💾 Archived View for gemini.spam.works › mirrors › textfiles › hacking › hacknet.dox captured on 2021-12-04 at 18:04:22.

View Raw

More Information

-=-=-=-=-=-=-

                       The Novell Network Hacking Guide

                                    By

                        PeRSeUs/LoRd psYChobeTa of EmC



Hey what'z up ?!? When my computer science teacher put up *his* new toy in
our class, novell network 3.x, i knew that i would hack this baby sooner
or later... since u can find novell networkz and LANs more and more often
out there I decided to write this guide... it might help u sometime e.g.
if u go to college or in your office... this guide is about the basic things
u can do in a novell network... i also added the best programs that i could
find and my SPY program.. 

1.LOGIN

First u turn on the computer and u see the computer booting up
(usually it boots with some kind of net-bios that is on the net work
cards in the ROM or so)... then u see, e.g. in our network, this big IBM
screen and then u are supposed to press <enter> and input your name and
sometymes password... first of all
check out these standard IDs for novell networks 3.x for passwords:

Id              PassWord
-------         ----------
Admin           'School Name', none or private
Sysop           'School Name', none or private
SuperVisor      'School Name', none or private
OfficeAdmin     'School Name', none or private
Guest           none or private

If you are really lucky then one of the sysop/supervisor accounts doesn't
have a password and u can mess with the net.  BUT that will be quite unreal-
istic.. whatever.. give it a try.. so if u can login either with one of those
IDs or with your own you get to the next screen, the main menu...

2.Main Menu (and how to get to dos)

If you are in here you will usually only find some boring crap like works
or word 5.5 or some shit... what we want to do is get out of here and drop
to dos so we can use some of our nice programs.. but u probably won't find
a normal way to get to dos.. try some of this stuf.: if u see "Access A:"
near the bottom of the menu or as one of the menu choices and try to use it
but with no disk in the drive... u will
get an error message.. if u press abort it won't help u here and u are back
in the menu... instead of that press something like ctrl-c, ctrl-brk OR --
a less well-known combo -- pressing ctrl-2... yeahh it really works..
but after we used that method too many times my teacher disabled the whole
"Access A:" menu choice so we were phucked.. but there are still other ways :)
first of all hold ALT and press E, S, C one key at a time... that is the
normal way for novell technicians to get into dos... if that doesn't work
press ctrl-x (sometimes you have to do it from the main menu).... that works
pretty often too... well but when the sysop finds
out about all that he can even disable that if he's determined enuff (like my
Mr. Li'l Adolf :-P... in this case i know only of one last way and that he
can't disable (unless he's not dumb)... haha.. ok.. use any texteditor like the turbo pascal editor
or word for windows.. then check all drives (a: - z:) until u find a ram
drive .. here u find a batch file (g.bat) for yur personal main menu and since
it's the ram drive of ur computer u can even change it..u just add one line
in the menu prompts that looks like this:

z: lemme to DOS !!!^C:\

if u get out of the word processor to the menu u will see ur new option and
it will drop you to dos in drive c:\ .. another very easy thing is this...
u just run an application like turbo pascal 7.0 or so on ur computer and
shell to dos... well unfortunately our crappy school could only afford
turbo pascal 3.0... :( 

3.Important commands in DOS 

ok now u are in dos and want to find out about the network... go into all
possible directories and look around... try to find a program just
called help.exe... it is a novell network reference with all kinds of
information on every dos command and so on... anyways.. here are the most
important commands that u will use: if u type RIGHTS u will see a 
number of attribute rights that tells u what u can do in the specified/
current directory... usually that will be only [ F   R ] or so and means 
u can file-scan (or type dir:) and can only read files... yeahh that sux..
the next important thing is GRANT and with that u can grant urself or any-
body access to a directory if u have the A attribute in that dir. With
REVOKE u can remove the rights from some lusers :-).. with TLIST u can
find out who else has rights to a certain directory or so (VERY
IMPORTANT WITH HACK.EXE LATER ON)... then use USERLIST to see who's logged
in.. and SEND to send anybody messages.. in my class some stupid kids were
sending messages all the time and annoyed me like shit.. well in this case
just type CASTOFF and u won't receive no more messages... there are lot of
other interesting commands that i forgot rite now but these listed here
are the most important ones...

4.Novell Network Hackers
To get sysop access i tried almost every possible thing and I got it a couple
of times that's the reason why i am gettin' an F this year in computer
science.. there are some real nice programs out there that I put together
with this doc so u can use 'em too...
Hack.exe        Hack exe fools the file-server, but it requires that a 
                SuperVisor (*not the sysop*) is logged on... if he is then
                just start the program and the file-server thinks u are sysop
                and u have all rights (granting time!! :)... i did this but
                my computer science teacher used tlist.exe to find out that
                i had access to *his* directories, so he just deleted my
                account... don't grant access to those kind of dirs..
View.exe        Use that to see if the supervisor is logged on
Netcrack.exe    This program simply checks all possible passwords for a given
                ID. that means it can take 30 hrs. to find a [long] password...
                but i just included it .. who knows..
Knock.exe       This program is the patched ATTACH command... the ATTACH com-
                mand lets u change from one ID to another one... but here
                u don't have to input the password..:-)..unfortunately it
                isn't compatible with all netbios versions or so and it just
                froze the computer in my school's network...

!*!*!*! THERE ARE SECURITY PATCHES FOR ALL THOSE PROGRAMS BY NOVELL !*!*!*!

5. SPY/SPY_VIEW
This one was my last hope... i coded it myself in a mixture of asm/tp...
it's a tsr program that captures all keys to ram... well u might thinks that's
lame cuz u have seen tools like SPY all over.. no way.. yeah way.. the reason
is that the usualy key capture programs change either interrupt 09h/21h/16h to
get the key value... that's what i tried first but it doesn't work... during
the login process novell network uses its own keyboard routines or they just
restore those interrupts mentioned earlier but u fucking can't capture keys..
hmm.. i thought to myself there got to be some damn way... well i finally had
the idea while sh***ing on the toilet... instead of using those interrupts
i finally used timer interrupt 8h and i also used I/O port 60h to read the
keys... the problem was that the scan codes from port 60h are not ascii format
so i had to kinda decrypt them with my viewer program... whatsoevr.. just
run my SPY and enter the segment memory adress.. this should be somewhere at
the end of conventional memory, e.g. i usually use 9000 and it works fine..
then it's resident in memory and log out... call ur teacher or any person
that they show u something on your computer with turbo pascal or so... my
teacher and i worked on some problems with the net but b4 he logged on i had
installed SPY... it captured his login name + password... if u use SPY_VIEW
u will probably find some bs like this:

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

SPY Viewer coded by PeRSeUs oF EmC...
Segmend address: 9000h         Number of keys pressed: 101
9000:0000   LLOGOUTLLOOGINNSSYSOOPHHUUGGOODDIRCLSSPPY???--VVIIEWW ??
9000:0040   ????????????????????????????. T.TTXT???????????????????????????

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

first it might look pretty weird cuz instead of 'LOGOUT' u see 'LLOGOUT'..
well.. that's one of the disadvantages using timer int. 8h and port 60h...
but it seems to be the only way and it's better than nuthin' :-)
ok.. here u see login, sysop and then hugo... here we got his password...
(even if it's a real dumb one)... the viewer only "translates" letters and
numbers and a couple of other chars. from raw scan code into ascii... the ?
indicates that it was some key like shift or f10... also.. where u see the
dash -- i actually pressed the key+shit (i.e. __) but as i said it can't
record that... so that's about all i learned/hacked about LANs... if u got
any ideas or whatever.. please contact me at the MiLLENiUM BbS..EmC USHQ..3o5
Nup Found on any quality  h/p or - Warez Board

                  ...  cy'around in cyberspace  ...