HACKING Novell Netware

Novell Netware, as one of the Network Operating System that many
used in Indonesia, an OS is interesting to learn, because
proximity to the DOS is generally known in the computer user
Indonesia.

Too bad as a regular user we can not use the feature-feature
certain that only can be accessed by SUPER USER (in terms SUPERVISOR
Novell Netware).

Here are some tricks that can be used to gain access
SUPERVISOR it.

Note:
This tutorial is made for the purposes of study and research Novell Netware,
even a few tricks that are used here are often used by the author
(CyberBug) at the time of Novell Netware System Maintenance.
Electronic writer and Roaches are not responsible for errors
the use of this tutorial.

In addition to all this tutorial has been tested in the Novel Netware writer 3:11
and 3:12


1. HOW DO I HAVE ACCESS SUPERVISOR?

There are several possibilities that you may have:
A. Do you have physical access to the Server
B. You do not have physical access to the server but got an account / login name

A. Do you have physical access to the Server
Usually people who have physical access to the server (can use the console
server) is a trusted person to Maintenance System.
The following trick I usually do if the supervisor is not in
place when we need a password or a supervisor password forgotten
(do not laugh, many are like this, because access is sometimes used Supervisor
until they forget their own).

Hacknya following:

Cat: Yg within [] is indispensable keyboard button is pressed.
Reply within () is the information

1. Press [Left Shift] [Right Shift] [Alt] [Esc] at the same time (Debugger Mode)
2. Type: VerifyPassword d 6 [Enter] (Note 6 bytes wrote out as a result).
3. Type: c VerifyPassword = B8 0 0 0 0 C3 [Enter] (password) Turn off checks
4. Type: g [Enter] (Apply changes)

After this process is done you can login as a Supervisor without the need to
Fill in the password.

To restore the password check:
1. Press [Left Shift] [Right Shift] [Alt] [Esc] at the same time (Debugger Mode)
2. Type: c VerifyPassword = xx xx xx xx xx xx [Enter] (xx = 6 bytes yg note)
3. Type: g [Enter] (Apply changes)

Or if you want easy (and possible) down the server and then restart the
again, the password check will be normal again, because the change password check
only in memory.


B. You do not have physical access to the server but got an account / login name
(although only a guest account).

The easiest way is to use the NW-HACK.EXE programs, work
this program as follows:

1. If the SUPERVISOR is logged in (check with Userlist) run this program.
Supervisor password will be changed into SUPER_HACKER (Cool name eh?)
2. And each account in the server will become SUPERVISOR Equivalent
which means that all users equal to the SUPERVISOR.
3. We must put BackDoor after getting this access (as
if the supervisor knew she would change the status of all users who
has become Supervisor Equivalent to normal status).


2. HOW TO GET IN OTHER PASSWORD Novell Netware?

Password Trapper best I've ever known are the two companions LOGIN.EXE
(the patch from the Dutch hacker named itsme) and PROP.EXE
To be able to plant this Trapper Password

1. We should have had access SUPERVISOR,
2. If the supervisor has obtained access, exchange files in directory LOGIN.EXE
SYS: LOGIN LOGIN.EXE results with the patch file, do not forget to replace
flag / attribute to be SRO.
3. After LOGIN.EXE files changed, still as a Supervisor to run the file
PROP.EXE with option-C [PROP-C] to create a new bindery property
(as a password in the trap).
4. After a week or a month and then try to check the harvest passwords
you with PROP-R command or the pipe may also like
PROP-R> filename.
5. To start we do not need PROP.EXE Supervisor access, the user simply
normal, not even have to log in at all important IPX and
NETX (or LSL, ipxodi and VLM, whatever) has been started (my suggestion
PROP.EXE prepared on diskette and run from floppy).


4. HOW TO GET ALL IN Novell NetWare PASSWORD?

1. As SUPERVISOR go to the directory SYS: SYSTEM, and then type BINDFIX.
2. Answer all the questions with Yes, when you're done,
3. Copy 3 (three) berextension file. OLD (look out for himself the file) to the floppy.
4. Use BINDERY.EXE program as follows:
BINDERY ETC> PASSWORD
5. Then the crack results in a file using BINCRACK.EXE plus PASSWORD
FILEDICTIONARY (collection of passwords) as follows:
BINCRACK PASSWORD FILEDICTIONARY> HASILPASS


5. HOW TO MAKE BackDoor?

There is one file called SUPER.EXE which is often used for this purpose,
with this file we can get a Supervisor Equivalent (with
using a normal user login) anytime we want.
But this must be set first, and to be setting this backdoor, we
Supervisors must first gain access (this utility is to Supervisor,
so that the supervisor can change his status as a regular user or
supervisor as required).
Suppose you have logged in with a cockroach, and you want to you can
change your status as a normal user or a supervisor any time you
like.
1. Login as Supervisor
2. Run the program SYSCON
3. Set user equivalent cockroaches as SUPERVISOR
4. Close / Exit SYSCON program
5. Login as a cockroach
6. Run the program as follows SUPER.EXE: SUPER +
Now Toggle Supervisor Equivalent to cockroaches is ON
7. Login as SUPERVISOR
8. Run the program SYSCON
9. Remove user cockroach equivalent SUPERVISOR
10. Close / Exit SYSCON program
11. To further Supervisor Equivalent to enable you to stay
logged in as a cockroach and then typing SUPER +, to disable
Supervisor Equivalent type: SUPER --
(Heheheheh ... Roaches Steel Black Knights - Changed!)


6. From anywhere I CAN GET ALL OF THE ABOVE UTILITY?

Internet Search Engine is the source of almost infinite, type
Filename you want and you will get it.
Some good search engines are:
http://www.altavista.digital.com
http://www.excite.com
And the best for hackers:
http://astalavista.box.sk


7. CLOSING

This tutorial is more of a quote from "The Unofficial Netware Hack FAQ",
by Simple Nomad of the Nomad Mobile Research Center, the author cites only
the parts are known and have been tested by the authors themselves and
expected also useful for the securities in Indonesia.