[12670] in bugtraq
Pandora v4 Beta 2 Software
daemon@ATHENA.MIT.EDU (Simple Nomad)
Fri Nov 19 20:07:11 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSF.4.10.9911191205390.11788-100000@shell.fastlane.net>
Date: Fri, 19 Nov 1999 12:08:04 -0600
Reply-To: Simple Nomad <thegnome@NMRC.ORG>
From: Simple Nomad <thegnome@NMRC.ORG>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
_______________________________________________________________________________
Nomad Mobile Research Centre
A N N O U N C E M E N T
www.nmrc.org
Simple Nomad [thegnome@nmrc.org]
19Nov1999
_______________________________________________________________________________
Product : Pandora v4.0 Beta 2
Platform : Windows 95/98/NT
X on Linux
Jitsu-Disk has been very, very busy.....
Pandora v4.0 beta software has been updated. The new Pandora v4.0 *Beta 2*
software is now available. It still has the "point, click, and attack" GUI
interface, it still runs under Windows 95/98/NT or Linux with X, it still is
the full metal jacket ninja kungfu action software for hacking Netware you've
grown to love. Still compiled with 100% freeware compilers using freeware
libraries with no big corporation SDK assistance, still the same GUI in Windows
or Linux.
The GUI interface contains these features:
* Offline and Online components. Offline for cracking passwords offline,
and Online for direct server attacks.
* Improved MGUI interface.
Offline includes:
* Password cracking of Netware 4.x and 5.x passwords.
* Reads native NDS files -- as well as maintenance files such as
BACKUP.DS, BACKUP.NDS, and DSREPAIR.DIB -- and extracts password hashes
for cracking.
* Reads Netware 4.x and 5.x versions of NDS, BACKUP.DS, and
DSREPAIR.DIB.
* Multiple accounts can be brute forced and dictionary cracked
simultaneously.
* Preset and user-definable keyspace for brute forcing.
* On screen sorting of account listings for easy viewing.
* Built-in NDS browser to look at all NDS objects.
* Remote Console Decryption using The Ruiner's decryption algorithm.
* Fully optimized for Pentium processors for maximum carnage.
* Bug fixes from Beta 1.
Online includes:
* Attach to servers using only the password hash (if you do not wish to
crack them).
* Dictionary attacks against NDS objects that detect if Intruder
Detection was triggered.
* Browse for target servers and gather connection info for spoofing
attacks.
* GameOver spoofing attack against servers not using Level 3 packet
signature.
* Improved Level3-1 attack which no longer requires using a sniffer to
find elusive data for Admin session hijacking, just add in the Admin's
MAC address and we do the rest.
* "Sniff-n-Grab" files being downloaded from the Netware server by
unsuspecting users.
* Several nasty Denial of Service attacks.
* Improved packet drivers from Beta 1.
* Numerous bug fixes.
* Actual working code to attack from Linux. Requires an IPX-aware
kernel and root access.
Full source code included in case you don't trust our binaries, and for adding
your own code.
Windows software is available now and appears to be stable. Linux software is
posted and works, but may be updated somewhat frequently over the next few
days. The Online code for Linux is working but YMMV.
Check out binaries, code, doco, rants, and more at http://www.nmrc.org/pandora/
_______________________________________________________________________________