Vulnerability Development mailing list archives
Re: UserID and hashed password for Lotus Domino
From: HalbaSus <halbasus () go ro>
Date: Sat, 19 Oct 2002 13:16:48 +0100
Casper Gio wrote:
Hi, I am doing a test for a company also running Lotus Domino. I tried names nsf yet it asks for an authentification. According to http://packetstormsecurity.nl/0202-exploits/lotus.domino.bypass.txt there is a way to bypass the authentification by sending a buffer. I did a quick perl script that would brute force that buffer and I found something quite interesting. An url like http://www.host.com/log.ntf++++x215+++++++.nsf would get me the same page as www.host.com/log.nsf (any other buffer would result in a server error) This gives me the feeling that the exploit does work, and what I'm actually seeing is log.ntf (not log.nsf) but probably the 2 files are identical... or maybe I'm wrong... anyway, could you, or somebody else concernet about lotus domino security give me a clue about all this stuff.hi, while doing security tests on a Lotus Domino sistem, I managed to get the UserID file for a user, and the hashed password of another user. I made it accessing thru the Internet, so I was a totally unpriviligied user. The way I made it, is simple: the company I'm doing this test for, left some of the domino databases open to the public. Among the others, there's the names.nsf database, wich contains info about the users. You just access this database with aurl like: http://domino_server/names.nsfWell, one user had his UserID file publicly accessible, and another user had his password digest stored in the database. Is there any way to obtain the password from the UserID, or to crack and obtain the password from its hash? (I read it was released a tool named "sesame"... any clue? here for more info about it: http://online.securityfocus.com/news/66 ) I would be interested in demonstrate how to abtain a password or access to the system starting from the data I collected on the Internet. I would appreciate any help thanks.
Current thread:
- UserID and hashed password for Lotus Domino Casper Gio (Oct 18)
- Re: UserID and hashed password for Lotus Domino Nicolas Gregoire (Oct 18)
- Re[2]: UserID and hashed password for Lotus Domino Philip Storry (Oct 18)
- Re: UserID and hashed password for Lotus Domino Philip Storry (Oct 18)
- Re: UserID and hashed password for Lotus Domino gpedone77 (Oct 20)
- Message not available
- Re[2]: UserID and hashed password for Lotus Domino Philip Storry (Oct 21)
- Re: UserID and hashed password for Lotus Domino gpedone77 (Oct 23)
- Re: UserID and hashed password for Lotus Domino Nicolas Gregoire (Oct 18)
- Re: UserID and hashed password for Lotus Domino HalbaSus (Oct 20)
- Re: UserID and hashed password for Lotus Domino gpedone77 (Oct 20)
- Re[2]: UserID and hashed password for Lotus Domino Philip Storry (Oct 21)
- Re[2]: UserID and hashed password for Lotus Domino Philip Storry (Oct 21)
- Re: UserID and hashed password for Lotus Domino gpedone77 (Oct 20)
- <Possible follow-ups>
- Re: UserID and hashed password for Lotus Domino Valgasu (Oct 18)
- Re: UserID and hashed password for Lotus Domino gpedone77 (Oct 20)
- Re: UserID and hashed password for Lotus Domino jeff (Oct 22)