Using the Pandora v4 Online program
-----------------------------------

Pandora v4 Online is a program for attacking and cracking Novell Netware
servers, and supports both versions 4.x and 5.x of Netware. Pandora 
Online, when launched, will automagically launch pan_serv.exe, the 
all-purpose mini-server for handling GUI requests for the network and 
responses back to the GUI.

The GUI is divided into 4 sections, top to bottom:

   * Menu bar
   * Input section
   * Selected target
   * Results section

General application behavior (guides, not rules):

   * Anything loaded in via the File menu will display in the Input
     section after loading.
   * Headers will appear at the top of the Input section. The far
     right field is a numbering field, useful for setting up dictionary
     attacks.
   * Right-clicking in the Input section gives you context-sensitive
     sorting.
   * Double-clicking in the Input section gives you more detail or
     selects a target.
   * Results of cracking and other various actions will be displayed
     in the Results section.
   * Double-clicking in the Results section will allow you to erase a
     single line.

Description of Menu Selections
------------------------------

-- File

Under the File menu are the selections for manipulating files, along
with the Quit selection.

-- File->Load->Password file...

You can load in a previously-saved password file used in Pandora Offline.

-- File->Load->Restore file...

You can load in an interrupted Brute Force cracking session from Pandora
Offline for an individual bindery attack.

-- File->Save->Password file...

Saves the current PASSWORD.NDS data in native Pandora format for future
use. You can use an alternate name for the file. This will also save any
cracked passwords as well.

-- File->Save->Input list to text file...

Saves the current sorted contents of the Input section to an optional. 
text file. The headers and the numbering field (on the far right) are not
saved.

-- File->Save->Result list to text file...

Saves the current contents of the result section to a text file.

-- Bindery Attacks

Various parameters and selections for cracking passwords, as well as 
initiating cracking sessions all happen under the Crack menu.

-- Bindery Attacks->Find users...

This selection brings up a dialog box that allows you to select a text list 
of potential users, and checks to see if they are valid user accounts. Users
with no passwords are displayed as such. This attack is dependent on your
current context within the NDS tree, and if bindery context has been set on
the current server. A large list of users will take a while to complete.

-- Bindery Attacks->Find user password...

This selection allows you to try a dictionary attack against the selected
user account. You have to double-click on a user account in the Input section
of the screen first. A dialog box comes up for you to select the speed of the
attack. "Stealth" will attempt a bindery "verify password" using the account 
selected, while "Speed" will attempt a bindery "attach". Either selection will
allow you to choose a word list for dictionary-styled attacking, and will
stop any attack should Intruder Detection be triggered.


-- Bindery Attacks->Attach as

If you've loaded in a password file from Pandora Offline, you can use this
option to attach using the hash only (no password cracking required). You must
select a target account first.

-- Bindery Attacks->Change password...

If you've loaded in a password file from Pandora Offline, you can use this
option to change a user's password using the hash only (no password cracking
required).

-- Denial of Service

Various Denial of Service (DoS) attacks. Be careful, depending on target 
software version and patch level these can be dangerous and annoying as they
can lead to server and workstation instability and crashes (including your 
own!). Double-clicking on a DoS listing in the Results section of the GUI
will give you an option to stop the attack. Be forewarned, it is fairly
trivial to track down the source of most of these attacks, so if you decide
to trash a Netware network it will be very obvious who did it.

-- Denial of Service->Broadcast storm (yang)...

The "Yet Another NetWare Game" exploit. Flood lots of bogus broadcast
packets to servers and clients.

-- Denial of Service->Disk consume (burn)...

Burn up disk space by flooding the server with invalid packets, which get
logged to an error log file on the SYS volume. Once SYS is filled up, the
server will stop serving.

-- Denial of Service->NCP Flamethrower (kill)...

Crash servers with illegal NCP calls.

-- Denial of Service->Crash client/server (havoc)...

More illegal NCP call attacks against clients and servers.

-- IPX Attacks

Various IPX/NCP based attacks and exploits.

-- IPX Attacks->Find servers/connections...

Explore your existing server connections for information on servers and 
currently logged in (and "Not-logged-in") devices and users. Sorting is
currently buggy in the Input screen here. Depending on server size,
current drive mappings, and network speed this could take a while. Be 
patient. This will help provide info for the other IPX attacks.

-- IPX Attacks->Intrude server (GameOver)...

This option brings up a dialog box for entering in the server internal
net, the server address, high and low socket, bindery context for
stealing user rights from one account to another, and the server
connection number. Once the information is entered, hitting the
GetMeSome! button will make it happen on inadequately patched and
underconfigured servers.

-- IPX Attacks->Hijack Admin connection (Level3-1)...

Selecting this option will set up an attack against a currently logged
in Admin. Insert the address of the victim's computer, fill in the
names of who you wish to steal the access from and give it to, and click
on GetMeSome! to attack. You must on the network between the server and
the Admin.

-- IPX Attacks->Grab Files Downloaded...

Use this to capture files being downloaded from the server to the client.
You need the IPX server number, the victim's MAC address, the number of
files you wish to snarf, and a path to save them to. Hit the select button
to change the path for saving, and click on the SniffTheFiles! button
to begin sniffing. You must be on the network between the server and the
victim.

-- Help

Various help files and other documentation for Pandora v4.