Bugtraq mailing list archives

Re: Novell Netware 4.X Hidden user accounts

From: RMACDONALD () PERRIGO COM (Robert MACDONALD)
Date: Fri, 17 Apr 1998 11:37:07 -0500


Look for HOBJLOC on Novells or Fastlanes site. This is a hidden object
locator. I use it to see if I have gained any of these little creatures...

Best of Luck!
Robert


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Robert P. MacDonald (rmacdonald () perrigo com)
Systems, Network & Security Analyst
Perrigo Company, Allegan, Michigan

<jdrodriguez () FANDAGO READ TASC COM> 04/16 3:59 PM >>>

Command
        Creating user accounts
Systems Affectted
        Netware 4.X
Problem
Netware allows a user account to become "hidden" and unable to be
managed by native Netware tools including deleting the account.

The following MUST be done as an admin(supervisor)
1)  Start NWADMIN
2)  Create a user
3)  Give the user supervisor equivalence
(Note:  Not required, but why not)
4)  Right click on the user.
5)  Select Trustees
6)  Delete Root and Public trustees
7)  Select the user and change its rights(Object and Property)
8)  Assign ONLY Supervisor
9)  Select Inherited Rights Filter
10) Deselect all values(NO boxes should be marked)
11) Return to main NWADMIN screen(HIT OK TWICE, I think)
12) Refresh the screen(Can be done by clicking on the tree name where
the user account was created)
13) The user account is GONE.

Execute some native Netware commands.  Try this one which will list all
detailed information on all users.
        NLIST USER /D
The newly created account is now missing.

Now try to assign a password to the account.
        SETPASS USERNAME
You get an error message stating that you must be a manager to change
the password.

Solution:  Unknown
Workaround:
To delete this account.  You must start the server in bindery mode.  Add
SET BINDERY CONTEXT command in AUTOEXEC.NCF(Note: You must set the
context to the one
in which the account was created).  Utilize the USERDUMP tool to ID the
account, if you have not done so already.  Next, use CHGPASS to change
the user accounts password.  Login in as that user, and reverse the
previous procedure to hide the user account.  Specifically, adding
PUBLIC and ROOT as trustees.  USERDUMP and CHGPASS are publicly
available tools.

Current thread:

Re: Novell Netware 4.X Hidden user accounts Robert MACDONALD (Apr 17)
- <Possible follow-ups>
- Re: Novell Netware 4.X Hidden user accounts phayden (Apr 17)
- Re: Novell Netware 4.X Hidden user accounts John McDonald (Apr 17)