Re: [NSE] domino-enum-passwords.nse patch

[David Fifield <david () bamsoftware com>]

On Sat, Dec 11, 2010 at 07:50:02AM +0100, Patrik Karlsson wrote:
> On 10 dec 2010, at 11.02, Martin Holst Swende wrote:
>
> > Hi list,
> > I used Patrik's great domino-script to retrieve the password hashes from
> > a domino system. However, there was one glitch : lotus notes have two
> > hash variants : one legacy unsalted 32-bytes format, and one newer
> > 20-bytes salted version. When I tried to throw the list into John, john
> > only detected the newer version. I modified the script to output two
> > lists, one for each found hashtype. In the output, it also informs about
> > the John-format to use for cracking the hashes.
> >
> > Also, I think the script should be renamed to http-domino-enum-passwords
> > to align with other scripts. It is easy to miss that this script exists
> > (unless you have Patrik in the same room so he can tell you about it ;)
> > ), since it is not http-* and not default.
> >
> > Attaching the script and the diff.
> > Regards,
> > Martin
> > <diff.txt><domino-enum-passwords.nse>_______________________________________________
> > Sent through the nmap-dev mailing list
> > http://cgi.insecure.org/mailman/listinfo/nmap-dev
> > Archived at http://seclists.org/nmap-dev/
>
> Thanks Martin! I've commited the patch as r21347.
> I think the name change is a probably a good idea.
> Does anyone have a different opinion?

Sounds good to me. Please do it.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/