Modern Networking Hacking
•Download as PPT, PDF•
0 likes•86 views
new Technology for network hacking
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Modern Networking Hacking
Similar to Modern Networking Hacking (20)
More from Greater Noida Institute Of Technology
More from Greater Noida Institute Of Technology (20)
Recently uploaded
Recently uploaded (20)
Modern Networking Hacking
- 1. Modern Netware Hacking ANAND KUMAR MISHRA
- 2. Agenda • Why Hack Netware • Data Gathering in Novell Environments • Intrusion Techniques • Pandora Overview
- 3. Why Hack Netware • Wide Deployment – Novell has large market share. • Security Often Overlooked – Admins usually just know the basics. • File and Print Focus – Secure data often inside desktop productivity documents.
- 4. Data Gathering • Offline Techniques • Online Techniques
- 5. Data Gathering - Offline • Public Sources – SEC filings, Annual Report, etc. • The Internet – Whois, company web site, Internet postings. • Social Engineering – Contacting company employees directly.
- 6. Data Gathering - Online • CHKNULL.EXE – Will check for accounts with no password in the current context. – Can check all accounts for a single password.
- 7. Data Gathering - Online (cont.) • CX.EXE – CX /T /A /R will dump the complete tree if the default rights are still set. This will give a complete list of account names.
- 8. Data Gathering - Online (cont.) • NLIST.EXE – NLIST USER /D will list a ton of info regarding valid accounts. – NLIST GROUPS /D will list group names, descriptions and members. – NLIST SERVER /D will list servers and OS versions, and if attached will state if accounting is active.
- 9. Data Gathering - Online (cont.) • NLIST.EXE – NLIST with the /OT options will list object information. For example NLIST /OT=* /DYN /D will list information on all readable objects, including dynamic objects, names of NDS trees, etc.
- 10. Intrusion Techniques • LOGIN – Attach directly to the server. • MAP, ATTACH – Attach indirectly to the server although a user name and password are required. • Once logged in, re-run CX.EXE and NLIST.EXE commands.
- 11. Intrusion Techniques (cont.) • Bindery-based Tools – NWPCRACK – KNOCK – Intruder from Pandora • Additional Tools – Onsite – Sniffers
- 12. NDS’s Hidden User - Supervisor • On all Netware 4.x and 5.x servers. – First object built in NDS during Netware server installation. – Initial password is same as initial Admin password. • Full access to server’s file system. – Read/write access to every subdirectory.
- 13. Invading Supervisor • Brute Force Attacks – KNOCK, NWPCRACK will attack brute force against a bindery account. • Dictionary Attack – Pandora’s Intruder will dictionary attack using “stealth” methods.
- 14. Console Attacks • Monitor Lock Bypass • Other “Debugger” Attacks • Rogue NLMs – Setpwd – Setpass
- 15. Console Attacks (cont.) • Remote Console – Password is “decrypted” in server RAM. – Trivial to decrypt if NCF file captured. – Rconsole sessions are in plaintext.
- 16. Console Attacks (cont.) • NCF Files – Batch files executed at highest priviledge. – Sometimes not in secure directory. • NDS Files – Copying for offline analysis.
- 17. Pandora v3 • Command Line Utilities • Offline Password Cracking • Online Server Attacks • Denial of Service • Open Source Freeware • Developed with 100% Freeware
- 18. Pandora v4 • Offline Password Cracking • Online Server Attacks • Full GUI - “point, click, and attack” • Open Source Freeware • Developed with 100% Freeware • GUIs for Win 95/98/NT and X (Linux only)
- 19. Pandora v4 Online • Denial of Service • Auto-gathering of Detailed System Information • User account “discovery” • Dictionary Password Attacks with Lockout Detection • Packet Signature Spoofing
- 20. Pandora v4 Offline • Complete Netware 4.x & 5.x Password Auditor • Dictionary and Brute Force Attacking • Will Read BACKUP.DS and DSREPAIR.DIB Files • Multi-threaded for Multiple Account Cracking
- 21. Anatomy of an Attack • Gather Info – CHKNULL, CX, NLIST, Onsite • Gain Initial Access – No/weak password on an account. – Dictionary/Brute force attack
- 22. Anatomy of an Attack (cont.) • Advanced Techniques – Onsite, sniffers, GameOver • Attack Supervisor Account – Intruder • Copy NDS Files – Offline cracking of passwords • Attack Additional Systems
- 23. Additional Items • IMP – Borrows from Pandora’s source code. – Fast and free password auditor.
- 24. Defensive Techniques • Latest Service Packs and Patches • Limited rights on [Public], [Root], and USER_TEMPLATE • Turn on Intruder Detection on each container (default is off) • Packet Signature Level 3 on server • Strong security policy
- 25. Defensive Techniques (cont.) • Checking for backdoors • Logging & Auditing
- 26. Questions • Q & A
Editor's Notes
- Novell Netware can be found in more than 55% of U.S. corporations. In other words, a lot of corporate America has data sitting on Netware servers. Novell is making leaps and bounds into a more open world of web servers, NetWare/IP, and other connectivity to public networks, and security has become very important in all aspects of Novell's products. Novell has also been less than forthcoming regarding security patches for vulnerabilities in their products, and often release security patches as a part of regular maintenance patches without communicating the nature of the original security problem and the security implications behind not loading the latest patches. You typically do not find the R&D’s source code sitting on a Netware server, but you do find tons of word processing, spreadsheets, charts, graphs, and other general productivity documentation on a Netware server. These documents can contain everything from marketing plans to legal briefs to hostile takeover strategies, making them a prime target for intruders. In shops that focus on Netware for file and print, expect system administration documentation to also reside on the server.
- To hack Netware, we start with gathering of data. This falls into two different categories -- offline and online resources. Offline refers to data gathering that does NOT involve direct Netware server access, and online data gathering is using the Netware server and a few easy techniques to reveil information.