From: Francisco Pecorella (fpecor@cantv.net)
Date: Fri Nov 25 2005 - 15:01:27 EST
Hi Richard,
If you have complete access to the box, may be you can access via HTTP
(80/tcp) to the file names.nsf. This allows access to technical information
(ports, operating systems, server names) for all the Lotus Notes servers
that support messaging in your organization.
By running /names.nsf/$USERS, you will be able to obtain a list of all the
Lotus Notes users, their email addresses, LDAP information and their HTTP
password hashes. This last is a potentially very high-risk issue, as these
passwords can be cracked with tools available on the Internet, for example
Lepton's Crack (www.nestonline/lcrack).
-- Saludos, FP ----- Original Message ----- From: "Richard Zaluski" <rzaluski@ivolution.ca> To: <pen-test@securityfocus.com> Sent: Friday, November 25, 2005 9:38 AM Subject: Password cracking / recovery Lotus Notes R6 > Hello, > > Currently I am working with a client to gain access to a Lotus Notes R6 > (running on NT) database. We have full access to the box and need to > penetrate the passwords on the data bases. > > Does anyone have tools or techniques they can suggest to achieve this > goal? > > Thanks.... > > > Richard Zaluski > CISO, Security and Infrastructure Services > iVOLUTION Technologies Incorporated > 905.309.1911 > 866.601.4678 > www.ivolution.ca > rzaluski@ivolution.ca > > > > > > ------------------------------------------------------------------------------ > Audit your website security with Acunetix Web Vulnerability Scanner: > > Hackers are concentrating their efforts on attacking applications on your > website. Up to 75% of cyber attacks are launched on shopping carts, forms, > login pages, dynamic content etc. Firewalls, SSL and locked-down servers > are > futile against web application hacking. Check your website for > vulnerabilities > to SQL injection, Cross site scripting and other web attacks before > hackers do! > Download Trial at: > > http://www.securityfocus.com/sponsor/pen-test_050831 > ------------------------------------------------------------------------------- > ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:11 EDT