Penetration Testing mailing list archives
Re: Hacking Domino (Penetration: from Application down to OS. Getting OS Access Using Lotus Domino Application Server Vulnerabilities )
From: Wendel Guglielmetti Henrique <wsguglielmetti () gmail com>
Date: Fri, 30 Apr 2010 17:03:55 +0000
Hi Alexandr, Nice work, Lotus Domino is a interesting issue. As you told, "In typical systems you can find hundreds and thousands of users so it is better to use automating exploit for getting hashes. The raptor_dominohash automatic tool [4] was written by Raptor in 2007 specially for this task." -- While Raptor did a great work, I strongly recommend to use LotusDominoHashDumper [W1] for this task. LotusDominoHashDumper has a few advantages like multi-thread, support SSL, support authentication, parse Lotus5 and Dominosec hashes saving it in the JohnTheRipper format and other small features. So, you will be able to extract the hashes much faster, even when SSL is in place or when you need to authenticate (for example, when you guess an credential over remote brute-force in cases where the access to names.nsf is not granted to public). W1. http://wsec.110mb.com/tools/LotusDominoHashDumper.tgz Thank you and congratulations for the nice paper. Regards. On 4/28/10, Alexandr Polyakov <alexandr.polyakov () dsec ru> wrote:
New Whitepaper from Digital Security Research Group (dsecrg.com) Penetration: from Application down to OS. Getting OS Access Using Lotus Domino Application Server Vulnerabilities This whitepaper continues a series of publications made by DSecRG researchers describing various ways of obtaining access to the server operating system, using vulnerabilities in popular business applications which meet in the corporate environment. This time we will talk about Lotus Domino – a very popular application that provides enterprise-grade e-mail, collaboration capabilities. This system stores a huge amount of critical corporate data and represents a good target for a potential attacker. Also people must be aware of that this system is usually available from the Internet and can be hacked to get access to the operation system of the server in DMZ and then to the internal servers of corporate environment and in this paper we will show how to do this. This whitepaper has been made to inform people of the importance of business application security as these applications store critical business data and can represent targets for hacker attacks. According statistics of the latest security assessments, pen-tests and application security assessments performed by Digital Security, applications are the less secured chain in the complex IT system security area. Download from: http://dsecrg.com/pages/pub/show.php?id=24 About Author Alexander Polyakov is now working as a director of security audit department in the Digital Security company. He is also a head of Digital Security Research Group (dsecrg.com). He is one of the contributors of PCIDSS.RU Community. The expert in enterprise applications and database security, he has found a lot of vulnerabilities in products of such vendors as SAP, Oracle, IBM, Sun and many others. The author of multiple whitepapers about IT security and compliance and particularly about enterprise application security. The author of "Oracle Security from the Eye of the Auditor: Attack and Defence" book. Alexander Polyakov is owning a PCI QSA and PA QSA status. About company Digital Security is one of the leading IT security companies in CEMEA, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005, PCI DSS and PA-DSS standards. Digital Security Research Group focuses on enterprise application and ERP and SAP security problems with vulnerability reports, advisories and whitepapers posted regularly on our website. Contact: research [at] dsecrg [dot] com http://www.dsecrg.com Polyakov Alexandr. PCI QSA,PA-QSA Head of security audit department Head of Digital Security Research Group ______________________ DIGITAL SECURITY phone: +7 812 703 1547 +7 812 430 9130 e-mail: a.polyakov () dsec ru www.dsec.ru www.dsecrg.com www.pcidss.ru ----------------------------------- This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient any use, distribution, copying or disclosure is strictly prohibited. If you have received this message in error, please notify the sender immediately either by telephone or by e-mail and delete this message and any attachment from your system. Correspondence via e-mail is for information purposes only. Digital Security neither makes nor accepts legally binding statements by e-mail unless otherwise agreed. -----------------------------------
-- Wendel Guglielmetti Henrique http://wsec.110mb.com/ - Personal HomePage ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Hacking Domino (Penetration: from Application down to OS. Getting OS Access Using Lotus Domino Application Server Vulnerabilities ) Wendel Guglielmetti Henrique (May 03)
