Penetration Testing mailing list archives
Introducing a new tool to help pen-testers where there're Domino servers
From: miguel.dilaj () pharma novartis com
Date: Thu, 12 Dec 2002 01:13:28 +0100
Hi all (I'm back here since a loooong time) I faced sometimes the need to pen-test a network where there're Lotus Domino servers badly configured, that expose names.nsf to the world. But this is usually of less help than it can be, because you can only gather information about the users, but you can only get the encrypted HTTP password for them (provided they HAVE an HTTP password, and the Domino version is not one of the latest, that didn't show the HTTP password field even when names.nsf is exposed). Currently you've a couple tools available to crack those hashes, but they're Windows tools that need the Notes Client (at least nnotes.dll), and are awfully slow, because they use the encryption algorithm from nnotes.dll, and this algorithm has some delays on purpose, to avoid fast use of it while cracking. Since Defcon the last year, the people of Trust Factory developed a tool named 'sesame' to crack the hashes, but it never become available to the public (so I don't really know if it uses nnotes.dll or not). I also know that there're some individuals that have such a tool, but are not willing to, for example, put it into the Tools section in SecurityFocus. Well, let's go to the point. Together with a spanish friend of mine, we developed a tool named Lepton's Crack (after my friend's nickname), that can crack: * Notes/Domino HTTP passwords (only Release 4, not the new ones used in R5/6) * pure MD4 * pure MD5 * NT hashes (MD4/Unicode) Using either: * dictionary attack * "intelligent permutations" on dictionary words attack * "login mode" attack, that tries userID, userIDuserID, etc., as the password * bruteforce attack The tool has been released today, is under GPL, and you can get it at: http://usuarios.lycos.es/reinob/ I'll put it into the Tools section of SecurityFocus in a couple days... currently I'm trying to make Domino admins in several forums aware of its existence ;-) Hope you find it useful. Kind regards, Miguel Dilaj a.k.a. Nekromancer ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Introducing a new tool to help pen-testers where there're Domino servers miguel . dilaj (Dec 12)