Hello, If TCP port 524 is open, and the [PUBLIC] object has browse rights to the NDS tree, then enumerating information is possible. Simple Nomad's Advisory on this issue: http://razor.bindview.com/publish/advisories/adv_novellleak.html The tool for enumerating information from TCP port 524: http://razor.bindview.com/tools/files/ncpquery-1.2.tgz SAP Types that can be used with NCP Query: http://support.novell.com/cgi-bin/search/searchtid.cgi?/10050864.htm I also wrote a presentation on a Nessus plugin I authored that retrieves the Netware server name and NDS tree name from a Netware server via TCP port 524. The presentation touches some NCP protocol basics. http://forrest.rae.nu/presentations/nds-nasl/html/ I've never touch a Novonyx web server, sorry. -Forrest On Wednesday 03 July 2002 11:50, Rainer Duffner wrote: > Hi, > > I have found some Novell-server during a pentest (in fact, the site > is a pretty much a complete Novell-Shop, minus things like Citrix). > > Anyway, there's a webserver with some Novonyx (remember that ?) > Sample-Files and there's an LDAP-Server that exports what looks like > part of the NDS (minus passwords, but some email-addresses). > > It also has 427/tcp and 524/tcp open (well, nmap says) - are there > any tools that can enumerate more information from the server through > these ports - if at all ? > I assume, these are Novell-specific ports. > > Finally: does pandora only work locally ? > > > cheers, > Rainer ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Jul 03 2002 - 20:06:16 PDT