novell netware - cracking netware.htm

黑客培训教程

dealing with some bigger kind of network you have to get yourself a copy 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">of a 
program called "getconn.exe" that reveals the node address of the Netware 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">server. 
Again you do need some luck, if you're not on the same node address as 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">they 
are, skip to way two.<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Dont's 
make the following mistake: When an user or the system administrator is 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">logging 
into netware, it's completely senceless to 'sniff' this password. 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Because 
this password is encrypted with RSA encryption. The next time the person 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">will 
(re-)login the encryption will be changed. <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">We now 
arrive at properly the most difficult part of all.<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">What we 
now need is a packetsniffer that supports IPX sniffing, I recommend 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">"SpyNet" for the job. Install and 
execute SpyNet. Configure SpyNet so it will <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">write 
all captured packets to one file. Let the program run a couple of hours, 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">because 
the system administrators have to access the console remote. You can use 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">your 
social engineering skills to speed up this process. One way to do this is 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">to call 
them and say you think someone is trying to crack their network. Don't 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">sound 
to professional because they could suspect you're the one doing something 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">illegal! Remember when you're 
sniffing, and write the packets to disk:<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">First: 
This will take really some network occupence, so if you'll run the 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">program 
to long (a day or more) the system administrator will detect an 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">intruder... Oohw by the way, if the 
network is protected by some intrusion <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">Detection Programs your sniff 
attemps will automaticly reported to the system <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">administrator's. There are (as 
usually) some anti-anti-sniffers. But this is a <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">whole 
other story, so I decided NOT to mention it any further.<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Second: 
It's almost impossible to write all sniffed packets(frames) to disk, 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">especially not when the network is 
overloaded... also remember your ethernet <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">card is 
10/100 mbit/s, and almost all times the network traffic does exceed 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">above 
this value.<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Almost 
all sniffers does have an option to only write packets from a specified 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">address 
to disk. This has ofcourse some advantages... (more stealthy and less 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">disk 
space is needed).<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Once 
you've the packets which contain the password, you have to find a way 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">yourself to extract the password 
from Spynet's logfile. Note, the password is <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">separated into many packets. 
Example: If the password would be "Netware" you'll <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">could 
find the password in this order:<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet 
34643: j<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet 
34644: 6<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet 
34645: n<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet 
34646:g<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet 
34647: 8<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet 
34648: e<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet 
34649: f<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet 
34650: t<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet 
34651:2<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet 
34652:w<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet 
34653:a<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet 
34654: l<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet 
34655:r<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet 
34656: d<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet 
34657: 4<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet 
34658:e<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">packet 
34659: v<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">As you 
see, this could take some time before you find it, note netware is not 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">case 
sencetive! When you get the password, access the console remote as soon as 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">possible and create a supervisor 
account. If you don't know how to create one, <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">just 
download burglar.nlm from (blacksun.box.sk) and before trying anything with 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">the 
program, first take a good look at the readme.<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">When 
you're finished with anything you want to do at the Netware server, 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">remember to erase the logfile! 
You'll find the file in the /etc/console.log, you <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">can 
delete this file at the console. Just unload "conlog.nlm" and then load it 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">again! 
Now the old logfile is being overwritten by the new one, if you terminate 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">the 
connection between you and the server your ethernet address will be written 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">to the 
new logfile! So before quitting I suggest<SPAN style="mso-spacerun: yes">&nbsp; 
</SPAN>to unload once more the <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">"conlog.nlm". Now you can quit the 
remote session with ALT-F1.<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">NDS 
Addon:<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">If you 
really want to do some damage you have to delete the files where the NDS 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">(Netware Directory Structure) is 
being stored. These four files are located in <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">an 
hidden directory named "/_netware". You can only access this directory from 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">the 
console with the program "monitor.nlm". Remember: If the system 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">administrator's doesn't have 
backup's of these files, they have a really big <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">problem.<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Some 
problems i'm aware of:<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Nobody 
can log into Netware anymore, even the admin can't!<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">All 
information about the users, containers, scripts, printers, bordermanager<SPAN 
style="mso-spacerun: yes">&nbsp;&nbsp; </SPAN><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">are 
permently lost!<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">If 
there are multiple Netware servers (almost always) connected to eachother, 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">who are 
sharing one NDS... well they have to install the Netware Server software 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">again 
on all servers.<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">And the 
system administrator's have an hell of a job to backup<SPAN 
style="mso-spacerun: yes">&nbsp; </SPAN>all data from <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">console.<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">I 
really recommend and I seriously do, to backup these four files to a 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">floppydisk, in case you'll get 
caught. And if you have a little respect for them <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">please