Pandora release 1.0   6/30/97

Send bugs, comments, etc. to pandora@nmrc.org

Files included:

convert    - Converts a BACKUP.DS file back into its original NDS components.
convert.c  - Source code to convert.

crypto     - Crypto does brute force attacking using the PASSWORD.NDS file
             created by Extract. Every 1000 attempts it saves where it is at
             so a brute force attack can be resumed later. Since the length of
             the password is known, Crypto only works on the proper lengthed
             password to save time. Lower case letters are not tried since
             they are not used in Novell's scheme. Any password up to 16
             characters in length can be brute forced.
crypto.c   - Source code to crypto.

crypto2    - Crypto2 is very similiar to Crypto except Crypto2 uses a wordlist
             and performs a "dictionary" style attack. The wordlist can be any
             text file with one word per line. Since the password length is
             known, words that are not the proper length are skipped to save
             time. All lower case letters are converted to upper case since
             lower case letters are not used.
crypto2.c  - Source code to crypto2.

extract    - Extract will read the ENTRY.NDS, VALUE.NDS, and BLOCK.NDS files
             and create a PASSWORD.NDS file that contains all of the
             information needed for Crypto or Crypto2 to do their job in
             cracking a user password. The Common Name, the object ID, the
             parent ID (usually O or OU), the password length, and the one
             way password hash are extracted.
extract.c  - Source code to extract.

inside.txt - Text file explaining the layout of NDS and how all of the utilties
             actually work.

manipul8   - Manipul8 allows seeding of the RESTORE.PAN file created during
             Crypto's brute force attack. For created during Crypto's brute
             force attack. For example, if you wish to skip ahead in the brute
             forcing, or wish to set up multiple sessions or machines to spread
             out the brute force attack, simply use Manipul8 to set things up.
manipul8.c - Source code to manipul8.

readme     - Do I have to explain this one?

showpass   - Showpass allow a quick dump of PASSWORD.NDS. This is handy when
             you want to verify spelling and case of user accounts.
showpass.c - Source code to showpass.


-----------------------


Tips on usage:

1. Read the inside.txt file. It has a lot of detail.
2. If you have a copy of backup.ds, use convert to get the NDS files.
3. If you have a copy of ENTRY.NDS, VALUE.NDS, and BLOCK.NDS you do not need to
   run convert. Start with extract.
4. If you get access to sys:_netware and find .BAK copies of the NDS files,
these
   are left over from a DSREPAIR. Make copies of these and rename them back to
   their original NDS extensions, and move on to extract. But remember, these
will
   not have the absolute latest passwords in them.
5. When running extract, large NDS files can take hours. A 47MB backup.ds file
   took just a few minutes with convert, but took 3 1/2 hours with extract. This
   was 5300+ users, with extract running on a RISC system. So be patient.
6. Running crypto can take hours, even days, to brute force a password. Be
patient.
   Use a Pentium or RISC system for the best speed.
7. Account names are CASE SENSITIVE. Passwords are not. Go figure. So when using
   a Pandora utility that accepts account names, keep this in mind. Use showpass
   to help show you what is what.
8. Use crypto2 with a large wordlist first before crypto. Hey, you might get
   lucky.
9. Since crypto saves its place in RESTORE.PAN, you can seed this file using
   manipul8. Multiple crypto sessions can be managed by seeding a RESTORE.PAN
   file for each session.


-----------------------


The Source Code is FREE!!

All Pandora files are very simple C programs, and should compile with very
little trouble. For DOS, simply make a standard DOS EXE (not an overlay).
The programs are freeware, feel free to snarf, alter, and hack at the code.
The programs will run in a DOS windows under Windows 95/NT and OS/2.

If you change or find interesting ways to alter the code, making it more
useful, send me your changes. I'll incorporate the better ideas into the next
Pandora release. And if you find a bug, FIX IT! Oh, and send me the fix.


-----------------------


Special Notes for Pandora Unix users:

To compile on your Unix system, you should do the following steps.

1. gunzip pandora.tgz
2. tar xvf pandora.tar
3. cd pandora
4. make all

The default compiler is cc, feel free to change the Makefile to make it gcc
if so inclined.

The only problem I have encountered when using Pandora on Unix has been with
big endian platforms (Alpha, AIX, IRIX, etc.). You see, Novell runs on Intel
machines which do little endian reads and writes. For example, an object ID
of 12345678 is stored as 78563412, but when read into Pandora it is presented
as 12345678. On a big endian system it is read in and presented as 78563412.
This causes problems as these 4 byte chunks are used for calculating offsets
into files and used as a part of the encryption algorithm. Therefore if you
have a big endian machine you are compiling on, edit the Makefile and use the
CFLAGS line that has -DENDIAN in it. All of the Pandora utilities that need
it will use this switch. This is especially important for crypto/crypto2. These
utilities will run just fine on big endian machines, but since it thinks the
12345678 is 78563412, the password will not be found. crypto and crypto2 have
to have things in 12345678 order, regardless of endian.

This endian thing causes unbelieveable problems if you decide to run convert
and create NDS files on your Intel machine, but wish to run crypto on your
RISC machine. I will work out a utility or utilities to address this problem
in the next release of Pandora. Right now, simply study the inside.txt doc
and start altering code. Sorry.


-----------------------


Things to look for in the next revision:

1. You should be able to specify a name besides RESTORE.PAN for extract, crypto,
and manipul8 (or take the default).
2. You should be able to specify an end target password for brute forcing with
crypto and manipul8. For example, using manipul8 create a RESTORE.PAN file that
will brute force a specific range, such as AAAAAA through 000000.
3. You should be able to specify a name besides PASSWORD.NDS.
4. An INTRUDE utility for DOS that uses either brute force or dictionary
attacks to gain access to an account on a Netware 4.x server, taking advantage
of
the fact that Intruder Detect is not turned on by default.
5. An ENDIAN utility for Unix that allows Intel created files to be migrated to
RISC systems for additional manipulation.


-----------------------

Simple Nomad
Nomad Mobile Research Centre
http://www.nmrc.org
June 30, 1997