From: Forrest Rae (forrest.rae@code-lab.com)
Date: Wed Jul 03 2002 - 22:26:31 EDT
Hello,
If TCP port 524 is open, and the [PUBLIC] object has browse rights to
the NDS tree, then enumerating information is possible.
Simple Nomad's Advisory on this issue:
http://razor.bindview.com/publish/advisories/adv_novellleak.html
The tool for enumerating information from TCP port 524:
http://razor.bindview.com/tools/files/ncpquery-1.2.tgz
SAP Types that can be used with NCP Query:
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10050864.htm
I also wrote a presentation on a Nessus plugin I authored that retrieves
the Netware server name and NDS tree name from a Netware server via TCP
port 524. The presentation touches some NCP protocol basics.
http://forrest.rae.nu/presentations/nds-nasl/html/
I've never touch a Novonyx web server, sorry.
-Forrest
On Wednesday 03 July 2002 11:50, Rainer Duffner wrote:
> Hi,
>
> I have found some Novell-server during a pentest (in fact, the site
> is a pretty much a complete Novell-Shop, minus things like Citrix).
>
> Anyway, there's a webserver with some Novonyx (remember that ?)
> Sample-Files and there's an LDAP-Server that exports what looks like
> part of the NDS (minus passwords, but some email-addresses).
>
> It also has 427/tcp and 524/tcp open (well, nmap says) - are there
> any tools that can enumerate more information from the server through
> these ports - if at all ?
> I assume, these are Novell-specific ports.
>
> Finally: does pandora only work locally ?
>
>
> cheers,
> Rainer
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:23 EDT