Hacking Lotus Domino 5.0.5

[<renato.ettisberger () ch pwcglobal com>]

Hi

I'm doing a pen test for a client. They have many systems in the dmz,
including some nt/win2k boxes running IIS. Unfortunately, all IIS are
patched :-(. But I found a vulnerable Domino 5.0.5 Server. I was able to
download some nice files like names.nsf, the sam-file in winnt/repair and a
admin.nsf with all user names and passwords. I think, that's a finding :-),
but I want more.
Is there a way to get a shell? I'm able to create files on the server or at
least I can fill out a question form. Can I use this to create a file or
execute a command (I don't think so, but maybe...)? Or does anybody know
some other stuff, that I can do?

As you can see, I'm not a pro in Lotus Domino.

Thanks for your help

regards
Renato
----------------------------------------------------------------
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited.   If you received
this in error, please contact the sender and delete the material from any
computer.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/