Sometimes, especially in IDM large deployments we can see scenarios where another provider installs the Remote Loader on their servers and obviously we do not have access to it.
As we know, both the Remote Loader and App passwords, lives and are determined on the remote server. If you do not have access to that server, can we know those passwords? Yes!
This is a small how-to to see these passwords:
We need to have some driver settings, see the configuration for what we have in the IDM:
The first two fields define the configuration of the Application.
The third field defines the configuration of the Remote loader.
And then the fields to configure the passwords, which in this case, we do not know.
We can observe the user to the application: NOVELL
We can also see that the Remote Loader listens on port: 8095
Now let’s review the driver’s log and look for the chains of Remote Loader authentication:
The interesting thing here is to note that the authentication records into the tag’s handshake and handshake version=”1.0″
Ok, we have enough information, let’s play!
Now, we have clearly identified for each service within the log, now we have to force those forwarded and capture passwords. This is done by capturing TCP traffic.
# tcpdump 'tcp port 8095' -npi any -s 0 -w driverpasswd.pcap
Why? because the port of the Remote Loader
At this point we need to RESTART THE DRIVER, FROM IDM CONSOLE, after restarting, stop the TCP capture:
CTR + C
Now, according to previously seen, we proceed to find our target.
For the App’s password, the most logical thing is to find the value of “Authentication ID“, in this example: NOVELL
# tcpdump -X -vv -r driverpasswd.pcap | grep -A3 "NOVELL"
Target 1, done!
The sequence is:
user…$USER.. (NOVELL, for this example)
And we can see flat password.
Now, remember that the Remote Loader uses the tag “handshake“:
# tcpdump -X -vv -r driverpasswd.pcap | grep -A3 "handshake"
Target 2, done!
The sequence is:
The idea of this how-to is make a backup of the passwords that we don’t have to spare us many problems for the future. I hope you find it useful.
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.