Re: Pen Testing Novell

From: HObbES (hobbes@maple.vaxer.net)
Date: Thu Feb 02 2006 - 13:29:06 EST

• Next message: Steve Friedl: "Re: Getting a Machines Uptime Remotely"
• Previous message: Petr.Kazil@eap.nl: "SAP R/3 password encryption ?"
• In reply to: ROB DIXON: "Re: Pen Testing Novell"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Have you tried Pandora by Simple Nomad?

http://www.nmrc.org/project/pandora/index.html

-HObbES

This one time, ROB DIXON wrote:
> Here are a couple of links taht may be helpful.
>
> http://www.frsirt.com/english/product/2717
>
> http://www.vulnerabilityscanning.com/Netware-Security.htm
>
> Also, maybe the groupwise webaccess application isnt vulnerable, but maybe you could get in through an apache vulnerability?
>
> Groupwise 6.5 and 7 both running natively on Apache. depending on the service pack level of the netware OS they may be running 1.2. Plenty of opportunity ;)
>
> New Guy..out
>
> Robert L. Dixon, CSO
> CHFI A+
> Netware/GroupWise Administrator
> State of West Virginia's
> Office of Techonology
> Infrastructure Applications
> Telephone: (304)-558-5472 ex.4225
> Cellphone: (304)-549-2068
> Email:rdixon@workforcewv.org
> >>> "Ivan ." <ivanhec@gmail.com> >>>
> Jon
>
> You can find some info here, might be a little old.
>
> http://www.nmrc.org/project/pandora/
>
> http://www.nmrc.org/pub/
>
> cheers
> Ivan
>
> On 1/25/06, Jon Gucinski <Jgucinski@midwestbank.com> wrote:
> > Has anyone ever run a pen test against Novell GroupWise or Novell
> > Directory Services? Can you recommend any good ways to test security,
> > snag a password file, etc?
> >
> > Thanks,
> >
> > -Jon
> >
> > NOTICE: This electronic mail message and any files transmitted with
> > it are intended exclusively for the individual or entity to which it
> > is addressed. The message, together with any attachment, may contain
> > confidential and/or privileged information. Any unauthorized review,
> > use, printing, saving, copying, disclosure or distribution is
> > strictly prohibited. If you have received this message in error,
> > please immediately advise the sender by reply email and delete all
> > copies.
> >
> >
> > ------------------------------------------------------------------------------
> > Audit your website security with Acunetix Web Vulnerability Scanner:
> >
> > Hackers are concentrating their efforts on attacking applications on your
> > website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> > login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
> > futile against web application hacking. Check your website for vulnerabilities
> > to SQL injection, Cross site scripting and other web attacks before hackers do!
> > Download Trial at:
> >
> > http://www.securityfocus.com/sponsor/pen-test_050831
> > -------------------------------------------------------------------------------
> >
> >
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
> futile against web application hacking. Check your website for vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>
>
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
> futile against web application hacking. Check your website for vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>

--
It is proverbial that from   (\`--/') _ _______ .-r-.  
a hungry tiger and an         >.~.\ `` ` `,`,`. ,'_'~`.          
affectionate woman there is  (v_," ; `,-\ ; : ; \/,-~) \            
no escape. -Ernest Bramah     `--'_..),-/ ' ' '_.>-' )`.`.__.')   
hobbes at vaxer dot net      ((,((,__..'~~~~~~((,__..'  `-..-'fL    
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Steve Friedl: "Re: Getting a Machines Uptime Remotely"
• Previous message: Petr.Kazil@eap.nl: "SAP R/3 password encryption ?"
• In reply to: ROB DIXON: "Re: Pen Testing Novell"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:26 EDT