How to crack Novell NetWare Passwords

Pandora

Use the Pandora project - Pandora is a set of tools for hacking, intruding, and testing the security and insecurity of Novell Netware. It works on versions 4 and 5. Pandora consists of two distinct sets of programs -- an "online" version and an"offline" version. Pandora Online is intended to be used for direct attack against a live Netware 4 or 5 server. Pandora Offline is intended to be used for password cracking after you have obtained copies of NDS.

Use of psexec and pmdump

On a Novell 7 environment use both psexec and pmdump (tool that lets you dump the memory contents of a process to a file without stopping the process) as follows:

psexec \\hostname -u username -p password -s -f -c pmdump -list

Find the PID of the Gwise.exe service. Then:

psexec \\hostname -u -p password -s -f -c pmdump PID PID_dump.txt

This will dump the memory to \\hostname\c$\windows\system32. Open the dump file in a hex editor and search for an organizational string, like an OU in the targets memory dump file. From there you can find the Novell password for the user within the file.

Bypass login screen

If you know the password of an user under the Microsoft login screen, but can't access to it because of Novell Client, here are some tricks to bypass the Novell login screen :

- Start up in safe mode (without networking) and enter the registry with regedit. Look for a string called NWGina, GINA.DLL or NWGINAL.DLL. That is the dll responsible for the login screen. You may replace NWGINA.DLL with MSGINA.DLL to revert back to the Microsoft way of handling this.

- If you are using Win2k or XP, you can have two distinct logins using the NetWare client. Under the "advanced" properties of the client login tab, select "Windows" login tab.

- Try unplugging LAN cable to see if that helps. That may force a local logon..

- In "Network Settings", right click "Lan connection" > Properties, use Windows client log on and remove Novell. Also make sure your workgroup name is the same as the one you want to join. Also check your TCP/IP properties are set to auto for ip addressing.

- If the user's Novell & Windows password same, on Novell Client properties, Advanced Login tab, set "Copy NetWare username to Windows"=on. User only needs to enter password once.

Links

- Getting Access to Accounts + Crack them
- Netware Accounts
- Netware Passwords
- Netware Console Attacks
- Netware Client Attacks
- Netware Denial of Service
- Netware Logging and Backdoors
- Netware Misc. Attack Info