Vulnerability Development mailing list archives
Re: UserID and hashed password for Lotus Domino
From: "gpedone77" <gpedone77 () yahoo it>
Date: Wed, 23 Oct 2002 11:22:07 +0200
g> But I can make a try. I can ask my dad to give me his userID file, then g> write his password into the dictionary file, and then try the attack...
just
g> to see if that tool other people suggested me really works. I've not yet tested it myself. Remember that the passwords will be case sensitive. That's why I responded to that email saying you're going to need a huge dictionary file. :-)
I made this try, and it didnt work. As the man who suggested the tools said, that Hash Breaker works only with insecure hashes (no salt). The 5.0.9 version of Domino isn't vulnerable. The ID cracker does not work either... so maybe it's only for previous releases than R5... I will keep informed about this anyway, just for curiosity. I found a modification of JohnTheRipper specifically made for Domino HTTP hashes, which may be helpful, since it does also bruteforce cracking. If I get any results I'll let you know. PS: they said that this modificationff of JTR does not require Notes API, so.... what's the point? I mean, which algorithm does it use to calculate hashes for comparisions? ______________________________________________________________________ Mio Yahoo!: personalizza Yahoo! come piace a te http://it.yahoo.com/mail_it/foot/?http://it.my.yahoo.com/
Current thread:
- UserID and hashed password for Lotus Domino Casper Gio (Oct 18)
- Re: UserID and hashed password for Lotus Domino Nicolas Gregoire (Oct 18)
- Re[2]: UserID and hashed password for Lotus Domino Philip Storry (Oct 18)
- Re: UserID and hashed password for Lotus Domino Philip Storry (Oct 18)
- Re: UserID and hashed password for Lotus Domino gpedone77 (Oct 20)
- Message not available
- Re[2]: UserID and hashed password for Lotus Domino Philip Storry (Oct 21)
- Re: UserID and hashed password for Lotus Domino gpedone77 (Oct 23)
- Re: UserID and hashed password for Lotus Domino Nicolas Gregoire (Oct 18)
- Re: UserID and hashed password for Lotus Domino HalbaSus (Oct 20)
- Re: UserID and hashed password for Lotus Domino gpedone77 (Oct 20)
- Re[2]: UserID and hashed password for Lotus Domino Philip Storry (Oct 21)
- Re[2]: UserID and hashed password for Lotus Domino Philip Storry (Oct 21)
- Re: UserID and hashed password for Lotus Domino gpedone77 (Oct 20)
- <Possible follow-ups>
- Re: UserID and hashed password for Lotus Domino Valgasu (Oct 18)
- Re: UserID and hashed password for Lotus Domino gpedone77 (Oct 20)
- Re: UserID and hashed password for Lotus Domino jeff (Oct 22)