Penetration Testing mailing list archives
Re: [PEN-TEST] Lotus Domino web
From: Ari Weisz-Koves <aweisz () atwww com>
Date: Thu, 21 Dec 2000 12:38:14 +1100
Try to figure out if Domino is running as an ISAPI extension under IIS which is pretty commonplace with Domino R5. If so, the IUSR_hostname account has read/write privelages to the Domino data and application directories, which would allow you to replace names.nsf with your own - containing your own certificates. Plus, they may have Domino Webadmin running (http://server/webadmin.nsf) - and that doesn't allow lockouts on brute force attacks. Try accessing the names.nsf via a browser and see about brute forcing an admin account so you can get at the certificates contained inside, then spoof as a server from a Notes client if you can - local domain servers will probably have full rights to everything. Ari. -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Jensen, Martin Sent: Thursday, 21 December 2000 1:50 AM To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] Lotus Domino web Hi, I need to do a security audit on an NT40 server with Lotus Domino R5 for web with Quickplace on top - with the focus of the test being the Lotus Domino and accompanying quickplace server. Does anyone have any experience with auditing such an environment? I'm fairly well into the domino server, but the quickplace aspect is new to me, and since it's accessed through a webserver, I was hoping that there might be an opening there? Martin
Current thread:
- [PEN-TEST] Lotus Domino web Jensen, Martin (Dec 20)
- Re: [PEN-TEST] Lotus Domino web Ari Weisz-Koves (Dec 21)