Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Pen Test Novell 5.5 w/ groupwise ?
From: Tim <pand0ra.usa () gmail com>
Date: Wed, 2 Aug 2006 23:44:51 -0600

I used to admin a Netware system a while back (4.x-6.x) I know of one
particular tid-bit where you can use rconsole to connect to the server
and login as admin without a password (user:admin, password:<blank>).
Since DS is a LDAP system try doing anon LDAP queries. The GW client
can be used to connect to other user accounts without logging in as
that user (the security setting has to be poorly configured for that)
by adding some switches on the run line (/@u or something). What
netware services are they running (Print services, iManager, iFolder,
etc.)? Make sure you have the client (both novell and GW). The Novell
client will ID the systems on the network.
Netware typically runs Apache and tomcat for the management console
(iManager). A Java interface is also used in setting up something
(hey, it's been a few years). Novell's web site has a great search
engine and can pin a lot of this down for you pretty quickly.

On 8/2/06, Chris Serafin <chris () chrisserafin com> wrote:
Hello all,

I'm doing a large pen test of a client who has Novell 5.5 and uses
groupwise for their email.  In addition to trashing their network via
many other vulnerabilities, I wanna try to exploit the Novell system.  I
have run GFI LanGuard against it, with sad results.  I'm running Nessus
as I speak, so I don't know the results of that just yet. I saw a new
vuln came out today , but it was for 6.x only from the advisory.  Anyone
have tips or tricks, as I parellel google search?

Chris Serafin
IT Security / Cisco Engineer
chris () chrisserafin com





------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------



------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault