Penetration Testing mailing list archives
Lotus Domino over 443 pentesting.
From: Andrew <seraphele () gmail com>
Date: Wed, 15 Nov 2006 20:45:02 +0100
Hi list, I need to analyze 10 Front-end servers. These servers are home-banking authentication portal, only 443 port is open. The authentication is a Lotus Domino based. (operations like ?OpenDatabase names.nsf, statrep.nsf, webadmin.nsf redirects me to the authentication form) There is also a database that permit to me to see some 'views' and names of CssStyle directory. VA scanners only reports false positives right now and is not good enough form me, cause only a XSS was found. I have read hackproofing lotus domino by ngssoftware, but it was not very useful. So, does anyone know any good techniques for gaining access to these servers? And does anyone know how can I manipulate lotus domino query in the case of a readable database? Any suggestions? Thanks Andrew B. Junior Analyst NWI group. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Lotus Domino over 443 pentesting. Andrew (Nov 15)
- RE: Lotus Domino over 443 pentesting. Isidro Ramon Labrador Rodriguez (Nov 16)
- <Possible follow-ups>
- Re: Lotus Domino over 443 pentesting. Danny Fullerton (Nov 15)