Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Questions about Novell ZENwork security audit and review tools

From: nikhil () niiconsulting com
Date: 18 Oct 2006 10:21:15 -0000
Hello Ricci,

   Novell is one of my favourite topic, & here is what I think about it.

   Firstly you can use a tool called "Chknull.exe" which shows you every account with no password & the best part is 
that you do not have to be logged in. For this to work, bindery emulation must be on.

   Besides Chknull.exe there is a tool called "Novelbfh.exe" & "Nwpcrack.exe". Novelbfh.exe is a brute force password 
cracker which works on Netware 3.x versions. Whereas NWPcrack is a password cracker that works against a single account 
& uses a dictionary wordlist.

    Again there are tools like "Bindery.exe" & "BinCrack.exe". Bindery.exe is a password cracker that works directly 
against the .OLD bindery files & extracts user information out of bindery files into a Unix-style password text file. 
After this you can use Bincrack.exe to crack the extracted text file.

    "Getit" is a tool designed to capture passwords on a Novell Network.

    "Spooflog" is a program written in C by Greg Miller that can spoof a workstation into believing that it is 
communicating with the server. This is a fairly advanced exploit.

     "Gobbler" is a hacking tool which "sniffs" network traffic on Novell servers.

      The last & final, which is a more usefull of above all is tool called "Pandora". Pandora is a set of tools for 
hacking, intruding & testing the security & insecurity of Novell servers. 

Security Note : All these tools mentioned above are just for Security Assessment. As a security auditor, by using tools 
like chknull, bincrack etc in the same category, you could find out which are the accounts which needs to apply strong 
password or strong security policies. By mentioning these tools I have no intension of making people actually hack into 
Novell Network or OS.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: