hackfaq.html
8baddc70feff2c4922f880b38352cc5a<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"><HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.6">
<TITLE>The Hack FAQ</TITLE>
<LINK REL="next" HREF="hackfaq-1.html">
</HEAD>
<BODY BGCOLOR="black" VLINK="gray" TEXT="white" LINK="gray" HLINK="red">
<A HREF="hackfaq-1.html">Next</A>
Previous
Contents
<HR>
<H1>The Hack FAQ</H1>
<H2>Simple Nomad
<A HREF="mailto:thegnome@nmrc.org">(thegnome@nmrc.org)</A></H2>June 6, 1999
<P><HR>
<EM>This FAQ is intended to show and explain the steps and techniques behind hacking. While it serves both admin and hacker alike, the perspective is from the intruder.</EM>
<HR>
<P>
<H2><A NAME="toc1">1.</A> <A HREF="hackfaq-1.html">General FAQ Info</A></H2>
<UL>
<LI><A HREF="hackfaq-1.html#ss1.1">1.1 How do I add to this FAQ?</A>
<LI><A HREF="hackfaq-1.html#ss1.2">1.2 How was this FAQ prepared?</A>
<LI><A HREF="hackfaq-1.html#ss1.3">1.3 Is this FAQ available by anonymous FTP or WWW?</A>
<LI><A HREF="hackfaq-1.html#ss1.4">1.4 What is the mission and goal of the FAQ?</A>
<LI><A HREF="hackfaq-1.html#ss1.5">1.5 Where is the disclaimer?</A>
<LI><A HREF="hackfaq-1.html#ss1.6">1.6 Contributions (and thanks to...)</A>
<LI><A HREF="hackfaq-1.html#ss1.7">1.7 Other credits...</A>
<LI><A HREF="hackfaq-1.html#ss1.8">1.8 Changelog</A>
</UL>
<P>
<H2><A NAME="toc2">2.</A> <A HREF="hackfaq-2.html">Attack Basics</A></H2>
<UL>
<LI><A HREF="hackfaq-2.html#ss2.1">2.1 What are the four steps to hacking?</A>
</UL>
<P>
<H2><A NAME="toc3">3.</A> <A HREF="hackfaq-3.html">Account Basics</A></H2>
<UL>
<LI><A HREF="hackfaq-3.html#ss3.1">3.1 What are accounts?</A>
<LI><A HREF="hackfaq-3.html#ss3.2">3.2 What are groups?</A>
</UL>
<P>
<H2><A NAME="toc4">4.</A> <A HREF="hackfaq-4.html">Password Basics</A></H2>
<UL>
<LI><A HREF="hackfaq-4.html#ss4.1">4.1 What are some password basics?</A>
<LI><A HREF="hackfaq-4.html#ss4.2">4.2 Why protect the hashes?</A>
<LI><A HREF="hackfaq-4.html#ss4.3">4.3 What is a "dictionary" password cracker?</A>
<LI><A HREF="hackfaq-4.html#ss4.4">4.4 What is a "brute force" password cracker?</A>
<LI><A HREF="hackfaq-4.html#ss4.5">4.5 Which method is best for cracking?</A>
<LI><A HREF="hackfaq-4.html#ss4.6">4.6 What is a "salt"?</A>
<LI><A HREF="hackfaq-4.html#ss4.7">4.7 What are the "dangers" of cracking passwords?</A>
</UL>
<P>
<H2><A NAME="toc5">5.</A> <A HREF="hackfaq-5.html">Denial of Service Basics</A></H2>
<UL>
<LI><A HREF="hackfaq-5.html#ss5.1">5.1 What is "Denial of Service"?</A>
<LI><A HREF="hackfaq-5.html#ss5.2">5.2 What is the Ping of Death?</A>
<LI><A HREF="hackfaq-5.html#ss5.3">5.3 What is a SYN Flood attack?</A>
<LI><A HREF="hackfaq-5.html#ss5.4">5.4 What are other popular Denial of Service attacks?</A>
</UL>
<P>
<H2><A NAME="toc6">6.</A> <A HREF="hackfaq-6.html">Misc Info</A></H2>
<UL>
<LI><A HREF="hackfaq-6.html#ss6.1">6.1 What is a "backdoor"?</A>
<LI><A HREF="hackfaq-6.html#ss6.2">6.2 Why do I care about auditing, accounting, and logging?</A>
<LI><A HREF="hackfaq-6.html#ss6.3">6.3 What are some different logging techniques used by Admins?</A>
<LI><A HREF="hackfaq-6.html#ss6.4">6.4 Why should I not just delete the log files?</A>
<LI><A HREF="hackfaq-6.html#ss6.5">6.5 What is a buffer overflow?</A>
<LI><A HREF="hackfaq-6.html#ss6.6">6.6 What's the story with WinGate?</A>
<LI><A HREF="hackfaq-6.html#ss6.7">6.7 How do I find these buggy WinGates I can use?</A>
<LI><A HREF="hackfaq-6.html#ss6.8">6.8 What's with ICQ?</A>
</UL>
<P>
<H2><A NAME="toc7">7.</A> <A HREF="hackfaq-7.html">Web Browser</A></H2>
<UL>
<LI><A HREF="hackfaq-7.html#ss7.1">7.1 What is "unsafe" about my browser?</A>
<LI><A HREF="hackfaq-7.html#ss7.2">7.2 What is vulnerable about history, bookmark, and cache files?</A>
<LI><A HREF="hackfaq-7.html#ss7.3">7.3 What other browser files are important?</A>
<LI><A HREF="hackfaq-7.html#ss7.4">7.4 Can you tell me more about the "cookie" file?</A>
<LI><A HREF="hackfaq-7.html#ss7.5">7.5 How can I protect my browser files?</A>
<LI><A HREF="hackfaq-7.html#ss7.6">7.6 So why all of the paranioa about browsers?</A>
</UL>
<P>
<H2><A NAME="toc8">8.</A> <A HREF="hackfaq-8.html">The Web Browser as an Attack Tool</A></H2>
<UL>
<LI><A HREF="hackfaq-8.html#ss8.1">8.1 What is phf?</A>
<LI><A HREF="hackfaq-8.html#ss8.2">8.2 What's the "test" hack?</A>
<LI><A HREF="hackfaq-8.html#ss8.3">8.3 What about that "tilde" character? </A>
<LI><A HREF="hackfaq-8.html#ss8.4">8.4 What is the jj.c problem?</A>
<LI><A HREF="hackfaq-8.html#ss8.5">8.5 What's the deal with forms?</A>
<LI><A HREF="hackfaq-8.html#ss8.6">8.6 What will this look like in the target's log files?</A>
<LI><A HREF="hackfaq-8.html#ss8.7">8.7 What's the deal with Server-Side Includes?</A>
<LI><A HREF="hackfaq-8.html#ss8.8">8.8 What if SSIs are turned on but includes are stripped from user input?</A>
<LI><A HREF="hackfaq-8.html#ss8.9">8.9 What are SSL and SHTTP?</A>
<LI><A HREF="hackfaq-8.html#ss8.10">8.10 How can I attack "anonymously"?</A>
<LI><A HREF="hackfaq-8.html#ss8.11">8.11 What is the "asp dot" attack?</A>
<LI><A HREF="hackfaq-8.html#ss8.12">8.12 What is the campas attack?</A>
<LI><A HREF="hackfaq-8.html#ss8.13">8.13 What is the count.cgi attack?</A>
<LI><A HREF="hackfaq-8.html#ss8.14">8.14 What is the faxsurvey attack?</A>
<LI><A HREF="hackfaq-8.html#ss8.15">8.15 What about finger.cgi?</A>
<LI><A HREF="hackfaq-8.html#ss8.16">8.16 What is the glimpse exploit?</A>
<LI><A HREF="hackfaq-8.html#ss8.17">8.17 What are some other CGI scripts that allow remote command execution?</A>
<LI><A HREF="hackfaq-8.html#ss8.18">8.18 What are the MetaInfo attacks?</A>
</UL>
<P>
<H2><A NAME="toc9">9.</A> <A HREF="hackfaq-9.html">NT Basics</A></H2>
<UL>
<LI><A HREF="hackfaq-9.html#ss9.1">9.1 What are the components of NT security?</A>
<LI><A HREF="hackfaq-9.html#ss9.2">9.2 How does the authentication of a user actually work?</A>
<LI><A HREF="hackfaq-9.html#ss9.3">9.3 What is "standalone" vs. "workgroup" vs. "domain"?</A>
<LI><A HREF="hackfaq-9.html#ss9.4">9.4 What is a Service Pack?</A>
<LI><A HREF="hackfaq-9.html#ss9.5">9.5 What is a Hot Fix?</A>
<LI><A HREF="hackfaq-9.html#ss9.6">9.6 Where are Service Packs and Hot Fixes?</A>
<LI><A HREF="hackfaq-9.html#ss9.7">9.7 What's with "C2 certification"?</A>
<LI><A HREF="hackfaq-9.html#ss9.8">9.8 Are there are interesting default groups to be aware of?</A>
<LI><A HREF="hackfaq-9.html#ss9.9">9.9 What are the default directory permissions?</A>
<LI><A HREF="hackfaq-9.html#ss9.10">9.10 Are there any special restrictions surrounding the Administrative Tools group in Presentation Manager?</A>
<LI><A HREF="hackfaq-9.html#ss9.11">9.11 What is the Registry?</A>
<LI><A HREF="hackfaq-9.html#ss9.12">9.12 What are hives?</A>
<LI><A HREF="hackfaq-9.html#ss9.13">9.13 Why is the Registry like this and why do I care?</A>
<LI><A HREF="hackfaq-9.html#ss9.14">9.14 What is the deal with Microsoft's implementation of PPTP?</A>
</UL>
<P>
<H2><A NAME="toc10">10.</A> <A HREF="hackfaq-10.html">NT Accounts</A></H2>
<UL>
<LI><A HREF="hackfaq-10.html#ss10.1">10.1 What are common accounts and passwords in NT?</A>
<LI><A HREF="hackfaq-10.html#ss10.2">10.2 What if the Sys Admin has renamed the Administrator account?</A>
<LI><A HREF="hackfaq-10.html#ss10.3">10.3 How can I figure out valid account names for NT?</A>
<LI><A HREF="hackfaq-10.html#ss10.4">10.4 What can null sessions to an NT machine tell me?</A>
</UL>
<P>
<H2><A NAME="toc11">11.</A> <A HREF="hackfaq-11.html">NT Passwords</A></H2>
<UL>
<LI><A HREF="hackfaq-11.html#ss11.1">11.1 How do I access the password file in NT?</A>
<LI><A HREF="hackfaq-11.html#ss11.2">11.2 What do I do with a copy of SAM?</A>
<LI><A HREF="hackfaq-11.html#ss11.3">11.3 What's the full story with NT passwords?</A>
<LI><A HREF="hackfaq-11.html#ss11.4">11.4 How does brute force password cracking work with NT?</A>
<LI><A HREF="hackfaq-11.html#ss11.5">11.5 How does dictionary password cracking work with NT?</A>
<LI><A HREF="hackfaq-11.html#ss11.6">11.6 I lost the NT Administrator password. What do I do?</A>
<LI><A HREF="hackfaq-11.html#ss11.7">11.7 How does a Sys Admin enforce better passwords?</A>
<LI><A HREF="hackfaq-11.html#ss11.8">11.8 Can an Sys Admin prevent/stop SAM extraction?</A>
<LI><A HREF="hackfaq-11.html#ss11.9">11.9 How is password changing related to "last login time"?</A>
</UL>
<P>
<H2><A NAME="toc12">12.</A> <A HREF="hackfaq-12.html">NT Console Attacks</A></H2>
<UL>
<LI><A HREF="hackfaq-12.html#ss12.1">12.1 What does direct console access for NT get me?</A>
<LI><A HREF="hackfaq-12.html#ss12.2">12.2 What about NT's file system?</A>
<LI><A HREF="hackfaq-12.html#ss12.3">12.3 What is Netmon and why do I care?</A>
</UL>
<P>
<H2><A NAME="toc13">13.</A> <A HREF="hackfaq-13.html">NT Client Attacks</A></H2>
<UL>
<LI><A HREF="hackfaq-13.html#ss13.1">13.1 What is GetAdmin.exe and Crash4.exe?</A>
<LI><A HREF="hackfaq-13.html#ss13.2">13.2 Should I even try for local administrator access?</A>
<LI><A HREF="hackfaq-13.html#ss13.3">13.3 I have guest remote access. How can I get administrator access?</A>
<LI><A HREF="hackfaq-13.html#ss13.4">13.4 What about %systemroot%\system32 being writeable?</A>
<LI><A HREF="hackfaq-13.html#ss13.5">13.5 What if the permissions are restricted on the server?</A>
<LI><A HREF="hackfaq-13.html#ss13.6">13.6 What exactly does the NetBios Auditing Tool do?</A>
<LI><A HREF="hackfaq-13.html#ss13.7">13.7 What is the "Red Button" bug?</A>
<LI><A HREF="hackfaq-13.html#ss13.8">13.8 What about forging DNS packets for subversive purposes?</A>
<LI><A HREF="hackfaq-13.html#ss13.9">13.9 What about shares?</A>
<LI><A HREF="hackfaq-13.html#ss13.10">13.10 How do I get around a packet filter-based firewall?</A>
<LI><A HREF="hackfaq-13.html#ss13.11">13.11 I hack from my Linux box. How can I do all that GUI stuff on remote NT servers?</A>
</UL>
<P>
<H2><A NAME="toc14">14.</A> <A HREF="hackfaq-14.html">NT Denial of Service</A></H2>
<UL>
<LI><A HREF="hackfaq-14.html#ss14.1">14.1 What can telnet give me in the way of denial of service?</A>
<LI><A HREF="hackfaq-14.html#ss14.2">14.2 What can I do with Samba?</A>
<LI><A HREF="hackfaq-14.html#ss14.3">14.3 What's with ROLLBACK.EXE?</A>
<LI><A HREF="hackfaq-14.html#ss14.4">14.4 What is an OOB attack?</A>
<LI><A HREF="hackfaq-14.html#ss14.5">14.5 Are there any other Denial of Service attacks?</A>
</UL>
<P>
<H2><A NAME="toc15">15.</A> <A HREF="hackfaq-15.html">NT Logging and Backdoors</A></H2>
<UL>
<LI><A HREF="hackfaq-15.html#ss15.1">15.1 Where are the common log files in NT?</A>
<LI><A HREF="hackfaq-15.html#ss15.2">15.2 How do I edit/change NT log files without being detected?</A>
<LI><A HREF="hackfaq-15.html#ss15.3">15.3 So how can I view/clear/edit the Security Log?</A>
<LI><A HREF="hackfaq-15.html#ss15.4">15.4 How can I turn off auditing in NT?</A>
</UL>
<P>
<H2><A NAME="toc16">16.</A> <A HREF="hackfaq-16.html">NT Misc. Attack Info</A></H2>
<UL>
<LI><A HREF="hackfaq-16.html#ss16.1">16.1 How is file and directory security enforced?</A>
<LI><A HREF="hackfaq-16.html#ss16.2">16.2 What is NTFS?</A>
<LI><A HREF="hackfaq-16.html#ss16.3">16.3 Are there are vulnerabilities to NTFS and access controls?</A>
<LI><A HREF="hackfaq-16.html#ss16.4">16.4 What is Samba and why is it important?</A>
<LI><A HREF="hackfaq-16.html#ss16.5">16.5 How do I bypass the screen saver?</A>
<LI><A HREF="hackfaq-16.html#ss16.6">16.6 How can I detect that a machine is in fact NT on the network?</A>
<LI><A HREF="hackfaq-16.html#ss16.7">16.7 Can I do on-the-fly disk encryption on NT?</A>
<LI><A HREF="hackfaq-16.html#ss16.8">16.8 Does the FTP service allow passive connections?</A>
<LI><A HREF="hackfaq-16.html#ss16.9">16.9 What is this "port scanning" you are talking about?</A>
<LI><A HREF="hackfaq-16.html#ss16.10">16.10 Does NT have bugs like Unix' sendmail?</A>
<LI><A HREF="hackfaq-16.html#ss16.11">16.11 How is password changing related to "last login time"?</A>
<LI><A HREF="hackfaq-16.html#ss16.12">16.12 Can sessions be hijacked?</A>
<LI><A HREF="hackfaq-16.html#ss16.13">16.13 Are "man in the middle" attacks possible?</A>
<LI><A HREF="hackfaq-16.html#ss16.14">16.14 What about TCP Sequence Number Prediction?</A>
<LI><A HREF="hackfaq-16.html#ss16.15">16.15 What's the story with buffer overflows on NT?</A>
</UL>
<P>
<H2><A NAME="toc17">17.</A> <A HREF="hackfaq-17.html">Netware Basics</A></H2>
<UL>
<LI><A HREF="hackfaq-17.html#ss17.1">17.1 </A>
</UL>
<P>
<H2><A NAME="toc18">18.</A> <A HREF="hackfaq-18.html">Netware Accounts</A></H2>
<UL>
<LI><A HREF="hackfaq-18.html#ss18.1">18.1 What are common accounts and passwords for Netware?</A>
<LI><A HREF="hackfaq-18.html#ss18.2">18.2 How can I figure out valid account names on Netware?</A>
</UL>
<P>
<H2><A NAME="toc19">19.</A> <A HREF="hackfaq-19.html">Netware Passwords</A></H2>
<UL>
<LI><A HREF="hackfaq-19.html#ss19.1">19.1 How do I access the password file in Netware?</A>
<LI><A HREF="hackfaq-19.html#ss19.2">19.2 What's the full story with Netware passwords?</A>
<LI><A HREF="hackfaq-19.html#ss19.3">19.3 How does password cracking work with Netware?</A>
<LI><A HREF="hackfaq-19.html#ss19.4">19.4 How does password cracking work with Netware?</A>
<LI><A HREF="hackfaq-19.html#ss19.5">19.5 Can an Sys Admin prevent/stop Netware password hash extraction?</A>
<LI><A HREF="hackfaq-19.html#ss19.6">19.6 Can I reset an NDS password with just limited rights?</A>
<LI><A HREF="hackfaq-19.html#ss19.7">19.7 What is OS2NT.NLM?</A>
<LI><A HREF="hackfaq-19.html#ss19.8">19.8 How does password encryption work?</A>
<LI><A HREF="hackfaq-19.html#ss19.9">19.9 Can I login without a password?</A>
<LI><A HREF="hackfaq-19.html#ss19.10">19.10 What's with Windows 95 and Netware passwords?</A>
</UL>
<P>
<H2><A NAME="toc20">20.</A> <A HREF="hackfaq-20.html">Netware Console Attacks</A></H2>
<UL>
<LI><A HREF="hackfaq-20.html#ss20.1">20.1 What's the "secret" way to get Supe access Novell once taught CNE's?</A>
<LI><A HREF="hackfaq-20.html#ss20.2">20.2 How do I use SETPWD.NLM?</A>
<LI><A HREF="hackfaq-20.html#ss20.3">20.3 I don't have SETPWD.NLM or a disk editor. How can I get Supe access?</A>
<LI><A HREF="hackfaq-20.html#ss20.4">20.4 What's the "debug" way to disable passwords?</A>
<LI><A HREF="hackfaq-20.html#ss20.5">20.5 How do I defeat console logging?</A>
<LI><A HREF="hackfaq-20.html#ss20.6">20.6 Can I set the RCONSOLE password to work for just Supervisor?</A>
<LI><A HREF="hackfaq-20.html#ss20.7">20.7 How can I get around a locked MONITOR?</A>
<LI><A HREF="hackfaq-20.html#ss20.8">20.8 Where are the Login Scripts stored in Netware 4.x and can I edit them?</A>
<LI><A HREF="hackfaq-20.html#ss20.9">20.9 What if I can't see SYS:_NETWARE?</A>
<LI><A HREF="hackfaq-20.html#ss20.10">20.10 So how do I access SYS:_NETWARE?</A>
<LI><A HREF="hackfaq-20.html#ss20.11">20.11 How can I boot my server without running STARTUP.NCF/AUTOEXEC.NCF?</A>
<LI><A HREF="hackfaq-20.html#ss20.12">20.12 What else can be done with console access?</A>
</UL>
<P>
<H2><A NAME="toc21">21.</A> <A HREF="hackfaq-21.html">Netware Client Attacks</A></H2>
<UL>
<LI><A HREF="hackfaq-21.html#ss21.1">21.1 What is the cheesy way to get Supervisor access?</A>
<LI><A HREF="hackfaq-21.html#ss21.2">21.2 How can I login without running the System Login Script in Netware 3.x?</A>
<LI><A HREF="hackfaq-21.html#ss21.3">21.3 How can I get IP info from a Netware server remotely?</A>
<LI><A HREF="hackfaq-21.html#ss21.4">21.4 Does 4.x store the LOGIN password to a temporary file?</A>
<LI><A HREF="hackfaq-21.html#ss21.5">21.5 Everyone can make themselves equivalent to anyone including Admin. How?</A>
<LI><A HREF="hackfaq-21.html#ss21.6">21.6 Can Windows 95 bypass NetWare user security?</A>
<LI><A HREF="hackfaq-21.html#ss21.7">21.7 What is Packet Signature and how do I get around it?</A>
</UL>
<P>
<H2><A NAME="toc22">22.</A> <A HREF="hackfaq-22.html">Netware Denial of Service</A></H2>
<UL>
<LI><A HREF="hackfaq-22.html#ss22.1">22.1 How can I abend a Netware server?</A>
<LI><A HREF="hackfaq-22.html#ss22.2">22.2 Will Windows 95 cause server problems for Netware?</A>
<LI><A HREF="hackfaq-22.html#ss22.3">22.3 Will Windows 95 cause network problems for Netware?</A>
</UL>
<P>
<H2><A NAME="toc23">23.</A> <A HREF="hackfaq-23.html">Netware Logging and Backdoors</A></H2>
<UL>
<LI><A HREF="hackfaq-23.html#ss23.1">23.1 How do I leave a backdoor for Netware?</A>
<LI><A HREF="hackfaq-23.html#ss23.2">23.2 What is the rumored "backdoor" in NDS?</A>
<LI><A HREF="hackfaq-23.html#ss23.3">23.3 What is the bindery backdoor in Netware 4.x?</A>
<LI><A HREF="hackfaq-23.html#ss23.4">23.4 Where are the common log files in Netware?</A>
<LI><A HREF="hackfaq-23.html#ss23.5">23.5 What is Accounting?</A>
<LI><A HREF="hackfaq-23.html#ss23.6">23.6 How do I defeat Accounting?</A>
<LI><A HREF="hackfaq-23.html#ss23.7">23.7 What is Intruder Detection?</A>
<LI><A HREF="hackfaq-23.html#ss23.8">23.8 How do I check for Intruder Detection?</A>
<LI><A HREF="hackfaq-23.html#ss23.9">23.9 What are station/time restrictions?</A>
<LI><A HREF="hackfaq-23.html#ss23.10">23.10 How can I tell if something is being Audited in Netware 4.x?</A>
<LI><A HREF="hackfaq-23.html#ss23.11">23.11 How can I remove Auditing if I lost the Audit password?</A>
<LI><A HREF="hackfaq-23.html#ss23.12">23.12 What is interesting about Netware 4.x's licensing?</A>
<LI><A HREF="hackfaq-23.html#ss23.13">23.13 What is the Word Perfect 5.1 trick when running Netware 3.x over DOS?</A>
</UL>
<P>
<H2><A NAME="toc24">24.</A> <A HREF="hackfaq-24.html">Netware Misc. Attack Info</A></H2>
<UL>
<LI><A HREF="hackfaq-24.html#ss24.1">24.1 How do I spoof my node or IP address?</A>
<LI><A HREF="hackfaq-24.html#ss24.2">24.2 How can I see hidden files and directories?</A>
<LI><A HREF="hackfaq-24.html#ss24.3">24.3 How do I defeat the execute-only flag?</A>
<LI><A HREF="hackfaq-24.html#ss24.4">24.4 How can I hide my presence after altering files?</A>
<LI><A HREF="hackfaq-24.html#ss24.5">24.5 What is a Netware-aware trojan?</A>
<LI><A HREF="hackfaq-24.html#ss24.6">24.6 What are Trustee Directory Assignments?</A>
<LI><A HREF="hackfaq-24.html#ss24.7">24.7 Are there any default Trustee Assignments that can be exploited?</A>
<LI><A HREF="hackfaq-24.html#ss24.8">24.8 What are some general ways to exploit Trustee Rights?</A>
<LI><A HREF="hackfaq-24.html#ss24.9">24.9 Can access to .NCF files help me?</A>
<LI><A HREF="hackfaq-24.html#ss24.10">24.10 Can someone think they've logged out and I walk up and take over?</A>
<LI><A HREF="hackfaq-24.html#ss24.11">24.11 What other Novell and third party programs have holes that give "too much access"?</A>
<LI><A HREF="hackfaq-24.html#ss24.12">24.12 How can I get around disk space requirements?</A>
<LI><A HREF="hackfaq-24.html#ss24.13">24.13 How do I remotely reboot a Netware 3.x file server?</A>
<LI><A HREF="hackfaq-24.html#ss24.14">24.14 What is Netware NFS and is it secure?</A>
<LI><A HREF="hackfaq-24.html#ss24.15">24.15 Can sniffing packets help me break into Netware servers?</A>
<LI><A HREF="hackfaq-24.html#ss24.16">24.16 What else can sniffing around Netware get me?</A>
<LI><A HREF="hackfaq-24.html#ss24.17">24.17 Do any Netware utilities have holes like Unix utilities?</A>
<LI><A HREF="hackfaq-24.html#ss24.18">24.18 Where can I get the Netware APIs?</A>
<LI><A HREF="hackfaq-24.html#ss24.19">24.19 Are there alternatives to Netware's APIs?</A>
<LI><A HREF="hackfaq-24.html#ss24.20">24.20 How can I remove NDS?</A>
<LI><A HREF="hackfaq-24.html#ss24.21">24.21 What are security considerations regarding partitions of the tree?</A>
<LI><A HREF="hackfaq-24.html#ss24.22">24.22 Can a department "Supe" become a regular Admin to the entire tree?</A>
<LI><A HREF="hackfaq-24.html#ss24.23">24.23 Are there products to help improve Netware's security?</A>
<LI><A HREF="hackfaq-24.html#ss24.24">24.24 Is Netware's Web server secure?</A>
<LI><A HREF="hackfaq-24.html#ss24.25">24.25 What's the story with Netware's FTP NLM?</A>
<LI><A HREF="hackfaq-24.html#ss24.26">24.26 Can an IntranetWare server be compromised from the Internet?</A>
<LI><A HREF="hackfaq-24.html#ss24.27">24.27 Are there any problems with Novell's Groupwise?</A>
<LI><A HREF="hackfaq-24.html#ss24.28">24.28 Are there any problems with Netware's Macintosh namespace?</A>
<LI><A HREF="hackfaq-24.html#ss24.29">24.29 What's the story with buffer overflows on Netware?</A>
</UL>
<P>
<H2><A NAME="toc25">25.</A> <A HREF="hackfaq-25.html">Netware Mathematical/Theoretical Info</A></H2>
<UL>
<LI><A HREF="hackfaq-25.html#ss25.1">25.1 How does the whole password/login/encryption thing work?</A>
<LI><A HREF="hackfaq-25.html#ss25.2">25.2 Are "man in the middle" attacks possible?</A>
<LI><A HREF="hackfaq-25.html#ss25.3">25.3 Are Netware-aware viruses possible?</A>
<LI><A HREF="hackfaq-25.html#ss25.4">25.4 Can a trojaned LOGIN.EXE be inserted during the login process?</A>
<LI><A HREF="hackfaq-25.html#ss25.5">25.5 Is anything "vulnerable" during a password change?</A>
<LI><A HREF="hackfaq-25.html#ss25.6">25.6 Is "data diddling" possible?</A>
</UL>
<P>
<H2><A NAME="toc26">26.</A> <A HREF="hackfaq-26.html">Unix Accounts</A></H2>
<UL>
<LI><A HREF="hackfaq-26.html#ss26.1">26.1 What are common accounts and passwords for Unix?</A>
<LI><A HREF="hackfaq-26.html#ss26.2">26.2 How can I figure out valid account names for Unix?</A>
</UL>
<P>
<H2><A NAME="toc27">27.</A> <A HREF="hackfaq-27.html">Unix Passwords</A></H2>
<UL>
<LI><A HREF="hackfaq-27.html#ss27.1">27.1 How do I access the password file in Unix?</A>
<LI><A HREF="hackfaq-27.html#ss27.2">27.2 What's the full story with Unix passwords?</A>
<LI><A HREF="hackfaq-27.html#ss27.3">27.3 How does brute force password cracking work with Unix?</A>
<LI><A HREF="hackfaq-27.html#ss27.4">27.4 How does dictionary password cracking work with Unix?</A>
<LI><A HREF="hackfaq-27.html#ss27.5">27.5 How does a Sys Admin enforce better passwords and password management?</A>
<LI><A HREF="hackfaq-27.html#ss27.6">27.6 So what can I learn with a password file from a heavily secured system?</A>
</UL>
<P>
<H2><A NAME="toc28">28.</A> <A HREF="hackfaq-28.html">Unix Local Attacks</A></H2>
<UL>
<LI><A HREF="hackfaq-28.html#ss28.1">28.1 Why attack locally?</A>
<LI><A HREF="hackfaq-28.html#ss28.2">28.2 How do most exploits work?</A>
<LI><A HREF="hackfaq-28.html#ss28.3">28.3 So how does a buffer overflow work?</A>
</UL>
<P>
<H2><A NAME="toc29">29.</A> <A HREF="hackfaq-29.html">Unix Remote Attacks</A></H2>
<UL>
<LI><A HREF="hackfaq-29.html#ss29.1">29.1 What are remote hacks?</A>
</UL>
<P>
<H2><A NAME="toc30">30.</A> <A HREF="hackfaq-30.html">Unix Logging</A></H2>
<UL>
<LI><A HREF="hackfaq-30.html#ss30.1">30.1 Where are the common log files in Unix?</A>
<LI><A HREF="hackfaq-30.html#ss30.2">30.2 How do I edit/change the log files for Unix?</A>
</UL>
<P>
<H2><A NAME="toc31">31.</A> <A HREF="hackfaq-31.html">Hacker Resources</A></H2>
<UL>
<LI><A HREF="hackfaq-31.html#ss31.1">31.1 What are some security-related WWW locations?</A>
<LI><A HREF="hackfaq-31.html#ss31.2">31.2 What are some security-related USENET groups?</A>
<LI><A HREF="hackfaq-31.html#ss31.3">31.3 What are some security-related mailing lists?</A>
<LI><A HREF="hackfaq-31.html#ss31.4">31.4 What are some other FAQs?</A>
<LI><A HREF="hackfaq-31.html#ss31.5">31.5 Where are all of these files mentioned in the FAQ?</A>
</UL>
<HR>
<A HREF="hackfaq-1.html">Next</A>
Previous
Contents
</BODY>
</HTML>
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!