. o O o . P A N D O R A . o O o .
. o O o . . . . . . . . . o O o .

Help NMRC

...the SATAN of Netware...

Welcome to the official Pandora home page. Pandora is a project that was developed by Simple Nomad and sponsored by the Nomad Mobile Research Centre. The goal of Pandora is to provide the tools for the opening of Novell's Netware Directory Services. Once thought to be impervious from prying eyes, Pandora goes where noone outside the red gates of Provo has ventured before -- into the heart of Novell's premier product offering, NDS.

That, and Pandora is just a cool name for some simple hacking tools.

What is Pandora?

Pandora is a set of tools for hacking, intruding, and testing the security and insecurity of Novell Netware. It works on versions 4 and 5. Pandora consists of two distinct sets of programs -- an "online" version and an"offline" version. Pandora Online is intended to be used for direct attack against a live Netware 4 or 5 server. Pandora Offline is intended to be used for password cracking after you have obtained copies of NDS.

. o O o . . . . . . . . . o O o .

Jitsu-Disk and Simple Nomad have completed Pandora v4.0 Beta 2.1. General features include:

• Freeware.
• Windows 95/98/NT GUI, for point and click Netware hacking fun.
• Offline (password cracking) and online (server attacking) executables.
• Netware 5 support for both offline and online programs.
• Uses the ever-cool Pandora Toolkit API.
• Full source code.
• Did we mention it is free?
• 100% built with freeware compilers and libraries, as a statement for and in support of open source software solutions. See the bottom of this page for a list of programming resources.

Offline features:

• A true password auditing tool for Netware 4 and 5.
• Importing and sorting of password data from different sources, including BACKUP.DS, BACKUP.NDS, and DSREPAIR.DIB files for Netware 4 and 5.
• Limited extraction of password material from damaged NDS files.
• Multiple simultaneous cracking of passwords for different accounts.
• All configuration, password, and restore files compatible between the Windows and Linux versions. No dependence on that damned registry.
• Roll your own key space.
• Built in NDS browser for viewing all objects within the NDS tree.
• Includes a C port of The Ruiner's Remote Console Decryption algorithm.

Online features:

• Attach to server with password hashes extracted from Offline program.
• Search for target servers.
• Attach to a server and grab user accounts without logging in.
• Dictionary attack against user account.
• Multiple Denial of Service attacks.
• Improved spoofing and hijacking by using realtime sniffing.
• Works against Netware 4 and 5 (depending on patch revision).
• Silently snarf files as they are downloaded from server to client.
• Improved packet drivers for Windows 95/98/NT.

. o O o . . . . . . . . . o O o .

Open Issues/To Do List with Pandora v4.0 Beta 2.1

• Pandora Online for Linux bugs have been ironed out (the ones we know about). The problems with the spoof/sniff attacks not working properly have been fixed, as well as a threads problem. Let us know if you have problems.
• Reports of Windows 98 problems, from crashes with the new driver to MFileSelection (part of MGui) not working under Win98 with option pack or Win98SR2. We're working with Vincenzo Morello (the MGui maintainer) on this.
• Jitsu added panmount code to Pandora Online for Linux, but it looks like NW 4.11 SP7 might break some of the bindery attacks. Still testing, but the NDS attaching stuff still works.
• Jitsu replaced underlying drivers with libnet/libpcap for Pandora Online for Linux. If we were able to do this under NT, it would keep the same source code tree for both platforms, so we are considering porting libnet to NT (although that's not definite, because we anticipate it flagrantly not working properly because of the way NT handles its networking code). We actually might do the port to Win2K instead. Unsure at this point.

. o O o . I N S I D E   N D S . o O o .

Included with Pandora, Inside NDS is the research project official "notes". It details how NDS is put together, and how some of the Pandora utilities work.

Other Pandora documentation:

• Hacking the Crypto.c Algorithm by Jitsu-Disk, the programmer who modified Novell's one-way hash code to make it frighteningly faster and more effective than Novell's original code. Recently updated.
• NCP: Novell Cries Pandora by Simple Nomad and Jitsu-Disk which details the sniffing and spoofing exploits, including defeat of Packet Signature. Newly updated for Pandora v4 Beta 2!
• Pandora Toolbox API by Jitsu-Disk. See how the Pandora works, and perhaps port the code to another platform. Lots of exciting info on coding.
• Pandora v4 FAQ. Recently updated! Check the FAQ before sending us a question, the answer may be here.
• Writing code for a Microsoft platform is nasty business. Read this rant by Jitsu-Disk, which kind of explains why we felt so dirty when compiling code under Windows, and why Pandora 5 will be Linux only. Updated for Beta 2.

. o O o . D O W N L O A D . o O o .

The most exciting page of all, the Download page.From here, you can snarf a copy of the latest version of Pandora, documentaion, and full source code.

. o O o . . . . . . . . . o O o .

The entire NMRC team would like to thank the following people for their assistance and inspiration:

• Greg Miller, Itsme, Al Grant, Denis L, g00ber, Richard P, Rx2, and Thomas Lackner for their help and suggestions at various points during code development.
• Adrian Cunnelly, Eugene Ilchenko, Igor Gusev, and Sven B Schreiber for NCP ideas.
• John R McCawley III, Cap'n Hardgeus, and Hotwarez LLC for IPX/DOS low level coding ideas we leached.
• Gary Hein and Gabe Nault at Novell for not treating us like Microsoft treated eEye.
• Weld Pond and Mudge for developing L0phtcrack and in a roundabout way got Pandora started, also for code ideas in the Online sniffing code.
• Tan for his support, his opinions, and general c00lness.
• The Netware Hack mailing list and all the folks who sent in bugs and suggestions.

Cool programming resources used in Pandora (useful for those "single source code, multiple OS target platform projects" you might be working on):

• The GNU Project at http://www.gnu.org/.
• DJ Delorie at http://www.delorie.com/. High quality, free wintel compilers and development tools.
• Vincenzo Morello at http://volftp.tin.it/italiani/MORELLO/index_e.htm. THE multiplatform GUI library, free for non-profit use. Portable source between wintel and Linux, includes an IDE!
• Rainer Schnitker at http://www.mathematik.uni-bielefeld.de/~rainer/. GNU build of wintel 32bit compiler and libraries simply ROCKS, awesome code. Sorry Cygnus.
• Mike Schiffman's Libnet from http://www.packetfactory.net/ is an excellent interface between your Unix code and the network. Need blinding speed to talk to the network with complete control over packet content? Use Libnet.

. o O o . . . . . . . . . o O o .