Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] domino-enum-passwords.nse patch

From: Patrik Karlsson <patrik () cqure net>
Date: Sat, 11 Dec 2010 07:50:02 +0100

On 10 dec 2010, at 11.02, Martin Holst Swende wrote:


Hi list,
I used Patrik's great domino-script to retrieve the password hashes from
a domino system. However, there was one glitch : lotus notes have two
hash variants : one legacy unsalted 32-bytes format, and one newer
20-bytes salted version. When I tried to throw the list into John, john
only detected the newer version. I modified the script to output two
lists, one for each found hashtype. In the output, it also informs about
the John-format to use for cracking the hashes.

Also, I think the script should be renamed to http-domino-enum-passwords
to align with other scripts. It is easy to miss that this script exists
(unless you have Patrik in the same room so he can tell you about it ;)
), since it is not http-* and not default.

Attaching the script and the diff.
Regards,
Martin
<diff.txt><domino-enum-passwords.nse>_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


Thanks Martin! I've commited the patch as r21347.
I think the name change is a probably a good idea.
Does anyone have a different opinion?

//Patrik
--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77





_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: