Help with Pandora v3.0
Pandora v3.0 FAQ: 1. Why won't Pandora use my old PASSWORD.NDS/RESTORE.PAN file from v2.0? Changes have been made to the file format. The new PASSWORD.NDS file is no longer compatible with older versions. Use Extract from v3.0 and make a new PASSWORD.NDS file. And use Manipul8 to get your RESTORE.PAN file back to where it left off. 2. Extract doesn't get all 30,000 objects from the tree. Very large trees are somewhat of a problem. Make sure you have plently of drive space when playing with large NDS trees -- Extract does not check the amount of free disk space. Also, on occassion it will simply not work on extremely large trees during BACKUP.DS, usually stopping with an error refering to a negative number. Even though your DSREPAIR says you are fine, we believe this is due to problem with a backlinked record or some other cross reference. If you are desperate to get into very large trees, take a look at Imp by Shade, located at http://www.wastelands.gen.nz/projects/imp.html. Imp will require to load the entire tree in RAM, so you should have plenty of memory. For example, I had a 47MB tree Pandora was choking on, but Imp loaded it fine (once I ran it on an NT workstation with 64MB RAM and 128MB swap). It took a while to load, but worked perfect. And the Pandora routines Shade included really haven't changed much in v3.0, so from a password-cracking perspective it should be the same. 3. Crypto won't get my 18 character password. Unless you are the NSA, you probably do not really have the time to crack an 18 character password anyway. Besides, to simplify the code Pandora will not work with passwords over 16 characters. We have no reason to extend this, although if someone wants to know how, write to Jitsu-Disk or Simple Nomad. In your request please explain why your life is so pathetic that you must crack a password this long. 4. I can't get Havoc/Level1-1/Level3-1/GameOver to work. What's wrong? Well, there could be several different problems. Here are a few: - Network card does not support promiscuous mode. We've personally tested with a few cards personally, and can say that most modern 3Com cards do just fine. Let us know about success with others. - Packet driver does not support going into promiscuous mode. We only know this might be a problem because of playing with Gobbler, an Ethernet sniffer. Get the latest driver you can for your card. - Not loading at interrupt 0x60. This is very important. Our code hooks into this. Let's say your packet driver is 3c5x9pd load it with an extra parameter like so: 3c5x9pd 0x60 - Play with the source code. We have some values hard-coded here and there, especially with Level1-1. If things are not working exactly like you think they should be, let us know something about your configuration. - Novell reports that if the SET PACKET SIGNATURE LEVEL=3 line is in the AUTOEXEC.NCF after DS.NLM loads, you are vulnerable. If the SET command is the first line in the AUTOEXEC.NCF or in the STARTUP.NCF Packet Signature will work properly if the DS.NLM version is 5.95 or greater. 5. Where's the GUI you promised? On the way. Check out Imp, mentioned in question 2 above. Imp implements the password cracking routines only, it is quite nice. The NMRC GUI will have the Denial of Service stuff along with the client attack tools built in. We just had to release what we had because it was too hot to sit on. This way we can properly implement the GUI and fully test it. 6. Why are you doing this? You are giving crackers tools to break in! The NCP exploits were orignially explored in v2.0 of Pandora as a direct result of hackers using 3.x attack tools against 4.x servers and gaining access. Several different hackers in eastern Europe were reporting to NMRC about their success, and several administrators wrote in asking for help. Simple Nomad discovered several flaws in mid 1997, and Jitsu-Disk expanded on these in 1998 for v3.0 of Pandora. Since these exploits were already being used in the underground we felt there was a greater harm in NOT bringing these things forward. We understand that there will be people that abuse these tools -- we also understand these tools will help administrators protect their systems. If you must complain, complain to Novell. 7. So Pandora uses bindery-based attacks? Yes and no. Many of these attacks will work fine against Netware 3.x servers, but will still work against 4.x servers even with bindery context not turned on. Novell has mistakenly stated that these are bindery-based attacks implying that they will not work against a Netware 4.x server that does not have bindery context set. These attacks work against flaws in NCP, and many of the same NCP calls that work against a Netware 3.x server will still work against a 4.x server. Why? This is important: NO BINDERY CONTEXT DOES NOT MEAN NO BINDERY CALLS VIA NCP. The problem is with NCP, not the bindery calls used during login that need a bindery context to place them in the tree at the proper spot. 8. I want to help make 1999 the Year of Pandora. How can I help? You must be a coder. Well, we welcome your help. There IS a reason we included an API. To help with future Pandora coding, join the Pandora Developer's mailing list by sending a message to the following address: majordomo@lumpnet.ml.org No subject is required, but do include "subscribe pandora-dev" in the body of the message (without the quotes). Follow the instructions in the confirmation message. 9. Why can't I extract passwords after loading SP5? We have confirmed and are working in this. As a workaround you can try Shade's IMP or Pandora v2's EXTRACT to see if that works. We hope to have a fix soon.
Updated 20Nov1998