Home page logo

bugtraq logo Bugtraq mailing list archives

Pandora v4 Announcement
From: thegnome () NMRC ORG (Simple Nomad)
Date: Tue, 6 Jul 1999 07:06:45 -0500


                          Nomad Mobile Research Centre
                             A N N O U N C E M E N T
                        Simple Nomad [thegnome () nmrc org]

                               Product : Pandora v4.0
                              Platform : Windows 95/98/NT,
                                         X Windows on Linux 2.x

The long-awaited Pandora v4.0 with "point, click, and attack" GUI interface is
now available. Running under Windows 95/98/NT or Linux with X, this security
audit tool with full metal jacket ninja kungfu action was compiled with 100%
freeware compilers using freeware libraries with no big corporation SDK
assistance. In other words, the GUI looks and behaves the same on either
Windows or Linux.

Old Pandora v3 exploits are back, with Netware 4.x AND Netware 5.x support. We
have even updated several attacks to make them easier to use and to take
advantage of our GUI.

The GUI interface has some important new features:

   * Offline and Online components. Offline for cracking passwords offline,
     and Online for direct server attacks.

   Offline (for Windows and Linux) includes:
   * Password cracking of Netware 4.x and 5.x passwords.
   * Reads native NDS files -- as well as maintenance files such as
     BACKUP.DS and DSREPAIR.DIB -- and extracts password hashes for
   * Reads Netware 4.x and 5.x versions of NDS, BACKUP.DS, and
   * Multiple accounts can be brute forced and dictionary cracked
   * Preset and user-definable keyspace for brute forcing.
   * On screen sorting of account listings for easy viewing.
   * Built-in NDS browser to look at all NDS objects.
   * Remote Console Decryption using The Ruiner's decryption algorithm.

   Online (Linux coming soon, hey we're in beta!) includes:
   * Attach to servers using only the password hash (if you do not wish to
     crack them).
   * Dictionary attacks against NDS objects that detect if Intruder
     Detection was triggered.
   * Browse for target servers and gather connection info for spoofing
   * GameOver spoofing attack against servers not using Level 3 packet
   * Improved Level3-1 attack which no longer requires using a sniffer to
     find elusive data for Admin session hijacking, just add in the Admin's
     MAC address and we do the rest.
   * Several nasty Denial of Service attacks.

Full source code included in case you don't trust our binaries, and for adding
your own code.

Check out binaries, code, doco, rants, and more at http://www.nmrc.org/pandora/


    Simple Nomad    //
 thegnome () nmrc org  //  ....no rest for the Wicca'd....
    www.nmrc.org    //

  By Date           By Thread  

Current thread:
  • Pandora v4 Announcement Simple Nomad (Jul 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]