Penetration Testing mailing list archives
Re: Remotely hacking Novell ?
From: Forrest Rae <forrest.rae () code-lab com>
Date: Wed, 3 Jul 2002 21:26:31 -0500
Hello, If TCP port 524 is open, and the [PUBLIC] object has browse rights to the NDS tree, then enumerating information is possible. Simple Nomad's Advisory on this issue: http://razor.bindview.com/publish/advisories/adv_novellleak.html The tool for enumerating information from TCP port 524: http://razor.bindview.com/tools/files/ncpquery-1.2.tgz SAP Types that can be used with NCP Query: http://support.novell.com/cgi-bin/search/searchtid.cgi?/10050864.htm I also wrote a presentation on a Nessus plugin I authored that retrieves the Netware server name and NDS tree name from a Netware server via TCP port 524. The presentation touches some NCP protocol basics. http://forrest.rae.nu/presentations/nds-nasl/html/ I've never touch a Novonyx web server, sorry. -Forrest On Wednesday 03 July 2002 11:50, Rainer Duffner wrote:
Hi, I have found some Novell-server during a pentest (in fact, the site is a pretty much a complete Novell-Shop, minus things like Citrix). Anyway, there's a webserver with some Novonyx (remember that ?) Sample-Files and there's an LDAP-Server that exports what looks like part of the NDS (minus passwords, but some email-addresses). It also has 427/tcp and 524/tcp open (well, nmap says) - are there any tools that can enumerate more information from the server through these ports - if at all ? I assume, these are Novell-specific ports. Finally: does pandora only work locally ? cheers, Rainer
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Remotely hacking Novell ? Rainer Duffner (Jul 03)
- Re: Remotely hacking Novell ? H D Moore (Jul 03)
- Re: Remotely hacking Novell ? Forrest Rae (Jul 03)
- Re: Remotely hacking Novell ? Rainer Duffner (Jul 04)
- <Possible follow-ups>
- Re: Remotely hacking Novell ? Ed Reed (Jul 05)