novell security
Results 1 to 9 of 9

Thread: novell security

  1. #1
    Junior Member
    Join Date
    Feb 2003
    Posts
    15

    novell security

    Hello,

    I've been teaching myself about windows password/network security mainly so that I can get into the network security field. Recently the subject has been how to secure, and break security on windows systems (specifically SAM hashes, SYSKEY, etc..).

    I'm interested in learning a bit more about Novell security, as I've heard many companies use Novell on client computers. I've done quite of bit of internet searching on novell, but have not found what I'm looking for.

    Speficially what I'm wondering about is how the boot process works on a Novell client PC(even if booted in offline mode, clients log into a Novell prompt). I'm assuming novell overwrites the bootloader when it's installed, if that's the case what password file does Novell pull from? I'm guessing it's not the SAM hash, but another Novell encryped password file somewhere.

    At what point does Novell overtake windows in the boot process? (again, I'm assuming it's at the bootloader).

    If anyone has knowledge of this, or links to relevant resources I'd appreciate it. Thanks in advance

    Phite

  2. #2
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Itís been a long time since Iíve messed with Novell Netware. It should have nothing the do with a boot loader. To the best of my knowledge old Client 32 would replace/modify Security Accounts Manager on the windows box to send authentication to a Netware or some other box that manages NDS. Canít say I know for sure, so this may not help you much.

    edit: This page may give you some more details:

    http://www.microsoft.com/technet/pro.../ntmanage.mspx

  3. #3
    BANNED
    Join Date
    Nov 2003
    Location
    San Diego
    Posts
    724
    I found this but I'm not listing the url I didn't like the content of the rest of the page.
    Contrary to not-so-popular belief, access to the password file in Netware is not like Unix - the password file isn't in the open. All objects and their properties are kept in the bindery files on 2.x and 3.x, and kept in the NDS database in 4.x. An example of an object might be a printer, a group, an individual's account etc. An example of an object's properties might include an account's password or full user name, or a group's member list or full name. The bindery files attributes (or flags) in 2.x and 3.x are Hidden and System, and these files are located on the SYS: volume in the SYSTEM subdirectory. Their names are as follows:

    Netware version File Names
    --------------- ----------
    2.x NET$BIND.SYS, NET$BVAL.SYS
    3.x NET$OBJ.SYS, NET$PROP.SYS, NET$VAL.SYS

    The NET$BVAL.SYS and NET$VAL.SYS are where the passwords are actually located in 2.x and 3.x respectively.

    In Netware 4.x, the files are located in a different location on the SYS: volume. It is a hidden directory called _NETWARE. In this directory are located the NDS files, license files, and a number of other system-related files such as login scripts and auditing files.

    File What it is
    -------------- --------------------------
    VALUE.NDS Object and property values
    BLOCK.NDS Extended property values
    ENTRY.NDS Object and property types
    PARTITIO.NDS NDS partition info (replication info, etc.)
    MLS.000 License file.
    VALINCEN.DAT License validation

    To view the hidden SYS:_NETWARE directory, you can try to use RCONSOLE and the Scan Directory option, although later versions of Netware 4.x have patched this (starting with 410pt3). Here is another way to view these files, and potentially edit them. After installing NW4 on a NW3 volume, reboot the server with a 3.x SERVER.EXE. On volume SYS will be the _NETWARE directory. SYS:_NETWARE is hidden better on 4.1 than 4.0x, but in pre-410pt3 patched 4.1 you can still see the files by scanning directory entry numbers using NCP calls (you need the APIs for this) using function 0x17 subfunction 0xF3.

    Using JCMD.NLM, it is possible to access SYS:_NETWARE, and do many fun things, like copy NDS, etc. But what hackers have asked for is a way to access this directory WITHOUT uploading an NLM via RCONSOLE. You can try using NETBASIC.NLM (see the Netware Console Attacks section for details), and actually copy NDS files to a directory you can access (like SYS:PUBLIC).
    20.2 What's the full story with Netware passwords?

    A Novell proprietary algorithm takes the password, and produces a 16 byte hash. This algorithm is the same for versions 3.x and 4.x of Netware. The algorithm is also inside the LOGIN.EXE file used by the client when logging in. The details of the algorithm itself can be found in the crypt.txt file included with Pandora (see Pandora for details).

    The 16 byte hash is stored within the bindery files in Netware 3.x and NDS in Netware 4.x. Since the object ID is used in the algorithm, it adds the equivalent of a salt. This along with the fact that the password length plays into the algorithm increases the overhead in cracking multiple passwords at once.

    Fortunately for the cracker, both the object ID and the password length are stored with the hash, along with that fact that lower case letters are converted to upper case before generating the hash does simplify the process slightly. Password crackers can brute force a little easier since they can eliminate trying lower case letters and concentrate on a particular password length.
    When death sleeps it dreams of you...

  4. #4
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Simple Nomad's perhaps?

  5. #5
    Junior Member
    Join Date
    Feb 2003
    Posts
    15
    that's an excellent start, thanks guys.

  6. #6
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Be careful with the admin tool. It works both ways and can be both your best defence, and your worst offense. I have to go to work here in a minute, but when I get home I'll give more detail on it and maybe some ideas of securing it.
    Kill the lights, let the candles burn behind the pumpkinsí mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  7. #7
    Member
    Join Date
    Sep 2004
    Posts
    32
    Novell was ran on my old highschool's computer. That's a very unstable approach, when security is concerned. The highschool I went to didn't have good security at all to begin with. It was possible to break into their system using the most simple, and common sense methods. That's basically what hacking is, using logic to solve your dilemma. Not using your idiocy to brew trouble. Also, it is benevolent to expose ignorant administrators, and or end users about their secuirty issue, in order for them to possibly correct the problem. Being a beginner, and reading what I just read on Novell, I myself would not recommend it.

  8. #8
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Novell if fine, no worse then anything else when it comes to security. I just matters who admins it.

  9. #9
    Member
    Join Date
    Sep 2004
    Posts
    32
    That is true. But also, no program is the perfect program. Every program has it's certain flaws,so it's not only the admin, but is also part of the program or system used. The universal example being, no matter who admins a Windows network, that same admin can make a Linux network more secure.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides