home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The World of Computer Software
/
World_Of_Computer_Software-02-387-Vol-3of3.iso
/
n
/
ncrck102.zip
/
NETCRACK.TXT
< prev
next >
Wrap
Text File
|
1992-04-13
|
4KB
|
96 lines
NETCRACK Release 1.02
========================
by Jim O'Kane
443 Virginia Ave.
Winchester, VA 22601
(v) [703] 722-9751
=========================== DISCLAIMER ==================================
THIS PROGRAM IS FOR DEMONSTRATION AND DIAGNOSTICS ONLY! ANY USE OF THIS
PROGRAM TO CAPTURE PASSWORDS OR GAIN UNAUTHORIZED ACCESS TO NETWORKS IS
PROHIBITED BY FEDERAL LAW!
=========================================================================
INTRODUCTION ========================================== April, 1992 =====
Hi, Folks!
This is a third and maybe final public release of the NETCRACK program I
wrote back in 1990. I don't think there will be another one because it can
get too many people in too much trouble.
SUMMARY OF NETCRACK =====================================================
This version, as in the previous ones, runs a sequential check of alphanumeric
characters [0..9,A..Z] from "A" to "99999999" to spot a verified NetWare
password for a given user name. The process uses the NetWare Bindery call
Verify Bindery Object Password (Function E3h, Code 3Fh). This function works
from any network terminal where IPX and the NetWare shell has been loaded You
do NOT need to be logged in to run this program! Just type NETCRACK and a
valid User Name.
NEW THIS VERSION ========================================================
The biggest change from 1.01 is the addition of the test to see if Intruder
Detection is active on the Network. Previously, NETCRACK would blindly
continue asking the network for verification while it had already blown
I/D. Now, if Intruder Detection is ON, NETCRACK aborts and reports back on
the I/D state.
1.02 still does not test for valid User Name. If you key in the wrong User
Name, the program will go off on its merry way, trying to verify on a user
who isn't there. A quick sign of this is when the password test incrementation
goes into warp speed from its usual pace. If that happens, just press a key and
try again.
PROTECTING YOURSELF FROM NETCRACK =======================================
One easy way to protect yourself is: TURN ON INTRUDER DETECTION NOW!
Another way is to use non-alphanumerics in your password, like ╗ or £ or ¥.
Make your passwords complicated, long, non-word formatted, and CHANGE OFTEN!
Take your network DOWN every weekend to knock off Monte Carlo-type programs
like this one.
WHY WOULD ANYONE WRITE A PROGRAM LIKE THIS? ===============================
The point of this stupid program is that your network could be wide open to
people just like you who have access to a program like this. NetWare is not
the be-all and end-all for the security needs of a network. Dumb stuff, like
the fact that Intruder Detection may default to "OFF" when your network was
set up, or the fact that you let people plug in laptops that can run a slow
program like this for DAYS until they get the password - - this kind of thing
happens all over the world because network administrators buy the installer's
line that your network is impregnable. Don't believe it.
This program is deliberately crippled. It runs slow so you can catch it. It
does not look for all permutations of a password. But it is DANGEROUS if you
are a sloppy Network Administrator. Don't ever forget that there are programs
out there that can run as silently as this one, only much faster and meaner.
If you are a network user, show this program to your Administrator and ask if
you are protected from programs like this. If you find that Intruder Detection
is OFF, have your Administrator examine the console screen. This program will
show NO activity under MONITOR while it is busy cracking passwords. Then take
the Administrator back to your machine and mention that this program could
have just as easily been written as a TSR and not even show up on your
workstation. Admininstrators NEED to be scared about programs like this.
OF COURSE... ==============================================================
Version 1.0 of this program was unintentionally released to the free world
gratis. However, since I've devoted a lot of long-distance calls back to
users, I am requesting a $20 donation for this version, if you use it much.
Please forward it to:
Jim O'Kane
443 Virginia Ave.
Winchester, VA 22601 USA
Thanks for your support. If you have questions, go ahead and call me.
[703] 722-9751.