Penetration Testing mailing list archives
Re: Lotus Notes
From: "Grant Torresan" <sonofthor () severus org>
Date: Fri, 29 Nov 2002 12:12:02 -0500
Since everybody seems to be pimping their own products for auditing Lotus Domino servers, I thought this would be an appropriate time to announce my own humble project, which deals with this subject as well. DominoDig is an open-source (GPL) utility written by myself (Grant Torresan) for the purpose of quickly and cheaply auditing Lotus Domino web servers and extracting useful information from any anonymously accessible pages that are found. While DominoDig may not have all the features that a commercial product like AppDetective (which sounds most impressive, BTW) or DominoScan by NGSSoftware, I believe that it will satisfy most of the requirements of a pen-tester for a considerably lower price (free!). Features of note include the following: -Searches for a large number of default notest databases. -Parses contents of each page it accesses looking for references to other unique (custom) .nsf databases. -Collects email addresses and unique IP addresses that appear in any page it indexes. -Produces an HTML report detailing all of the information it was able to gather, and a list of hyperlinks to each .nsf database it was able to access anonymously. If you are interested in trying it out, please browse to http://dominodig.sourceforge.net for the latest release. Please note that this software is a "work-in-progress" and as such it is being freqently updated and new features are being added all the time. If there is a paricular piece of information DominoDig is not searching for that you think would be particularly useful, or if you encounter any problems with the software, please let me know by sending me an email at sonofthor () severus org. Hope this helps, Grant Torresan.
----- Original Message ----- From: "David Barnett" <dbarn064 () earthlink net> To: <svetsanj () hotmail com>; <pen-test () securityfocus com> Sent: Thursday, November 28, 2002 8:50 AM Subject: Re: Lotus Notes-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well I must concur with Chad as Notes default installs are wide
open.
Rarely when doing Pen tests have I found a correctly secured Notes/Domino server. Permissions are rarely correct for databases. While I am sure NexPose has done a fine job with their Vuln
scanner, I
have tried<unbiasedcommercial plug> AppDetective works really well for Lotus and Dominoscans!!You can also use N-Stealth or any of your favorite web scanners and addthefollowing files: /852566C90012664F /admin4.nsf /admin5.nsf /admin.nsf /agentrunner.nsf /alog.nsf /a_domlog.nsf /bookmark.nsf /busytime.nsf /catalog.nsf /certa.nsf /certlog.nsf /certsrv.nsf /chatlog.nsf /clbusy.nsf /cldbdir.nsf /clusta4.nsf /collect4.nsf /da.nsf /dba4.nsf /dclf.nsf /DEASAppDesign.nsf /DEASLog01.nsf /DEASLog02.nsf /DEASLog03.nsf /DEASLog04.nsf /DEASLog05.nsf /DEASLog.nsf /decsadm.nsf /decslog.nsf /DEESAdmin.nsf /dirassist.nsf /doladmin.nsf /domadmin.nsf /domcfg.nsf /domguide.nsf /domlog.nsf /dspug.nsf /events4.nsf /events5.nsf /events.nsf /event.nsf /homepage.nsf /iNotes/Forms5.nsf/$DefaultNav /jotter.nsf /leiadm.nsf /leilog.nsf /leivlt.nsf /log4a.nsf /log.nsf /l_domlog.nsf /mab.nsf /mail10.box /mail1.box /mail2.box /mail3.box /mail4.box /mail5.box /mail6.box /mail7.box /mail8.box /mail9.box /mail.box /msdwda.nsf /mtatbls.nsf /mtstore.nsf /names.nsf /nntppost.nsf /nntp/nd000001.nsf /nntp/nd000002.nsf /nntp/nd000003.nsf /ntsync45.nsf /perweb.nsf /qpadmin.nsf /quickplace/quickplace/main.nsf /reports.nsf /sample/siregw46.nsf /schema50.nsf /setupweb.nsf /setup.nsf /smbcfg.nsf /smconf.nsf /smency.nsf /smhelp.nsf /smmsg.nsf /smquar.nsf /smsolar.nsf /smtime.nsf /smtpibwq.nsf /smtpobwq.nsf /smtp.box /smtp.nsf /smvlog.nsf /srvnam.htm /statmail.nsf /statrep.nsf /stauths.nsf /stautht.nsf /stconfig.nsf /stconf.nsf /stdnaset.nsf /stdomino.nsf /stlog.nsf /streg.nsf /stsrc.nsf /userreg.nsf /vpuserinfo.nsf /webadmin.nsf /web.nsf /.nsf/../winnt/win.ini /?Open At 01:28 AM 11/27/2002 -0500, svetsanj () hotmail com wrote:We are doing a penetration testing for a client who has lotus
notes.
We were able to access the catalog.nsf file from the web and other admin pages such as the user list page, connections page database page etc. Question is, is this just a low level threat or can a hacker use
this
info to hack further. Also clicking on some of the admin pages
brings
up a default page which says click here to access page. On a notes client its possible to click that page put not through http. Is
there
a workaround url that bypasses that page? SKP---------------------------------------------------------------------
--
-----This list is provided by the SecurityFocus Security Intelligence Alert(SIA)Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities pleasesee:https://alerts.securityfocus.com/-----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use
<http://www.pgp.com>
iQA/AwUBPeYfJb4MEqovNuR+EQLxpACgv+PYardMxNP9E/rq5ZK6uGQ+GwwAn0g/ LYO/k86xRdalL5MLF3ZA3FW7 =CiDX -----END PGP SIGNATURE----- --------------------------------------------------------------------
--
------This list is provided by the SecurityFocus Security Intelligence
Alert
(SIA)Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities
please
see:https://alerts.securityfocus.com/
-- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Lotus Notes svetsanj (Nov 27)
- Re: Lotus Notes Chad Loder (Nov 27)
- Re: Lotus Notes M. Zeeshan Mustafa (Nov 27)
- Re: Lotus Notes David Barnett (Nov 28)
- <Possible follow-ups>
- Re: Lotus Notes Grant Torresan (Nov 29)