Just an idea... I am not a domino user but chances are that if Notes are used, web mail is in use too. Since there are no tools around for Notes brutforcing (according to the number replies in this tread) why not try to bruteforce access to web mail? I think, supplying Auth-Basic is good enough to access domino mail. Your friends: perl + LWP module (+ Net::SSleay if only https is used) + dictionary files. Should be a 10 liner..... Quoting jjoreat_private (jjoreat_private): > Not really. While hope is not completely lost it will take some coding on > your part. I'm working on Notes <-> perl integration and there is some > work another person did that is relevant to your question. The thing is, > you must write some C code that does an extension manager call back (this > is using the Domino C API) and passes in your own custom password. It's at > this point that you could turn that into a function and script it. > > Check out > http://www.greentechnologist.org/domino/perl/Notes-0.24a/ln_password.c for > more ideas. > > Josh > > > > > nobody <pentesterat_private> > 11/19/01 02:56 PM > > > To: pentest_list <pen-testat_private> > cc: > Subject: wanted: a script to try dictionary attacks against NOTES ID files > > > All, > > anyone have a perl script -or - other - that will read > a large dictionary file & try to find the password > used for NOTES userid.id files ?? > > I am hoping that there is a command line options like: > > notes -p password userid.id > > or some construct that will allow a large dictionary > to be tested with multiple NOTES id files. > > thanks > > __________________________________________________ > Do You Yahoo!? > Find the one for you at Yahoo! Personals > http://personals.yahoo.com > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus Security Intelligence Alert > (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please > see: > https://alerts.securityfocus.com/ > > > > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ > > > -- print chr hex for qw + 2D 2D 0A 76 6C 61 64 69 6D 69 72 40 61 72 6F 62 61 73 2E 6E 65 74 0A 44 38 37 44 20 44 32 46 42 20 46 31 36 33 20 46 31 43 31 20 34 32 30 41 20 20 31 44 31 46 20 36 43 42 39 20 31 46 38 39 20 38 35 30 42 20 30 38 44 44 0A +; ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Nov 20 2001 - 13:45:50 PST