Novell Server Permissions and Vulnerabilities

 < Day Day Up > 

Novell NetWare has been a popular server platform for two decades. Current Novell systems use an architecture that is similar to Active Directory with Windows called Novell Directory Services (NDS). The NDS tree is broken down into an organization (O) and a number of organizational units (OU) that contain objects such as users, printers, and servers. You can assign rights within an NDS tree to control how much control network administrators have over a section of the tree, and you can assign them to directories and files to control what access users have on a server.

Prior to IntraNetWare 4.11, NetWare was a flat bindery-based system without a directory hierarchy. Without the use of an NDS tree, you could assign permissions only to directories and files.

NetWare has eight basic rights, as listed in Table 13-2.

Table 13-2. Novell NetWare Rights

Right

Description

Supervisory (S)

A user has all rights.

Read (R)

A user can open or execute a file.

Write (W)

A user can open and modify a file.

Create

Assigned to a directory, a user who has Create permissions can create files and subdirectories within a directory.

Erase

A user can delete a file.

Modify (M)

A user can rename a file or change its attributes. This right does not allow a user to modify the contents of a file (use the Write permission to grant access to modify the contents).

File Scan (F)

A user can see the contents of a directory.

Access Control

This allows a user to modify permissions on a directory or file.


The equivalent to a superuser (UNIX ) or administrator (Windows) in Novell is the admin account, which has supervisor rights over the network. As a penetration tester, your goal is to gain supervisory access to a target system.

Two of the most popular tools for hacking Novell systems are Pandora and NovelFFS.

Pandora

Pandora is a suite of tools that uses Novell Get Nearest Server (GNS) requests to enumerate user accounts. By listening to these requests, Pandora can scan target servers and grab user accounts without logging in.

With a backup copy of NDS, you can use Pandora to perform a dictionary attack against all user accounts.

NovelFFS

The Novel Fake File Server (NovelFFS), similar to Pandora, listens to GNS requests to cache server names. NovelFFS creates a fake file server on a network lasting about two minutes. This is just enough time to learn about other servers and user accounts on a network. When a client learns of this fake server and attempts to log into it, NovelFFS captures the logon credentials for you.

     < Day Day Up > 


    Penetration Testing and Network Defense
    Penetration Testing and Network Defense
    ISBN: 1587052083
    EAN: 2147483647
    Year: 2005
    Pages: 209

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net