Re: Pen Test Novell 5.5 w/ groupwise ?

[Tim <pand0ra.usa () gmail com>]

I used to admin a Netware system a while back (4.x-6.x) I know of one
particular tid-bit where you can use rconsole to connect to the server
and login as admin without a password (user:admin, password:<blank>).
Since DS is a LDAP system try doing anon LDAP queries. The GW client
can be used to connect to other user accounts without logging in as
that user (the security setting has to be poorly configured for that)
by adding some switches on the run line (/@u or something). What
netware services are they running (Print services, iManager, iFolder,
etc.)? Make sure you have the client (both novell and GW). The Novell
client will ID the systems on the network.
Netware typically runs Apache and tomcat for the management console
(iManager). A Java interface is also used in setting up something
(hey, it's been a few years). Novell's web site has a great search
engine and can pin a lot of this down for you pretty quickly.

On 8/2/06, Chris Serafin <chris () chrisserafin com> wrote:
> Hello all,
>
> I'm doing a large pen test of a client who has Novell 5.5 and uses
> groupwise for their email.  In addition to trashing their network via
> many other vulnerabilities, I wanna try to exploit the Novell system.  I
> have run GFI LanGuard against it, with sad results.  I'm running Nessus
> as I speak, so I don't know the results of that just yet. I saw a new
> vuln came out today , but it was for 6.x only from the advisory.  Anyone
> have tips or tricks, as I parellel google search?
>
> Chris Serafin
> IT Security / Cisco Engineer
> chris () chrisserafin com
>
>
>
>
>
> ------------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
> Choice Award from eWeek. As attacks through web applications continue to rise,
> you need to proactively protect your applications from hackers. Cenzic has the
> most comprehensive solutions to meet your application security penetration
> testing and vulnerability management needs. You have an option to go with a
> managed service (Cenzic ClickToSecure) or an enterprise software
> (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
> help you: http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to confirm your
> results from other product. Contact us at request () cenzic com for details.
> ------------------------------------------------------------------------------

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------