Bugtraq mailing list archives
Pandora v4 Beta 2 Software
From: thegnome () NMRC ORG (Simple Nomad)
Date: Fri, 19 Nov 1999 12:08:04 -0600
_______________________________________________________________________________ Nomad Mobile Research Centre A N N O U N C E M E N T www.nmrc.org Simple Nomad [thegnome () nmrc org] 19Nov1999 _______________________________________________________________________________ Product : Pandora v4.0 Beta 2 Platform : Windows 95/98/NT X on Linux Jitsu-Disk has been very, very busy..... Pandora v4.0 beta software has been updated. The new Pandora v4.0 *Beta 2* software is now available. It still has the "point, click, and attack" GUI interface, it still runs under Windows 95/98/NT or Linux with X, it still is the full metal jacket ninja kungfu action software for hacking Netware you've grown to love. Still compiled with 100% freeware compilers using freeware libraries with no big corporation SDK assistance, still the same GUI in Windows or Linux. The GUI interface contains these features: * Offline and Online components. Offline for cracking passwords offline, and Online for direct server attacks. * Improved MGUI interface. Offline includes: * Password cracking of Netware 4.x and 5.x passwords. * Reads native NDS files -- as well as maintenance files such as BACKUP.DS, BACKUP.NDS, and DSREPAIR.DIB -- and extracts password hashes for cracking. * Reads Netware 4.x and 5.x versions of NDS, BACKUP.DS, and DSREPAIR.DIB. * Multiple accounts can be brute forced and dictionary cracked simultaneously. * Preset and user-definable keyspace for brute forcing. * On screen sorting of account listings for easy viewing. * Built-in NDS browser to look at all NDS objects. * Remote Console Decryption using The Ruiner's decryption algorithm. * Fully optimized for Pentium processors for maximum carnage. * Bug fixes from Beta 1. Online includes: * Attach to servers using only the password hash (if you do not wish to crack them). * Dictionary attacks against NDS objects that detect if Intruder Detection was triggered. * Browse for target servers and gather connection info for spoofing attacks. * GameOver spoofing attack against servers not using Level 3 packet signature. * Improved Level3-1 attack which no longer requires using a sniffer to find elusive data for Admin session hijacking, just add in the Admin's MAC address and we do the rest. * "Sniff-n-Grab" files being downloaded from the Netware server by unsuspecting users. * Several nasty Denial of Service attacks. * Improved packet drivers from Beta 1. * Numerous bug fixes. * Actual working code to attack from Linux. Requires an IPX-aware kernel and root access. Full source code included in case you don't trust our binaries, and for adding your own code. Windows software is available now and appears to be stable. Linux software is posted and works, but may be updated somewhat frequently over the next few days. The Online code for Linux is working but YMMV. Check out binaries, code, doco, rants, and more at http://www.nmrc.org/pandora/ _______________________________________________________________________________
Current thread:
- ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Blue Boar (Nov 13)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Theo de Raadt (Nov 13)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Szilveszter Adam (Nov 14)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Brian Fundakowski Feldman (Nov 14)
- BIND 8.2.2-P5 release announcement Roger Fajman (Nov 13)
- <Possible follow-ups>
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Oystein Viggen (Nov 16)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Daniel Jacobowitz (Nov 16)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Jochen Bauer (Nov 16)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Nick Craig-Wood (Nov 18)
- ProFTPd - mod_sqlpw.c Todd C. Campbell (Nov 19)
- Pandora v4 Beta 2 Software Simple Nomad (Nov 19)
- Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5) Vulnerability Ussr Labs (Nov 16)
- Re: Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5) Vulnerability Seth R Arnold (Nov 17)
- Re: Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5) Vulnerability Marc (Nov 17)
- SuSE Security Announcement - syslogd (a1) Thomas Biege (Nov 18)
- local users can panic linux kernel (was: SuSE syslogd advisory) Mixter (Nov 18)
- Re: local users can panic linux kernel (was: SuSE syslogd advisory) Alan Cox (Nov 19)
- Re: local users can panic linux kernel (was: SuSE syslogd advisory) Savochkin Andrey Vladimirovich (Nov 20)
- ANN: Bruce v1.0 Early Access 1 - Available for downloa Alec Muffett (Nov 22)
- Re: local users can panic linux kernel (was: SuSE syslogd Alan Cox (Nov 22)
- Re: local users can panic linux kernel (was: SuSE syslogd Savochkin Andrey Vladimirovich (Nov 23)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Theo de Raadt (Nov 13)