RE: Password cracking / recovery Lotus Notes R6

From: Miguel Dilaj (Miguel.Dilaj@nccgroup.com)
Date: Fri Nov 25 2005 - 11:21:23 EST


Hi Richard,

Having access to the box it should be trivial to obtain a copy of the
names.nsf and bypass the ACLs (see for techniques on that), or if you've
ANY valid user login into Notes and create a COPY (not replica) that
will get rid of the ACL anyway.
Then get you a copy of Lepton's Crack, and adapt the LotusScript in the
readme to incorporate it into your copy of names.nsf and dump all HTTP
hashes. If HTTP hashes in the old R4 format are there those can be
cracked with Lepton's Crack. Even if Domino is not used perhaps the
password is the same for Notes.
In regards to Notes itself, its security is pretty good. Basically
authentication is like PKI, where you've the ID file for each user that
contains the public portion and the private portion encrypted using the
user's passphrase... You can still attack (dictionary/bruteforce) ID
files, there're a couple programs out there for that purpose.
Cheers,

Miguel

 

-----Original Message-----
From: Richard Zaluski [mailto:rzaluski@ivolution.ca]
Sent: 25 November 2005 13:38
To: pen-test@securityfocus.com
Subject: Password cracking / recovery Lotus Notes R6

Hello,

Currently I am working with a client to gain access to a Lotus Notes R6
(running on NT) database. We have full access to the box and need to
penetrate the passwords on the data bases.

Does anyone have tools or techniques they can suggest to achieve this
goal?

Thanks....

Richard Zaluski
CISO, Security and Infrastructure Services iVOLUTION Technologies
Incorporated
905.309.1911
866.601.4678
www.ivolution.ca
rzaluski@ivolution.ca

------------------------------------------------------------------------
------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on
your
website. Up to 75% of cyber attacks are launched on shopping carts,
forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before
hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
------------------------------------------------------------------------
-------
Miguel Dilaj
Pen Test Consultant
NCC Group
Manchester Technology Centre,
Oxford Road,
Manchester, M1 7EF
Tel: +44 (0)161 209 5459
Mobile: +44 (0)7811 352 848
Fax: +44 (0)161 209 5400
eMail: Miguel.Dilaj@nccgroup.com
website: www.nccgroup.com

***********************************************************************************************************

DISCLAIMER:
This e-mail contains proprietary information, some or all of which may be legally privileged.
It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the author by replying to this e-mail. If you are not the intended recipient you may not use,
disclose, distribute, copy, print or rely on this e-mail.
                                               
***********************************************************************************************************

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:11 EDT