Penetration Testing mailing list archives

Re: Hacking Domino (Penetration: from Application down to OS. Getting OS Access Using Lotus Domino Application Server Vulnerabilities )


From: Wendel Guglielmetti Henrique <wsguglielmetti () gmail com>
Date: Fri, 30 Apr 2010 17:03:55 +0000

Hi Alexandr,

Nice work, Lotus Domino is a interesting issue. As you told, "In
typical systems you can find hundreds and thousands of users so it is
better to
use automating exploit for getting hashes. The raptor_dominohash
automatic tool [4] was written by Raptor in 2007 specially for this
task." -- While Raptor did a great work, I strongly recommend to use
LotusDominoHashDumper [W1] for this task.

LotusDominoHashDumper has a few advantages like multi-thread, support
SSL, support authentication, parse Lotus5 and Dominosec hashes saving
it in the JohnTheRipper format and other small features.

So, you will be able to extract the hashes much faster, even when SSL
is in place or when you need to authenticate (for example, when you
guess an credential over remote brute-force in cases where the access
to names.nsf is not granted to public).

W1. http://wsec.110mb.com/tools/LotusDominoHashDumper.tgz

Thank you and congratulations for the nice paper.

Regards.

On 4/28/10, Alexandr Polyakov <alexandr.polyakov () dsec ru> wrote:


New Whitepaper from Digital Security Research Group (dsecrg.com)

Penetration: from Application down to OS. Getting OS Access Using Lotus
Domino Application Server Vulnerabilities


This whitepaper continues a series of publications made by DSecRG
researchers describing various ways of obtaining access to the server
operating system,
using vulnerabilities in popular business applications which meet in the
corporate environment.

This time we will talk about Lotus Domino – a very popular application that
provides enterprise-grade e-mail,
collaboration capabilities. This system stores a huge amount of critical
corporate data and represents
a good target for a potential attacker. Also people must be aware of that
this system is usually available
from the Internet and can be hacked to get access to the operation system of
the server in DMZ and then to
the internal servers of corporate environment and in this paper we will show
how to do this.


This whitepaper has been made to inform people of the importance of business
application security
as these applications store critical business data and can represent targets
for hacker attacks.
According statistics of the latest security assessments, pen-tests and
application security assessments
performed by Digital Security, applications are the less secured chain in
the complex IT system security area.

Download from:

http://dsecrg.com/pages/pub/show.php?id=24


About Author

Alexander Polyakov is now working as a director of security audit department
in the Digital Security company. He is also a head of Digital Security
Research Group (dsecrg.com). He is one of the contributors of PCIDSS.RU
Community.   The expert in enterprise applications and database security, he
has found a lot of vulnerabilities in products of such vendors as SAP,
Oracle, IBM, Sun and many others. The author of multiple whitepapers about
IT security and compliance and particularly about enterprise application
security. The author of "Oracle Security from the Eye of the Auditor: Attack
and Defence" book. Alexander Polyakov is owning a PCI QSA and PA QSA status.

About company

Digital Security is one of the leading IT security companies in CEMEA,
providing information security consulting, audit and penetration testing
services, risk analysis and ISMS-related services and certification for
ISO/IEC 27001:2005, PCI DSS and PA-DSS standards.
Digital Security Research Group focuses on enterprise application and
ERP and SAP security problems with vulnerability reports, advisories and
whitepapers posted regularly on our website.

Contact:     research [at] dsecrg [dot] com
                    http://www.dsecrg.com




Polyakov Alexandr. PCI QSA,PA-QSA
Head of security audit department
Head of Digital Security Research Group
______________________
DIGITAL SECURITY
phone:  +7 812 703 1547
        +7 812 430 9130
e-mail: a.polyakov () dsec ru
www.dsec.ru
www.dsecrg.com
www.pcidss.ru


-----------------------------------
This message and any attachment are confidential and may be privileged or
otherwise protected
from disclosure. If you are not the intended recipient any use,
distribution, copying or disclosure
is strictly prohibited. If you have received this message in error, please
notify the sender immediately
either by telephone or by e-mail and delete this message and any attachment
from your system. Correspondence
via e-mail is for information purposes only. Digital Security neither makes
nor accepts legally binding
statements by e-mail unless otherwise agreed.
-----------------------------------

-- 
Wendel Guglielmetti Henrique
http://wsec.110mb.com/ - Personal HomePage

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


Current thread: