<HTML>
<HEAD><TITLE>. o O o . P AN DO RA H EL P . o O o .</TITLE>
</HEAD>
<BODY BGCOLOR="#000000" TEXT="#00ff00" LINK="#ff0000" HLINK="#ff0000" VLINK="#ff0000">
<CENTER>
<H1>Help with Pandora v3.0</H1><BR>

</CENTER>
<PRE>

<B>Pandora v3.0 FAQ:

1. Why won't Pandora use my old PASSWORD.NDS/RESTORE.PAN file from v2.0?
</B>
 Changes have been made to the file format. The new PASSWORD.NDS file is
 no longer compatible with older versions. Use Extract from v3.0 and make
 a new PASSWORD.NDS file. And use Manipul8 to get your RESTORE.PAN file
 back to where it left off.

<B>2. Extract doesn't get all 30,000 objects from the tree.</B>

 Very large trees are somewhat of a problem. Make sure you have plently of
 drive space when playing with large NDS trees -- Extract does not check
 the amount of free disk space. Also, on occassion it will simply not work
 on extremely large trees during BACKUP.DS, usually stopping with an error
 refering to a negative number. Even though your DSREPAIR says you are
 fine, we believe this is due to problem with a backlinked record or some
 other cross reference.

 If you are desperate to get into very large trees, take a look at Imp by
 Shade, located at http://www.wastelands.gen.nz/projects/imp.html. Imp
 will require to load the entire tree in RAM, so you should have plenty
 of memory. For example, I had a 47MB tree Pandora was choking on, but
 Imp loaded it fine (once I ran it on an NT workstation with 64MB RAM and
 128MB swap). It took a while to load, but worked perfect. And the Pandora
 routines Shade included really haven't changed much in v3.0, so from a 
 password-cracking perspective it should be the same.

<B>3. Crypto won't get my 18 character password.</B>

 Unless you are the NSA, you probably do not really have the time to crack
 an 18 character password anyway. Besides, to simplify the code Pandora
 will not work with passwords over 16 characters. We have no reason to
 extend this, although if someone wants to know how, write to Jitsu-Disk
 or Simple Nomad. In your request please explain why your life is so 
 pathetic that you must crack a password this long.

<B>4. I can't get Havoc/Level1-1/Level3-1/GameOver to work. What's
wrong?</B>

 Well, there could be several different problems. Here are a few:

 - Network card does not support promiscuous mode. We've personally tested
   with a few cards personally, and can say that most modern 3Com cards do
   just fine. Let us know about success with others.
 - Packet driver does not support going into promiscuous mode. We only
   know this might be a problem because of playing with Gobbler, an
   Ethernet sniffer. Get the latest driver you can for your card.
 - Not loading at interrupt 0x60. This is very important. Our code hooks
   into this. Let's say your packet driver is 3c5x9pd load it with an
   extra parameter like so: 3c5x9pd 0x60
 - Play with the source code. We have some values hard-coded here and
   there, especially with Level1-1. If things are not working exactly
   like you think they should be, let us know something about your
   configuration.
 - You've loaded a mystery patch. A mystery patch is a typical patch
   Novell puts out to fix several different problems, and either
   "accidently" fixes the security problem or is designed to fix the
   security problem and there is no reference to this aspect anywhere.
   Once again, report server and client versions and patches applied if
   you think you've discovered a problem.

<B>5. Where's the GUI you promised?</B>

 On the way. Check out Imp, mentioned in question 2 above. Imp implements
 the password cracking routines only, it is quite nice. The NMRC GUI will
 have the Denial of Service stuff along with the client attack tools
 built in. We just had to release what we had because it was too hot to
 sit on. This way we can properly implement the GUI and fully test it.

<B>6. Why are you doing this? You are giving crackers tools to break
in!</B>

 The NCP exploits were orignially explored in v2.0 of Pandora as a direct
 result of hackers using 3.x attack tools against 4.x servers and gaining
 access. Several different hackers in eastern Europe were reporting to
 NMRC about their success, and several administrators wrote in asking for
 help. Simple Nomad discovered several flaws in mid 1997, and Jitsu-Disk
 expanded on these in 1998 for v3.0 of Pandora. Since these exploits were
 already being used in the underground we felt there was a greater harm in
 NOT bringing these things forward.

 We understand that there will be people that abuse these tools -- we
 also understand these tools will help administrators protect their
 systems. If you must complain, complain to Novell.

<B>7. So Pandora uses bindery-based attacks?</B>

 Yes and no. Many of these attacks will work fine against Netware 3.x
 servers, but will still work against 4.x servers even with bindery
 context not turned on. Novell has mistakenly stated that these are
 bindery-based attacks implying that they will not work against a
 Netware 4.x server that does not have bindery context set. These
 attacks work against flaws in NCP, and many of the same NCP calls that
 work against a Netware 3.x server will still work against a 4.x server.
 Why? This is important: NO BINDERY CONTEXT DOES NOT MEAN NO BINDERY
 CALLS VIA NCP. The problem is with NCP, not the bindery calls used
 during login that need a bindery context to place them in the tree
 at the proper spot.

</PRE>
Updated July 16, 1998
</P>
</CENTER>
</BODY>
</HTML>