--------------------------------------------------------------------------- Section 04 The Console --------------------------------------------------------------------------- 04-1. How do I defeat console logging? Here you need console and Supervisor access. The site is running 3.11 or higher and running the CONLOG.NLM. Any site running this is trapping all console messages to a file. If you run SETPWD at the console, the response by SETPWD is written to a log file. Here's the steps for determining if it is running and what to do to defeat it: - Type MODULES at the console. Look for the CONLOG.NLM. If it's there, it's running. - Look on the server in SYS:ETC for a file called CONSOLE.LOG. This is a plain text file that you can type out. However you cannot delete or edit it while CONLOG is running. - Unload CONLOG at the console. - Delete, or even better yet, edit the CONSOLE.LOG file, erasing your tracks. - Reload CONLOG. It will show that is has been restarted in the log. - Check the CONSOLE.LOG file to ensure the owner has not changed. - Run PURGE in the SYS:ETC directory to purge old versions of CONSOLE.LOG that your editor have left to be salvaged. --------------------------------------------------------------------------- 04-2. Can I set the RCONSOLE password to work for just Supervisor? Yes and no. In version 3.x, the Supe password always works. A common mistake regarding 3.x RCONSOLE passwords is to use a switch to use only the Supervisor password. It works like this: LOAD REMOTE /P= instead of LOAD REMOTE RCONPASSWORD The admin believes /P= turns off everything except the Supe password for RCONSOLE. In fact the password is just set to /P= which will get you in! The second most common mistake is using -S. Version 4.1 is a bit different. Here's how it works: - At the console prompt, type LOAD REMOTE SECRET where SECRET is the Remote Console password. - Now type REMOTE ENCRYPT. You will be prompted for a password to encrypt. - This will give you the encrypted version of the password, and give you the option of writing LDREMOTE.NCF to the SYS:SYSTEM directory, containing all the entries for loading Remote Console support. - You can call LDREMOTE from your AUTOEXEC.NCF, or you can change the LOAD REMOTE line in the AUTOEXEC.NCF as follows: LOAD REMOTE SECRET becomes LOAD REMOTE -E 870B7E366363 Another note - to ensure that Supervisor's password will work with RCONSOLE (Netware 4.02 or higher), add the hidden -US switch: LOAD REMOTE -E 870B7E366363 -US Another undocumented switch is -NP which is No Password! --------------------------------------------------------------------------- 04-3. How can I get around a locked MONITOR? There is a simple and easy way to do this in 3.11 if you have a print server running on the file server. The following exploits a bug in 3.11: - Use pconsole to down the print server. This causes the monitor screen to go to the print server screen and wait for you to press enter to exit the screen. At the same time it puts the monitor screen in the background. - Switch to the console screen and type UNLOAD MONITOR. - Check the AUTOEXEC.NCF for the PSERVER.NLM load line and manually reload the PSERVER.NLM. For both Netware 3.x and 4.x, try the debug disable steps in section 02-6. You can type any password in to unlock the console, besides disabling 3.x password protection altogether. ---------------------------------------------------------------------------