Penetration Testing mailing list archives
Re: Password cracking / recovery Lotus Notes R6
From: "Francisco Pecorella" <fpecor () cantv net>
Date: Fri, 25 Nov 2005 16:01:27 -0400
Hi Richard,If you have complete access to the box, may be you can access via HTTP (80/tcp) to the file names.nsf. This allows access to technical information (ports, operating systems, server names) for all the Lotus Notes servers that support messaging in your organization.
By running /names.nsf/$USERS, you will be able to obtain a list of all the Lotus Notes users, their email addresses, LDAP information and their HTTP password hashes. This last is a potentially very high-risk issue, as these passwords can be cracked with tools available on the Internet, for example Lepton's Crack (www.nestonline/lcrack).
-- Saludos, FP----- Original Message ----- From: "Richard Zaluski" <rzaluski () ivolution ca>
To: <pen-test () securityfocus com> Sent: Friday, November 25, 2005 9:38 AM Subject: Password cracking / recovery Lotus Notes R6
Hello, Currently I am working with a client to gain access to a Lotus Notes R6 (running on NT) database. We have full access to the box and need to penetrate the passwords on the data bases.Does anyone have tools or techniques they can suggest to achieve this goal?Thanks.... Richard Zaluski CISO, Security and Infrastructure Services iVOLUTION Technologies Incorporated 905.309.1911 866.601.4678 www.ivolution.ca rzaluski () ivolution ca ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms,login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do!Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
------------------------------------------------------------------------------Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Password cracking / recovery Lotus Notes R6 Richard Zaluski (Nov 25)
- Re: Password cracking / recovery Lotus Notes R6 AdamT (Nov 25)
- Re: Password cracking / recovery Lotus Notes R6 AdamT (Nov 25)
- Re: Password cracking / recovery Lotus Notes R6 Peter Wood (Nov 25)
- Re: Password cracking / recovery Lotus Notes R6 Francisco Pecorella (Nov 25)
- Re: Password cracking / recovery Lotus Notes R6 dawn (Nov 25)
- Re: Password cracking / recovery Lotus Notes R6 Joachim Schipper (Nov 25)
- Re: Password cracking / recovery Lotus Notes R6 Francois Labreque (Nov 28)
- Re: Password cracking / recovery Lotus Notes R6 AdamT (Nov 28)
- Re: Password cracking / recovery Lotus Notes R6 Joachim Schipper (Nov 28)
- RE: Password cracking / recovery Lotus Notes R6 Richard Zaluski (Nov 28)
- Re: Password cracking / recovery Lotus Notes R6 Francois Labreque (Nov 28)
- Re: Password cracking / recovery Lotus Notes R6 thomas springer (Nov 28)
- <Possible follow-ups>
- RE: Password cracking / recovery Lotus Notes R6 Miguel Dilaj (Nov 25)
- Re: Password cracking / recovery Lotus Notes R6 Simon Marechal (Nov 28)