Security Basics mailing list archives
Re: Questions about Novell ZENwork security audit and review tools
From: nikhil () niiconsulting com
Date: 18 Oct 2006 10:21:15 -0000
Hello Ricci, Novell is one of my favourite topic, & here is what I think about it. Firstly you can use a tool called "Chknull.exe" which shows you every account with no password & the best part is that you do not have to be logged in. For this to work, bindery emulation must be on. Besides Chknull.exe there is a tool called "Novelbfh.exe" & "Nwpcrack.exe". Novelbfh.exe is a brute force password cracker which works on Netware 3.x versions. Whereas NWPcrack is a password cracker that works against a single account & uses a dictionary wordlist. Again there are tools like "Bindery.exe" & "BinCrack.exe". Bindery.exe is a password cracker that works directly against the .OLD bindery files & extracts user information out of bindery files into a Unix-style password text file. After this you can use Bincrack.exe to crack the extracted text file. "Getit" is a tool designed to capture passwords on a Novell Network. "Spooflog" is a program written in C by Greg Miller that can spoof a workstation into believing that it is communicating with the server. This is a fairly advanced exploit. "Gobbler" is a hacking tool which "sniffs" network traffic on Novell servers. The last & final, which is a more usefull of above all is tool called "Pandora". Pandora is a set of tools for hacking, intruding & testing the security & insecurity of Novell servers. Security Note : All these tools mentioned above are just for Security Assessment. As a security auditor, by using tools like chknull, bincrack etc in the same category, you could find out which are the accounts which needs to apply strong password or strong security policies. By mentioning these tools I have no intension of making people actually hack into Novell Network or OS. --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Questions about Novell ZENwork security audit and review tools ricci (Oct 17)
- <Possible follow-ups>
- Re: Questions about Novell ZENwork security audit and review tools nikhil (Oct 18)
- Re: Re: Questions about Novell ZENwork security audit and review tools samhenry (Oct 19)