Exploit:

The following commands can be issued by a client
connected to a NetWare 4.x or IntranetWare server,
revealing most if not all user account names, in
addition to most of if not the entire tree layout.

CX /T /A /R     - list all readable user and container object
                  names in tree, and can give a rather accurate
                  layout of the containers and basic contents 
NLIST USER /D   - list info regarding user names in current context 
NLIST GROUPS /D - list groups and group membership in current context 
NLIST SERVER /D - list server names and OS versions, and if
                  attached reveal if accounting is installed
                  or not 
NLIST /OT=* /DYN /D - list all readable objects, including
                      dynamic objects, names of NDS trees, etc