Accessing the bindery files directly


SUBMITTED BY: Guest

DATE: Oct. 8, 2013, 12:53 p.m.

FORMAT: Text only

SIZE: 4.5 kB

HITS: 1442

  1. 3 November 1995
  2. Accessing the bindery files directly
  3. Alastair Grant, Cambridge University
  4. 1. Introduction
  5. This document describes a command for accessing the NetWare 3.x bindery
  6. files directly, bypassing the NetWare network API calls.
  7. It can be used for fast bindery access, bulk user management, bypassing
  8. security restrictions, investigating problems etc.
  9. It is quite possible to destroy the bindery completely, or to reveal
  10. information which could be used by hackers to obtain passwords. Users
  11. are assumed to have a basic grasp of good procedures for security and
  12. backup.
  13. 2. Command syntax
  14. The basic format of the command is
  15. bindery [options] bindery-spec action action ...
  16. 2.1 Specifying a bindery
  17. A bindery specification takes the form
  18. path/.extension
  19. E.g. SYS:SYSTEM/.SYS. The path defaults to the current directory. The
  20. extension defaults to .OLD.
  21. Alternatively an 'active' bindery can be specified:
  22. SERVER server
  23. The bindery will be closed if necessary.
  24. 2.2 Actions on the bindery
  25. INFO print info about the bindery
  26. SCHEMA checks the bindery against the schema in BINDERY.SCH
  27. DUMP obj dump all information for the specified object(s)
  28. OBJ list all object records
  29. PROP list all property records
  30. VAL list all value records
  31. VALDATA list all value records, with data
  32. EXPORT export the bindery to a text file; see below
  33. IMPORT import the bindery from a text file
  34. ETC export user password information, suitable for input to the
  35. password-cracking program described below
  36. The following actions apply only if a bindery has been specified by the
  37. SERVER parameter:
  38. CLOSE close the bindery, i.e. make it available for direct access;
  39. users attempting to access the bindery via NetWare API calls
  40. will receive an error
  41. OPEN open the bindery, which causes the server to reload it and
  42. may take some time for large binderies
  43. COPY directory
  44. copy the bindery files into a directory elsewhere
  45. 3. Export/import
  46. The bindery can be exported to and imported from a text file. This can
  47. be used for various purposes:
  48. - problem diagnosis and repair
  49. - creation of large binderies given a set of user information
  50. - compaction of binderies
  51. - merging binderies or moving users between binderies while
  52. preserving their passwords
  53. To see the format of the export file, try exporting a small bindery.
  54. 4. Password cracking
  55. Passwords are not stored in clear in the bindery. What is stored is a
  56. 16-byte value computed via a one-way function from the user's object id
  57. and the password. Given the object id and password it is possible to
  58. generate a candidate password which can be compared against that in the
  59. bindery.
  60. The ETC option of the BINDERY command produces a file containing the
  61. required information, in a format superficially similar to /etc/passwd
  62. on Unix:
  63. userid:pw-hash:object-id:pw-len:name::
  64. e.g.
  65. ttidy:32d8998e098a05830f809b809ea02137:D0000001:8:Terry Tidy
  66. This can then be input into bindery cracking programs. Separating the
  67. functions in this way allows various forms of parallelism:
  68. - the password file can be split into smaller chunks
  69. - the same password file can be worked on by several cracking
  70. programs each with different dictionaries or algorithms
  71. - cracking programs can be run on faster machines
  72. A cracking program BINCRACK is provided which takes such a file as
  73. input. It has command syntax:
  74. bincrack [/verify] [/numsub] pw-file dict-file
  75. /verify lists the passwords that are being tried. /numsub tries
  76. substituting numbers for letters, e.g. "1D10T". This takes a lot longer
  77. as all possible combinations are tried. pw-file is an exported bindery
  78. password file. dict-file is a simple word list.
  79. Versions are available for MS-DOS and for Solaris 1 and Solaris 2 SPARC
  80. systems.
  81. Suitable wordlists can be found at
  82. ftp://ftp.ox.ac.uk/pub/wordlists/

comments powered by Disqus