💾 Archived View for gemini.spam.works › mirrors › textfiles › hacking › novell.txt captured on 2023-01-29 at 07:53:08.
⬅️ Previous capture (2021-12-04)
-=-=-=-=-=-=-
HACKING NOVELL LOCAL AREA NETWORKS Fairfax County, Virginia Pale Rider (C) 1991 I wanted to share the information about hacking Novell networks that I have acquired. My knowledge comes from working for a company that installed and maintained Novell networks and from using Novell networks in High School. There are two programs that I know of that are designed to get Novell passwords: one is a TSR password snagger, and the other is a password hacker. 1) The TSR password snagger is called GETIT.COM. It is available on Solsbury Hill in the file THIEFNOV.ZIP or GETIT.ZIP. GETIT.COM is a TSR that activates itself and records the keystrokes that are entered after the Novell LOGIN.EXE program is executed. It writes a hidden- system attribute file to the C: hard disk. This file can be viewed with the Norton (or any other) hex editor. The program works well, but only starts recording keystrokes after "LOGIN" is executed, so the command line parameters (which are not entered after "LOGIN" is executed) will not be recorded. This means that if the user specifies their username on the command line (ie "LOGIN supervisor"<CR>), then the program will only capture the password entered, not the name, since the name was entered before GETIT.COM started recording the keystrokes. If someone just types "LOGIN" and hits return, they are prompted for a username and then their password, so both things will be snagged by GETIT.COM and written to the file. The source code for the program is included in getit.zip, which is in assembly language. There are three factors that must be true for the program to work and be successful: a) The workstation must have a local hard disk ("C:") b) The workstation must boot locally and not from the fileserver c) To match the password to a username, the workstation must either: 1) Have users login with no login command line parameters (by just typing "LOGIN") and then entering both their username and password when prompted for them -- or -- 2) Have users login with or without command line parameters as long as you know who was sitting there at the time, or if the same person always uses that machine, since you will only have a password in the file written to the hard disk 2) The password hacker is called NETCRACK.ZIP and it is available on Solsbury Hill. This program uses repeated calls to the NetWare variable Verify_Password to try to hack out passwords. You just run the program and it sits there and trying to get the password for the username you entered. I assume that the workstation that is running this program does not need to be logged in to the network under an account, but only needs to have run IPX.COM and NETx.EXE so that it sees the fileserver, but I am unsure. In some experiments with this program, I (with the help of a cool teacher in whose room we ran it) created an account with the one letter password "A". The program hacked it out in about 10 minutes. When the password length was increased to two letters, it took about 30 minutes. We then tried to run the program to hack out the password of one of my friends, whose password was 5 letters long. We hacked for the password on an IBM PS/2 Model 80 386/20 for an entire weekend. We finally had to quit after something like 65 hours of hacking, still without the password. This program obviously works, but requires a