Re: Pen Testing Novell



Have you tried Pandora by Simple Nomad?

http://www.nmrc.org/project/pandora/index.html

-HObbES

This one time, ROB DIXON wrote:
Here are a couple of links taht may be helpful.

http://www.frsirt.com/english/product/2717

http://www.vulnerabilityscanning.com/Netware-Security.htm

Also, maybe the groupwise webaccess application isnt vulnerable, but maybe you could get in through an apache vulnerability?

Groupwise 6.5 and 7 both running natively on Apache. depending on the service pack level of the netware OS they may be running 1.2. Plenty of opportunity ;)

New Guy..out

Robert L. Dixon, CSO
CHFI A+
Netware/GroupWise Administrator
State of West Virginia's
Office of Techonology
Infrastructure Applications
Telephone: (304)-558-5472 ex.4225
Cellphone: (304)-549-2068
Email:rdixon@xxxxxxxxxxxxxxx
"Ivan ." <ivanhec@xxxxxxxxx> >>>
Jon

You can find some info here, might be a little old.

http://www.nmrc.org/project/pandora/

http://www.nmrc.org/pub/

cheers
Ivan

On 1/25/06, Jon Gucinski <Jgucinski@xxxxxxxxxxxxxxx> wrote:
Has anyone ever run a pen test against Novell GroupWise or Novell
Directory Services? Can you recommend any good ways to test security,
snag a password file, etc?

Thanks,

-Jon

NOTICE: This electronic mail message and any files transmitted with
it are intended exclusively for the individual or entity to which it
is addressed. The message, together with any attachment, may contain
confidential and/or privileged information. Any unauthorized review,
use, printing, saving, copying, disclosure or distribution is
strictly prohibited. If you have received this message in error,
please immediately advise the sender by reply email and delete all
copies.


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

--
It is proverbial that from (\`--/') _ _______ .-r-.
a hungry tiger and an >.~.\ `` ` `,`,`. ,'_'~`.
affectionate woman there is (v_," ; `,-\ ; : ; \/,-~) \
no escape. -Ernest Bramah `--'_..),-/ ' ' '_.>-' )`.`.__.')
hobbes at vaxer dot net ((,((,__..'~~~~~~((,__..' `-..-'fL

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------