Preventing Hackers From Breaking Through Novell

[DigitalRepose]

I offer this posts to sysOPs who run the Novell clients and NetWares. As a student, I am faced with the boredom of finishing HTML docs and spreadsheets hours before anyone else, so in my spare time I discovered a major hole that would allow anyone to access any file on the C:/ drive.

1. start internet explorer
2. go to address bar and type: C:\
3. your in
4. this also works for other types of drives as well including network drives

out

I may have not been clear on how to prevent this, sorry. I feal that the only way to prevent this is to denie access to IE. If possible you could use something like netsweeper to disable it (like a porn site would come up) but just remember that there's always a way around something, and if not. Balls to the walls and go on through.

out

[techtech]

Digital, welcome to AO. Thank you for the heads up about Novell. I personally am the technician @ an elementary school. @ We do run a Novell network, although to prevent any damage, we also run a program called Deepfreeze, which has been very successful @ saving our computers. Although a bit of warning, while it is fun poking through, be very careful accessing files that you shouldn't be. You could get in major trouble at school. We caught 4 kids trying it at my site, they were suspended and banned from the computers for 1 year. (We were light on them since they're 6th graders) So. Be careful!

Be smart. . .not sorry!

And again. . welcome!

[DISLEX]

techtech,

I was a tech for a school ditrict. We have installed DeepFreeze on thousands of computers and untill then I knew nothing about it. We were running a Novell network. Although I myself do not believe in this sort of thing I do know it does saves comps. This porg is amazing. It's good to see someon else talking about it. I would now like to direct your attention here:

http://www.antionline.com/showthread...ghlight=DISLEX

It would be nice to once again get some people looking into this prog.

--
Welcome to AO, DigitalRepose.

[HurrayForSchool]

How ironic! I had to access the c drive today at school because my stupid teacher downloaded an attachment to it, and couldn't find it. I used microsoft word though.

Welcome to AO man. Hope you enjoy it here.

[DigitalRepose]

Hey, thanx for replying to my post. I hope it helped you SYSOPs out there put the paddle on these midget felons. So um... I just have to ask....... a 6th grader hacking onto the school computer? Jeez, in 6th grade all I did was play solitaire.......

[DigitalReligion]

This is probably the most simple of actions.

I, too, have had some time to play around with the Novell system at school in my free time...

Turns out I have enough rights to my "student" folder (mapped network drive) that I can give and take others rights to view it. I am going to see if I can actually give myself rights to others folders tomorrow...if I can I plan to alert my comp sci teacher who is the sys admin - any suggestions on how to do this without getting in trouble myself?

My friends brother acouple years back pretty much owned the network with such simplicity as a keylogger and some heavy reading on the r-console usage. Heh, theres even a hidden tree/account on the network still with full admin rights.

[powertoad5000]

Turns out I have enough rights to my "student" folder (mapped network drive) that I can give and take others rights to view it. I am going to see if I can actually give myself rights to others folders tomorrow...if I can I plan to alert my comp sci teacher who is the sys admin - any suggestions on how to do this without getting in trouble myself?

The same thing happened at our school when they put Windows 2000/XP on all the computers, people were able to change permissions on their own accounts. It was pretty funny denying access to my IPT teacher and asking him to test it out but unless your admin can't tell **** from clay the chance that you are going to be able to assign yourself rights to others folders is pretty slim.

There's been a bunch of threads on here from people who've been ****ed over because they revealed information like this to their administrators/teachers etc. All I can say is that anytime I found a bug/hole in the computers at school (not often) I just went and told our admin guy and he'd fix it up asap or explain what the go with it was and why it was that way. Of course he was a pretty cool guy and it sounds like over in the US you get a lot of school network administrators who are insecure dickheads and can't set up a network to save themselves. So if you did find a hole, depending on what your administrator guy is like, I'd just keep it to yourself unless you're positive you're not going to get suspended or something.

[DigitalReligion]

Thanks for the advice. Interestingly enough, I learned about this back in 6th or 7th grade on our middle school network and it is still doable on the highschool's network - under 95/98.

The admin at my middle school was also dumb enough to leave guest "teacher" accounts (school vista frontend was in use) that everyone knew about.

It'll be a fun day today

[Hang-man]

There are much greater problems that have not been brought up here, I shall explain.
1)- from the novell screen one can press f1, and from the help menue press web help, and in a few more links they are in windows explorer as an unrigisterd user. its just that easy.(iv done it)
2)- a simple key logger program installed records all paswords.(yes, it does work)
3)-and my personal favorite, write a program that runs at the start of every login saying their password is icorrect and to type it in again. nobody thinks twice.
4)gym/music teachers dont change their passwords.

novell is riddled with errors and anyone with any programming knowlege can easily bypass it. so if you want people to stop hacking the system stop putting things worth stealing on PUBLIC NETWORK DRIVES!!, maby my school's just stupid.