Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > pen-test > 02 > 120080.html (Request Expert securityfocus.com Support)

Introducing a new tool to help pen-testers where there're Domino servers

From: <miguel.dilaj(at)pharma.novartis.com>
Date: Wed Dec 11 2002 - 19:13:28 EST


Hi all

(I'm back here since a loooong time)

I faced sometimes the need to pen-test a network where there're Lotus Domino servers badly configured, that expose names.nsf to the world. But this is usually of less help than it can be, because you can only gather information about the users, but you can only get the encrypted HTTP password for them (provided they HAVE an HTTP password, and the Domino version is not one of the latest, that didn't show the HTTP password field even when names.nsf is exposed). Currently you've a couple tools available to crack those hashes, but they're Windows tools that need the Notes Client (at least nnotes.dll), and are awfully slow, because they use the encryption algorithm from nnotes.dll, and this algorithm has some delays on purpose, to avoid fast use of it while cracking.
Since Defcon the last year, the people of Trust Factory developed a tool named 'sesame' to crack the hashes, but it never become available to the public (so I don't really know if it uses nnotes.dll or not). I also know that there're some individuals that have such a tool, but are not willing to, for example, put it into the Tools section in SecurityFocus. Well, let's go to the point. Together with a spanish friend of mine, we developed a tool named Lepton's Crack (after my friend's nickname), that can crack:

  • Notes/Domino HTTP passwords (only Release 4, not the new ones used in R5/6)
  • pure MD4
  • pure MD5
  • NT hashes (MD4/Unicode)

Using either:

  • dictionary attack
  • "intelligent permutations" on dictionary words attack
  • "login mode" attack, that tries userID, userIDuserID, etc., as the password
  • bruteforce attack

The tool has been released today, is under GPL, and you can get it at:

http://usuarios.lycos.es/reinob/

I'll put it into the Tools section of SecurityFocus in a couple days... currently I'm trying to make Domino admins in several forums aware of its existence ;-)
Hope you find it useful.
Kind regards,

Miguel Dilaj
a.k.a. Nekromancer


This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ Received on Thu Dec 12 13:25:54 2002
Do you need help?X

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:31 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library