Re: [PEN-TEST] NetWare?

["Bonvillain, David (ISS Denver)" <dbonvill () ISS NET>]

there are several other tools besides kane and pandora, alot are more manual
and command line based, but you can enumerate most of the information needed
to assess a netware installation, there is alot of information in hacking
exposed as well as good links on their website. try and get copies of
rcon.exe at ftp.fastlane.net in /pub/nomad/nw, nwpcrack, novell onsite
manager, and chknull.exe at least.
villain

-----Original Message-----
From: Jose Nazario [mailto:jose () BIOCSERVER BIOC CWRU EDU]
Sent: Tuesday, October 03, 2000 4:47 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] NetWare?


On Tue, 3 Oct 2000, Dunker, Noah wrote:

> My company just got contracted to handle a pretty big pen-test that
> has directives on UNIX, NT and NetWare 5.  UNIX and NT aren't a
> problem, as our Piranha team has a pretty good background with
> Pen-Testing in these environments.  I was wondering what should I look
> out for, and what tools are used (I've heard of Kane, but that's about
> it) in pen-testing NetWare. We have a few weeks to prepare for this,
> so I'm doing as much research as possible.  Any help would be
> appreciated.

don't screw around, go to the site of one of the experts:

                http://www.nmrc.org/

simple nomad is widely regarded as the leader in NetWare security issues.
read his stuff, check out his toolkits, and have some fun. Pandora is a
neat tool.

jose nazario                                    jose () biochemistry cwru edu
PGP fingerprint: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
Public key available at http://biocserver.cwru.edu/~jose/pgp-key.asc