Skrevet av Emne: Recover from a trashed user database in Netware 2.x, 3.x or 4.x  (Lest 4256 ganger)

ATC

  • Gjest
Recover from a trashed user database in Netware 2.x, 3.x or 4.x
« på: 27. ſeptember 2008, 18:24 pm »
  • [applaud]0
  • [smite]0
  • If the user database is trashed, there is no way to recover it without a backup. However, to restore a backup, you need access. How to gain access without reinstalling?



    ATC

    • Gjest
    [Solved] Recover from a trashed user database in Netware 2.x, 3.x or 4.x
    « Svar #1 på: 27. ſeptember 2008, 18:24 pm »
  • [applaud]0
  • [smite]0
  • A Netware Server is supposed to be a very safe place to keep your files. Only
    people with the right password will have access to the data stored there. The
    Supervisor (or Admin) user's password is usually the most well kept secret in
    the company, since anyone that has that code could simply log to the server and
    do anything he/she wants.

    But what happens if this password is lost and there's no user that is
    security-equivalent to the supervisor? [Use SETPWD.NLM, instead of this process,
    see section 02-3 - S.N.] What happens if the password system is somehow damaged
    and no one can log to the network? According to the manual, there's simply no
    way out. You would have to reinstall the server and try to find your most recent
    backup.

    Fortunately, there is a very interesting way to gain complete access to a Netware
    server without knowing the Supervisor's (or Admin's) password. You may imagine
    that you would have to learn complex decryption techniques or even type in a long
    C program, but that's not the case. The trick is so simple and generic that it
    will work the same way for Netware 2.x, 3.x and 4.x.

    The idea is to fool Netware to think that you have just installed the server and
    that no security system has been estabilished yet. Just after a Netware 2.x or
    3.x server is installed, the Supervisor's password is null and you can log in
    with no restriction. Netware 4.x works slightly differently, but it also allows
    anyone to log in after the initial installation, since the installer is asked to
    enter a password for the Admin user.

    But how can you make the server think it has just been installed  without
    actually reinstalling the server and losing all data on the disk? Simple. You
    just delete the files that contain the security system. In Netware 2.x, all
    security information is stored in two files (NET$BIND.SYS and NET$BVAL.SYS).
    Netware 3.x stores that information in three files (NET$OBJ.SYS, NET$VAL.SYS and
    NET$PROP.SYS). The all new Netware 4.x system stores all login names and
    passwords in five different files (PARTITIO.NDS, BLOCK.NDS, ENTRY.NDS, VALUE.NDS
    and UNINSTAL.NDS [This last file may not be there, don't worry - S.N.]).

    One last question remains. How can we delete these files if we don't have access
    to the network, anyway? The answer is, again, simple. Altough the people from
    Novell did a very good job encrypting passwords, they let all directory
    information easy to find and change if you can access the server's disk directly,
    using common utilities like Norton's Disk Edit. Using this utility as an example,
    I'll give a step-by-step procedure to make these files vanish. All you need is a
    bootable DOS disk,  Norton Utilities' Emergency Disk containing the DiskEdit
    program and some time near the server.

    1. Boot the server and go to the DOS prompt. To do this, just let the network
    boot normally and then use the DOWN and EXIT commands. This procedure does not
    work on old Netware 2.x servers and in some installations where DOS has been
    removed from memory. In those cases, you'll have to use a DOS bootable disk.

    2. Run Norton's DiskEdit utility from drive A:

    3. Select "Tools" in the main menu and then select "Configuration". At the
    configuration window, uncheck the "Read-Only" checkbox. And be very careful with
    everything you type after this point.

    4. Select "Object" and then "Drive". At the window, select the C: drive and make
    sure you check the button "physical drive". After that, you'll be looking at your
    physical disk and you be able to see (and change) everything on it.

    5. Select "Tools" and then "Find". Here, you'll enter the name of the file you
    are trying to find. Use "NET$BIND" for Netware 2,  "NET$PROP.SYS"  for  Netware 3 and "PARTITIO.NDS" for Netware 4. It is possible that you find these strings in a
    place that is not the Netware directory. If the file names are not all near each
    other and proportionaly separated by some unreadable codes (at least 32 bytes
    between them), then you it's not the place we are looking for. In that case,
    you'll have to keep searching by selecting "Tools" and then "Find again". [In
    Netware 3.x, you can change all occurences of the bindery files and it should
    still work okay, I've done it before. - S.N.]

    6. You found the directory and you are ready to change it. Instead of deleting
    the files, you'll be renaming them. This will avoid problems with the directory
    structure (like lost FAT chains). Just type "OLD" over the existing "SYS" or
    "NDS" extension. Be extremely careful and don't change anything else.

    7. Select "Tools" and then "Find again". Since Netware store the directory
    information in two different places, you have to find the other copy and change
    it the same way. This will again prevent directory structure problems.

    8. Exit Norton Disk Edit and boot the server again. If you're running Netware 2
    or 3, your server would be already accessible. Just go to any station and log in
    as user Supervisor. No password will be asked. If you're running Netware 4, there
    is one last step.

    9. Load Netware 4 install utility (just type LOAD INSTALL at the console prompt)
    and select the options to install the Directory Services. You be prompted for the
    Admin password while doing this. After that, you may go to any station and log in
    as user Admin, using the password that you have selected.

    What I did with Norton's Disk Edit could be done with any disk editing utility
    with a "Search" feature. This trick has helped me save many network supervisors
    in the last years. I would just like to remind you that no one should break into
    a netware server unless authorized to do it by the company that owns the server.
    But you problably know that already.