Penetration Testing mailing list archives
Re: Lotus Notes/Domino Pen Test
From: Marco Ivaldi <raptor () mediaservice net>
Date: Thu, 15 May 2008 10:57:24 +0200 (ora solare Europa occidentale)
Hi, On Wed, 14 May 2008, mizambo () yahoo it wrote:
Hi Pen Testers:I'm looking for information of pentest for a Lotus notes/Domino 6.x and 7.x enviroment.Do you have some infos, documents or tools to suggest ?
Here's a list of useful resources on Lotus Domino/Notes security: http://www.dominosecurity.org/ http://www.ngssoftware.com/papers/hpldws.pdf http://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdf http://seclists.org/pen-test/2002/Nov/0034.html (all thread) http://seclists.org/pen-test/2007/Jul/0111.html (all thread) http://documents.iss.net/whitepapers/domino.pdf http://www-128.ibm.com/developerworks/views/lotus/library.jsp http://www-128.ibm.com/developerworks/lotus/security/ http://www.redbooks.ibm.com/redbooks/pdfs/sg247017.pdf http://www.redbooks.ibm.com/pubs/pdfs/redbooks/sg245341.pdf http://www.nsftools.com/ Some testing tools: http://packetstormsecurity.org/UNIX/scanners/DominoHunter-0.92.zip http://packetstormsecurity.org/UNIX/scanners/domino.tar.gz http://www.cqure.net/wp/?page_id=17 http://www.appsecinc.com/products/appdetective/domino/ (commercial!) http://www.rapid7.com/nexpose/features.jsp (commercial!) http://www.openwall.com/john http://usuarios.lycos.es/reinob/ http://www.nestonline.com/lcrack/ http://www.securiteinfo.com/download/dhb.zip http://www.cqure.net/wp/?page_id=12 http://www-128.ibm.com/developerworks/lotus/downloads/ Other commercial password crackers from Elcomsoft/Passware/etc. And some exploits: http://www.0xdeadbeef.info/exploits/raptor_dominohash http://www.milw0rm.com/exploits/3602 http://www.milw0rm.com/exploits/3616 http://www.milw0rm.com/exploits/4207 http://www.milw0rm.com/exploits/4574
Thanks for any type of help.
Hope this helps, -- Marco Ivaldi, OPST Red Team Coordinator Data Security Division @ Mediaservice.net Srl http://mediaservice.net/ ------------------------------------------------------------------------ This list is sponsored by: CenzicTop 5 Common Mistakes in Securing Web Applications Find out now! Get Webinar Recording and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Lotus Notes/Domino Pen Test mizambo (May 14)
- Re: Lotus Notes/Domino Pen Test Marco Ivaldi (May 15)