The Novell Network Hacking Guide By PeRSeUs/LoRd psYChobeTa of EmC Hey what'z up ?!? When my computer science teacher put up *his* new toy in our class, novell network 3.x, i knew that i would hack this baby sooner or later... since u can find novell networkz and LANs more and more often out there I decided to write this guide... it might help u sometime e.g. if u go to college or in your office... this guide is about the basic things u can do in a novell network... i also added the best programs that i could find and my SPY program.. 1.LOGIN First u turn on the computer and u see the computer booting up (usually it boots with some kind of net-bios that is on the net work cards in the ROM or so)... then u see, e.g. in our network, this big IBM screen and then u are supposed to press and input your name and sometymes password... first of all check out these standard IDs for novell networks 3.x for passwords: Id PassWord ------- ---------- Admin 'School Name', none or private Sysop 'School Name', none or private SuperVisor 'School Name', none or private OfficeAdmin 'School Name', none or private Guest none or private If you are really lucky then one of the sysop/supervisor accounts doesn't have a password and u can mess with the net. BUT that will be quite unreal- istic.. whatever.. give it a try.. so if u can login either with one of those IDs or with your own you get to the next screen, the main menu... 2.Main Menu (and how to get to dos) If you are in here you will usually only find some boring crap like works or word 5.5 or some shit... what we want to do is get out of here and drop to dos so we can use some of our nice programs.. but u probably won't find a normal way to get to dos.. try some of this stuf.: if u see "Access A:" near the bottom of the menu or as one of the menu choices and try to use it but with no disk in the drive... u will get an error message.. if u press abort it won't help u here and u are back in the menu... instead of that press something like ctrl-c, ctrl-brk OR -- a less well-known combo -- pressing ctrl-2... yeahh it really works.. but after we used that method too many times my teacher disabled the whole "Access A:" menu choice so we were phucked.. but there are still other ways :) first of all hold ALT and press E, S, C one key at a time... that is the normal way for novell technicians to get into dos... if that doesn't work press ctrl-x (sometimes you have to do it from the main menu).... that works pretty often too... well but when the sysop finds out about all that he can even disable that if he's determined enuff (like my Mr. Li'l Adolf :-P... in this case i know only of one last way and that he can't disable (unless he's not dumb)... haha.. ok.. use any texteditor like the turbo pascal editor or word for windows.. then check all drives (a: - z:) until u find a ram drive .. here u find a batch file (g.bat) for yur personal main menu and since it's the ram drive of ur computer u can even change it..u just add one line in the menu prompts that looks like this: z: lemme to DOS !!!^C:\ if u get out of the word processor to the menu u will see ur new option and it will drop you to dos in drive c:\ .. another very easy thing is this... u just run an application like turbo pascal 7.0 or so on ur computer and shell to dos... well unfortunately our crappy school could only afford turbo pascal 3.0... :( 3.Important commands in DOS ok now u are in dos and want to find out about the network... go into all possible directories and look around... try to find a program just called help.exe... it is a novell network reference with all kinds of information on every dos command and so on... anyways.. here are the most important commands that u will use: if u type RIGHTS u will see a number of attribute rights that tells u what u can do in the specified/ current directory... usually that will be only [ F R ] or so and means u can file-scan (or type dir:) and can only read files... yeahh that sux.. the next important thing is GRANT and with that u can grant urself or any- body access to a directory if u have the A attribute in that dir. With REVOKE u can remove the rights from some lusers :-).. with TLIST u can find out who else has rights to a certain directory or so (VERY IMPORTANT WITH HACK.EXE LATER ON)... then use USERLIST to see who's logged in.. and SEND to send anybody messages.. in my class some stupid kids were sending messages all the time and annoyed me like shit.. well in this case just type CASTOFF and u won't receive no more messages... there are lot of other interesting commands that i forgot rite now but these listed here are the most important ones... 4.Novell Network Hackers To get sysop access i tried almost every possible thing and I got it a couple of times that's the reason why i am gettin' an F this year in computer science.. there are some real nice programs out there that I put together with this doc so u can use 'em too... Hack.exe Hack exe fools the file-server, but it requires that a SuperVisor (*not the sysop*) is logged on... if he is then just start the program and the file-server thinks u are sysop and u have all rights (granting time!! :)... i did this but my computer science teacher used tlist.exe to find out that i had access to *his* directories, so he just deleted my account... don't grant access to those kind of dirs.. View.exe Use that to see if the supervisor is logged on Netcrack.exe This program simply checks all possible passwords for a given ID. that means it can take 30 hrs. to find a [long] password... but i just included it .. who knows.. Knock.exe This program is the patched ATTACH command... the ATTACH com- mand lets u change from one ID to another one... but here u don't have to input the password..:-)..unfortunately it isn't compatible with all netbios versions or so and it just froze the computer in my school's network... !*!*!*! THERE ARE SECURITY PATCHES FOR ALL THOSE PROGRAMS BY NOVELL !*!*!*! 5. SPY/SPY_VIEW This one was my last hope... i coded it myself in a mixture of asm/tp... it's a tsr program that captures all keys to ram... well u might thinks that's lame cuz u have seen tools like SPY all over.. no way.. yeah way.. the reason is that the usualy key capture programs change either interrupt 09h/21h/16h to get the key value... that's what i tried first but it doesn't work... during the login process novell network uses its own keyboard routines or they just restore those interrupts mentioned earlier but u fucking can't capture keys.. hmm.. i thought to myself there got to be some damn way... well i finally had the idea while sh***ing on the toilet... instead of using those interrupts i finally used timer interrupt 8h and i also used I/O port 60h to read the keys... the problem was that the scan codes from port 60h are not ascii format so i had to kinda decrypt them with my viewer program... whatsoevr.. just run my SPY and enter the segment memory adress.. this should be somewhere at the end of conventional memory, e.g. i usually use 9000 and it works fine.. then it's resident in memory and log out... call ur teacher or any person that they show u something on your computer with turbo pascal or so... my teacher and i worked on some problems with the net but b4 he logged on i had installed SPY... it captured his login name + password... if u use SPY_VIEW u will probably find some bs like this: <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> SPY Viewer coded by PeRSeUs oF EmC... Segmend address: 9000h Number of keys pressed: 101 9000:0000 LLOGOUTLLOOGINNSSYSOOPHHUUGGOODDIRCLSSPPY???--VVIIEWW ?? 9000:0040 ????????????????????????????. T.TTXT??????????????????????????? <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> first it might look pretty weird cuz instead of 'LOGOUT' u see 'LLOGOUT'.. well.. that's one of the disadvantages using timer int. 8h and port 60h... but it seems to be the only way and it's better than nuthin' :-) ok.. here u see login, sysop and then hugo... here we got his password... (even if it's a real dumb one)... the viewer only "translates" letters and numbers and a couple of other chars. from raw scan code into ascii... the ? indicates that it was some key like shift or f10... also.. where u see the dash -- i actually pressed the key+shit (i.e. __) but as i said it can't record that... so that's about all i learned/hacked about LANs... if u got any ideas or whatever.. please contact me at the MiLLENiUM BbS..EmC USHQ..3o5 Nup Found on any quality h/p or - Warez Board ... cy'around in cyberspace ...