Penetration Testing mailing list archives

Re: wanted: a script to try dictionary attacks against NOTES ID files

From: Vladimir Parkhaev <vladimir () arobas net>
Date: Tue, 20 Nov 2001 15:25:03 -0500

Just an idea...

I am not a domino user but chances are that if Notes are used, web mail
is in use too. Since there are no tools around for Notes brutforcing 
(according to the number replies in this tread) why not try to bruteforce
access to web mail? I think, supplying Auth-Basic is good enough
to access domino mail.

Your friends:
perl + LWP module (+ Net::SSleay if only https is used) + dictionary files.

Should be a 10 liner.....

Quoting jjore () imation com (jjore () imation com):

Not really. While hope is not completely lost it will take some coding on 
your part. I'm working on Notes <-> perl integration and there is some 
work another person did that is relevant to your question. The thing is, 
you must write some C code that does an extension manager call back (this 
is using the Domino C API) and passes in your own custom password. It's at 
this point that you could turn that into a function and script it.

Check out 
http://www.greentechnologist.org/domino/perl/Notes-0.24a/ln_password.c for 
more ideas.

Josh




nobody <pentester () yahoo com>
11/19/01 02:56 PM

 
        To:     pentest_list <pen-test () securityfocus com>
        cc: 
        Subject:        wanted: a script to try dictionary attacks against NOTES ID files


All,

anyone have a perl script -or - other - that will read
a large dictionary file & try to find the password
used for NOTES  userid.id files  ??

I am hoping that there is a command line options like:

notes -p password  userid.id

or some construct that will allow a large dictionary
to be tested with multiple NOTES id files.

thanks

__________________________________________________
Do You Yahoo!?
Find the one for you at Yahoo! Personals
http://personals.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert 
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please 
see:
https://alerts.securityfocus.com/





----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


-- 
print chr hex for qw +
2D 2D 0A 76 6C 61 64 69 6D 69 72 40 61 72 6F 62 61 73 2E 6E 65 74 0A 44 38
37 44 20 44 32 46 42 20 46 31 36 33 20 46 31 43 31 20 34 32 30 41 20 20 31
44 31 46 20 36 43 42 39 20 31 46 38 39 20 38 35 30 42 20 30 38 44 44 0A +;

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

wanted: a script to try dictionary attacks against NOTES ID files nobody (Nov 19)
- <Possible follow-ups>
- Re: wanted: a script to try dictionary attacks against NOTES ID files jjore (Nov 20)
  - Re: wanted: a script to try dictionary attacks against NOTES ID files Vladimir Parkhaev (Nov 20)
- Re: wanted: a script to try dictionary attacks against NOTES ID files jjore (Nov 20)
- Re: wanted: a script to try dictionary attacks against NOTES ID files miguel . dilaj (Nov 21)