Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: UserID and hashed password for Lotus Domino

From: "gpedone77" <gpedone77 () yahoo it>
Date: Wed, 23 Oct 2002 11:22:07 +0200
g> But I can make a try. I can ask my dad to give me his userID file, then
g> write his password into the dictionary file, and then try the attack...

just

g> to see if that tool other people suggested me really works.

I've not yet tested it myself. Remember that the passwords will be
case sensitive. That's why I responded to that email saying you're
going to need a huge dictionary file. :-)


I made this try, and it didnt work. As the man who suggested the
tools said, that Hash Breaker works only with insecure hashes (no salt).
The 5.0.9 version of Domino isn't vulnerable.
The ID cracker does not work either... so maybe it's only for previous
releases than R5...

I will keep informed about this anyway, just for curiosity.
I found a modification of JohnTheRipper specifically made for Domino HTTP
hashes, which may be helpful, since it does also
bruteforce cracking. If I get any results I'll let you know.

PS: they said that this modificationff of JTR does not require Notes API,
so.... what's the point? I mean, which algorithm does it use to calculate
hashes for comparisions?





______________________________________________________________________
Mio Yahoo!: personalizza Yahoo! come piace a te 
http://it.yahoo.com/mail_it/foot/?http://it.my.yahoo.com/
Previous By Date Next
Previous By Thread Next

Current thread: