novell netware - cracking netware.htm

黑客培训教程

send them the disk with those four files anonymously. Because it will 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">take 
weeks to restore everything. I do really mean this!<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Second 
Way<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">The 
primairy goal here is to gain access to all files and folders at a Netware 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">server. 
This is NOT the same as console access! Note: This way takes very lot of 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">time 
and patience. <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">When 
you have a normal user account on any particularly Netware server, you only 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">have 
read&amp;write&amp;remove rights at your homedirectory. But what you proberly 
don't <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">know is 
that you also have some read rights at: //public, //login and //mail. 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">But you 
cannot 'see' these directory's because they aren't mapped to a logically 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">drive. 
I explain... Whenever you have typed in your username and password, the 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Netware 
server will granted you the rights to all directory's and files the 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">system 
administrators have allowed you. If your homedirectory is at 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">//home/yourhomedir you have to 
browse to //home/yourhomedir to view files over <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">there.. 
But if your homedirectory is located somewhere 'deeper' in the 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">directorystructure , like 
//home//school/it/it2/class2c/yourhomedir then it <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">takes 
some time to get to your own directory. So here's where drivemapping comes 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">along. 
When you have created a drivemapping to <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">//home/school/it/it2/class2c/yourhomedir, 
just click onto the specific station <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">(by 
default "z:\") and now you are directly transmitted to yourhomedir. The 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">local 
system administrators have created a login script that will do this task 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">for you 
every time when you're logging into the network. Now you know what drive 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">mapping 
means... So as I told before, by default all users (including normal 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">users) 
have only read access to //public, //login and //mail.To access these 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">directory's you'll have to create a 
drivemapping to them. The most important one <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">is 
//public. In this directory you'll find all sorts of binary files and some 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">clients 
like "rconsole.exe".<SPAN style="mso-spacerun: yes">&nbsp; </SPAN>So, map this 
directory to a logically drive for <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">example 
"y:\".<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">It will 
really come in handy if we have some 'other' accounts for the following 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">part. 
Otherwise you'll have to explain to the system administrators what you 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">were 
doing last week in the late afterhours at school or work. In other words we 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">need a 
few other accounts at the netware server. It's really not advisible to 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">use an 
account from a student or college at work, if you know his/her password 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">ofcourse! The best accounts for the 
crack job is one of the printer or backup, <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">and 
most times it has a NULL password! Sounds good, doesn't it? Well I can make 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">it even 
better, remember I told you that ALL users have (by default) read rights 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">to 
//public, //login and //mail? So does these accounts have them too... The 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">only 
problem is to guess the correct usernames. Many Novell Netware tutorials 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">will 
give you some default printer accounts, but many times these accounts 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">doesn't 
exists anymore. So I'm going to explain how to get existing usernames at 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">your 
local Netware server. Here weg go:<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">First 
you'll need to run a binary file at //public/win95/nwclnt95.exe, when all 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">the 
loading work is done you'll see a window like 'explorer' from Windows. 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">You're 
now viewing at the NDS (Netware Directory Structure). Inhere all 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">information (containers, scripts, 
printers &amp; accounts) about the netware server <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">is 
being strored. Search inhere for a name with the word(s) print, printer, ps 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">or 
pservice. It's possible you find multiple printer accounts like printerti, 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">printersys or psserv. If you didn't 
find anything you have to try to get some <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">accounts a different way, grab a 
program called "chknull.exe" made by NOMAD (The <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">Noturious Netherlands Hacker). This 
program will check all existing netware <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">account 
for NULL passwords. If this program didn't find anything, you really 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">have a 
bad day and it's advisible to stop reading this tutorial right here :'(.<SPAN 
style="mso-spacerun: yes">&nbsp; </SPAN><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">If you 
did found something, always doublecheck before you are doing anything 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">(wrong) 
with it. You really have to be sure if it's really a printer or 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">backup... <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Now you 
have some Netware accounts with NULL passwords we can continue. 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Note: 
Never change passwords from hijacked accounts, the properbility the system 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">administrator will discover it, is 
way to riscy. And if you change the password <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">from a 
printer, nobody can print anything anymore! You can guess that it only 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">take a 
few hours before the system administrator's will discover the leak. Now 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">log 
into the Netware network with the 'stolen' accountinformation, and if you 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">are 
lucky the system administrator's have granted some dir&amp;filerights. By the 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">way if 
the system administrators are using Netware Bordermanager as Firewall and 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">/ or 
HTTP Gateway you can't surf the web without suffients rights. But most 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">proberly you can surf the web when 
you are logged in as printer (i could)! This <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">could 
come in handy when you need to reach the database from packetstorm for 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">some 
kind of exploit. Nevertheless use HTTP only when it's really necessary! 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Because 
the firewall will log all requests to the outside world. And we don't 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">want to 
make the job to easy for the system administrator's! <o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">Again I 
hadn't enough time to complete this tutorial so I will continue this 
<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'">subject 
in Version 1.04. My problem is always the goddamn time.<o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN style="mso-fareast-font-family: 'MS Mincho'"><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></SPAN></P>
<P class=MsoPlainText><SPAN 
style="mso-fareast-font-family: 'MS Mincho'">Copyright (C) 2001, Data Wizard, 
The Netherlands.<o:p></o:p></SPAN></P></DIV></BODY></HTML>