to walk to the server and load <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">monitor.nlm. Now they can see the 
attackers ethernet address, from at this <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">moment 
they can close your connection to the server any time they feel fit. But 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">mostly 
they want to collect some evidence against you, so they just let you 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">'crack 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">the 
server'. In meantime you have already spend some minutes guessing the 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">correct 
console password, and every attempt has been written automatically to a 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">logfile. Or even worse, every 
attempt has also been written to their monitor <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">including (again) your ethernet 
address, and if you guessed the password right <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">or not. 
This sucks, doesn't it? Well we can combine these two problems into one 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">solution. But again you'll need 
some luck! Here we go:<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">The 
most difficult problem will be getting the password, because you don't have 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">enough 
time to guess the password, even with some kind of bruteforce-crack 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">program 
you haven't, we need to approach this problem from another way. Now 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">you'll 
need some luck because for this trick the following nlm's have to be 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">loaded: 
"remote &amp; rspx"<SPAN style="mso-spacerun: yes">&nbsp; </SPAN>at the console! 
The system administrators will only <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">load 
these if they want to check the console (remote) regularly, as I explained 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">before.<SPAN 
style="mso-spacerun: yes">&nbsp; </SPAN>Just try to access the console with 
"rconsole.exe" to verify if those <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">nlm's 
are loaded, note only try this once! If you get a blue empty window, well 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">skip to 
part two! Well when you are sure those two nlm's are loaded, continue 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">reading, if not skip to the second 
way to crack Novell Netware.<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">When 
the system administrators are accessing the console they also have to enter 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">a 
password. This password is being send in plain text over the network ( plain 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">text 
means: unencrypted). If you're dealing with Netware version 4.11 or 
higher,<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">skip to 
way two because the transmitted console password is 
encrypted!<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">When 
you have the same node address as the system administrators have, it's 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">possible to intercept (sniffing) 
the packets from the system administrators to <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">the 
console. You are questioning yourself "How do I know?", the answer: If 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">you're 
on a small network with approximately 10-50 users you are on the same 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">node 
address. Unless you're dealing with some paranoid system administrator. If 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">you're