Friday, August 21, 2015

Accessing the bindery files directly

 3 November 1995  Accessing the bindery files directly
                      Alastair Grant, Cambridge University


1. Introduction

This document describes a command for accessing the NetWare 3.x bindery
files directly, bypassing the NetWare network API calls.

It can be used for fast bindery access, bulk user management, bypassing
security restrictions, investigating problems etc.

It is quite possible to destroy the bindery completely, or to reveal
information which could be used by hackers to obtain passwords. Users
are assumed to have a basic grasp of good procedures for security and backup.


2. Command syntax

The basic format of the command is bindery [options] bindery-spec action action ...
 

2.1 Specifying a bindery
A bindery specification takes the form    
path/.extension

E.g. SYS:SYSTEM/.SYS. The path defaults to the current directory. The extension defaults to .OLD.

Alternatively an 'active' bindery can be specified:

SERVER server

The bindery will be closed if necessary.


2.2 Actions on the bindery

  INFO      print info about the bindery
  SCHEMA    checks the bindery against the schema in 

  BINDERY.SCH
  DUMP obj  dump all information for the specified object(s)
  OBJ         list all object records
  PROP      list all property records
  VAL        list all value records
  VALDATA   list all value records, with data
  EXPORT      export the bindery to a text file; see below
  IMPORT   import the bindery from a text file
  ETC         export user password information, suitable for input to  the
   password-cracking program described below

The following actions apply only if a bindery has been specified by the 

SERVER parameter:
  CLOSE     close the bindery, i.e. make it available for direct access;
            users attempting to access the bindery via NetWare API calls
            will receive an error
  OPEN      open the bindery, which causes the server to reload it and
            may take some time for large binderies
  COPY directory

 copy the bindery files into a directory elsewhere


3. Export/import
The bindery can be exported to and imported from a text file. This can
be used for various purposes:

 -   problem diagnosis and repair

 -   creation of large binderies given a set of user information

 -   compaction of binderies

 -   merging binderies or moving users between binderies while
     preserving their passwords

To see the format of the export file, try exporting a small bindery.


4. Password cracking
Passwords are not stored in clear in the bindery. What is stored is a
16-byte value computed via a one-way function from the user's object id


and the password. Given the object id and password it is possible to
generate a candidate password which can be compared against that in the bindery.


The ETC option of the BINDERY command produces a file containing the


required information, in a format superficially similar to /etc/passwd
on Unix:  userid:pw-hash:object-id:pw-len:name:: e.g.
   ttidy:32d8998e098a05830f809b809ea02137:D0000001:8:Terry Tidy

This can then be input into bindery cracking programs. 

Separating the functions in this way allows various forms of parallelism:

 -   the password file can be split into smaller chunks

 -   the same password file can be worked on by several cracking
     programs each with different dictionaries or algorithms

 -   cracking programs can be run on faster machines

A cracking program BINCRACK is provided which takes such a file as input. It has command syntax: bincrack [/verify] [/numsub] pw-file dict-file

/verify lists the passwords that are being tried. /numsub tries
substituting numbers for letters, e.g. "1D10T". This takes a lot longer


as all possible combinations are tried. pw-file is an exported bindery 


password file. dict-file is a simple word list.

Versions are available for MS-DOS and for Solaris 1 and Solaris 2 SPARC systems.
Suitable wordlists can be found at


   ftp://ftp.ox.ac.uk/pub/wordlists/

MAXIT INTERNET

BLOGGER

CD DVD RW

DELL

DOWNLOAD

FTP Server Linux

HACK

HARD DRIVE

HOW TO WORKIN

HARDWAER

INTERNET

INTERNET CAFE

LAPTOP

LENOVO

LINUX

Additional configuration for Samba Server (Part 2)  

BSNL/Airtel/Idea using Huawei E156G 3g Wireless USB Linux 5   

Basic File Extensions    CHANGING AN ACCOUNT EXPIRATION DATE   

Configure Linux as a Router   

Configure SAMBA Server (Part-1)   

Configure VNC server   

Configure Yum Server (Part-1)   

Configure yum server for Client machine (Part 3)   

Configuring Samba as a Standalone Server (Part 3)  

Connecting ftp Server with Anonymous User Part 5  

Create ftp account with Shared directory Part 3  

DHCP Server Configuration Part 2  

DHCP Server Configuration Part-1  

DHCP Server Configuration Part-3  

Enabling FTP Services in Yum Server (Part 5)  

FTP Server Configuration Part 1  

FTP Server How to Change In Primary DNS Server Part 2  

HTTP Client side configuration (Part 4)  

How to Vsftpd conf files Parameter Part 6   

LINUX FILE SYSTEM STRUCTURE  

Linux User Administrtion  

Linux as a Router configuration for Client Machine   

Linux client machine FileZilla FTP Client Part 4  

Local Yum Server (Part 2)  

Modifying Existing User Information  

Primary DNS Server Configuration Part-1  

Primary DNS Server Configuration Part-2    

Primary DNS Server Configuration Part-3  

Remove Linux From Your Pc Safely and restoring your MBR  

Sharing & Accessing Samba Share (Part 4)   

Speeding up your internet connection under Linux and Windows   

THE ROOT FILE SYSTEM   

VNC Server Configuration

LINUX LAB

Linux as a Router

MOTHERBOARD

Mobile

NETWORKING

REDHAT 5

REGISTRY EDTOR

RESET BIOS PASSWORD

SAMBA Server Linux

SERVER

SERVER CONFIG

SOFTWAER

VNC server Linux

Window 10

Window XP