[12670] in bugtraq

home help back first fref pref prev next nref lref last post

Pandora v4 Beta 2 Software

daemon@ATHENA.MIT.EDU (Simple Nomad)
Fri Nov 19 20:07:11 1999

Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id:  <Pine.BSF.4.10.9911191205390.11788-100000@shell.fastlane.net>
Date:         Fri, 19 Nov 1999 12:08:04 -0600
Reply-To: Simple Nomad <thegnome@NMRC.ORG>
From: Simple Nomad <thegnome@NMRC.ORG>
X-To:         bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM

_______________________________________________________________________________

                          Nomad Mobile Research Centre
                             A N N O U N C E M E N T
                                  www.nmrc.org
                        Simple Nomad [thegnome@nmrc.org]
                                   19Nov1999
_______________________________________________________________________________

                               Product : Pandora v4.0 Beta 2
                              Platform : Windows 95/98/NT
                                         X on Linux

Jitsu-Disk has been very, very busy.....

Pandora v4.0 beta software has been updated. The new Pandora v4.0 *Beta 2*
software is now available. It still has the "point, click, and attack" GUI
interface, it still runs under Windows 95/98/NT or Linux with X, it still is
the full metal jacket ninja kungfu action software for hacking Netware you've
grown to love. Still compiled with 100% freeware compilers using freeware
libraries with no big corporation SDK assistance, still the same GUI in Windows
or Linux.

The GUI interface contains these features:

   * Offline and Online components. Offline for cracking passwords offline,
     and Online for direct server attacks.
   * Improved MGUI interface.

   Offline includes:
   * Password cracking of Netware 4.x and 5.x passwords.
   * Reads native NDS files -- as well as maintenance files such as
     BACKUP.DS, BACKUP.NDS, and DSREPAIR.DIB -- and extracts password hashes
     for cracking.
   * Reads Netware 4.x and 5.x versions of NDS, BACKUP.DS, and
     DSREPAIR.DIB.
   * Multiple accounts can be brute forced and dictionary cracked
     simultaneously.
   * Preset and user-definable keyspace for brute forcing.
   * On screen sorting of account listings for easy viewing.
   * Built-in NDS browser to look at all NDS objects.
   * Remote Console Decryption using The Ruiner's decryption algorithm.
   * Fully optimized for Pentium processors for maximum carnage.
   * Bug fixes from Beta 1.

   Online includes:
   * Attach to servers using only the password hash (if you do not wish to
     crack them).
   * Dictionary attacks against NDS objects that detect if Intruder
     Detection was triggered.
   * Browse for target servers and gather connection info for spoofing
     attacks.
   * GameOver spoofing attack against servers not using Level 3 packet
     signature.
   * Improved Level3-1 attack which no longer requires using a sniffer to
     find elusive data for Admin session hijacking, just add in the Admin's
     MAC address and we do the rest.
   * "Sniff-n-Grab" files being downloaded from the Netware server by
     unsuspecting users.
   * Several nasty Denial of Service attacks.
   * Improved packet drivers from Beta 1.
   * Numerous bug fixes.
   * Actual working code to attack from Linux. Requires an IPX-aware
     kernel and root access.

Full source code included in case you don't trust our binaries, and for adding
your own code.

Windows software is available now and appears to be stable. Linux software is
posted and works, but may be updated somewhat frequently over the next few
days. The Online code for Linux is working but YMMV.

Check out binaries, code, doco, rants, and more at http://www.nmrc.org/pandora/

_______________________________________________________________________________

home help back first fref pref prev next nref lref last post