Since everybody seems to be pimping their own products for auditing Lotus Domino servers, I thought this would be an appropriate time to announce my own humble project, which deals with this subject as well. DominoDig is an open-source (GPL) utility written by myself (Grant Torresan) for the purpose of quickly and cheaply auditing Lotus Domino web servers and extracting useful information from any anonymously accessible pages that are found. While DominoDig may not have all the features that a commercial product like AppDetective (which sounds most impressive, BTW) or DominoScan by NGSSoftware, I believe that it will satisfy most of the requirements of a pen-tester for a considerably lower price (free!). Features of note include the following: -Searches for a large number of default notest databases. -Parses contents of each page it accesses looking for references to other unique (custom) .nsf databases. -Collects email addresses and unique IP addresses that appear in any page it indexes. -Produces an HTML report detailing all of the information it was able to gather, and a list of hyperlinks to each .nsf database it was able to access anonymously. If you are interested in trying it out, please browse to http://dominodig.sourceforge.net for the latest release. Please note that this software is a "work-in-progress" and as such it is being freqently updated and new features are being added all the time. If there is a paricular piece of information DominoDig is not searching for that you think would be particularly useful, or if you encounter any problems with the software, please let me know by sending me an email at sonofthorat_private Hope this helps, Grant Torresan. > ----- Original Message ----- > From: "David Barnett" <dbarn064at_private> > To: <svetsanjat_private>; <pen-testat_private> > Sent: Thursday, November 28, 2002 8:50 AM > Subject: Re: Lotus Notes > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Well I must concur with Chad as Notes default installs are wide open. > > Rarely when doing Pen tests have I found a correctly secured > > Notes/Domino server. Permissions are rarely correct for databases. > > While I am sure NexPose has done a fine job with their Vuln scanner, I > > have tried > <unbiased > > commercial plug> AppDetective works really well for Lotus and Domino > scans!! > > You can also use N-Stealth or any of your favorite web scanners and > > add > the > > following files: > > > > /852566C90012664F > > /admin4.nsf > > /admin5.nsf > > /admin.nsf > > /agentrunner.nsf > > /alog.nsf > > /a_domlog.nsf > > /bookmark.nsf > > /busytime.nsf > > /catalog.nsf > > /certa.nsf > > /certlog.nsf > > /certsrv.nsf > > /chatlog.nsf > > /clbusy.nsf > > /cldbdir.nsf > > /clusta4.nsf > > /collect4.nsf > > /da.nsf > > /dba4.nsf > > /dclf.nsf > > /DEASAppDesign.nsf > > /DEASLog01.nsf > > /DEASLog02.nsf > > /DEASLog03.nsf > > /DEASLog04.nsf > > /DEASLog05.nsf > > /DEASLog.nsf > > /decsadm.nsf > > /decslog.nsf > > /DEESAdmin.nsf > > /dirassist.nsf > > /doladmin.nsf > > /domadmin.nsf > > /domcfg.nsf > > /domguide.nsf > > /domlog.nsf > > /dspug.nsf > > /events4.nsf > > /events5.nsf > > /events.nsf > > /event.nsf > > /homepage.nsf > > /iNotes/Forms5.nsf/$DefaultNav > > /jotter.nsf > > /leiadm.nsf > > /leilog.nsf > > /leivlt.nsf > > /log4a.nsf > > /log.nsf > > /l_domlog.nsf > > /mab.nsf > > /mail10.box > > /mail1.box > > /mail2.box > > /mail3.box > > /mail4.box > > /mail5.box > > /mail6.box > > /mail7.box > > /mail8.box > > /mail9.box > > /mail.box > > /msdwda.nsf > > /mtatbls.nsf > > /mtstore.nsf > > /names.nsf > > /nntppost.nsf > > /nntp/nd000001.nsf > > /nntp/nd000002.nsf > > /nntp/nd000003.nsf > > /ntsync45.nsf > > /perweb.nsf > > /qpadmin.nsf > > /quickplace/quickplace/main.nsf > > /reports.nsf > > /sample/siregw46.nsf > > /schema50.nsf > > /setupweb.nsf > > /setup.nsf > > /smbcfg.nsf > > /smconf.nsf > > /smency.nsf > > /smhelp.nsf > > /smmsg.nsf > > /smquar.nsf > > /smsolar.nsf > > /smtime.nsf > > /smtpibwq.nsf > > /smtpobwq.nsf > > /smtp.box > > /smtp.nsf > > /smvlog.nsf > > /srvnam.htm > > /statmail.nsf > > /statrep.nsf > > /stauths.nsf > > /stautht.nsf > > /stconfig.nsf > > /stconf.nsf > > /stdnaset.nsf > > /stdomino.nsf > > /stlog.nsf > > /streg.nsf > > /stsrc.nsf > > /userreg.nsf > > /vpuserinfo.nsf > > /webadmin.nsf > > /web.nsf > > /.nsf/../winnt/win.ini > > /?Open > > > > > > > > At 01:28 AM 11/27/2002 -0500, svetsanjat_private wrote: > > > > > > > > > > >We are doing a penetration testing for a client who has lotus notes. > > >We were able to access the catalog.nsf file from the web and other > > >admin pages such as the user list page, connections page database > > >page etc. > > > > > >Question is, is this just a low level threat or can a hacker use this > > >info to hack further. Also clicking on some of the admin pages brings > > >up a default page which says click here to access page. On a notes > > >client its possible to click that page put not through http. Is there > > >a workaround url that bypasses that page? > > > > > > SKP > > > > > > > > > > > > > > > > > > >--------------------------------------------------------------------- -- > >---- > - > > >This list is provided by the SecurityFocus Security Intelligence > > >Alert > (SIA) > > >Service. For more information on SecurityFocus' SIA service which > > >automatically alerts you to the latest security vulnerabilities > > >please > see: > > >https://alerts.securityfocus.com/ > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> > > > > iQA/AwUBPeYfJb4MEqovNuR+EQLxpACgv+PYardMxNP9E/rq5ZK6uGQ+GwwAn0g/ > > LYO/k86xRdalL5MLF3ZA3FW7 > > =CiDX > > -----END PGP SIGNATURE----- > > > > > > -------------------------------------------------------------------- -- > > ---- > -- > > This list is provided by the SecurityFocus Security Intelligence Alert > (SIA) > > Service. For more information on SecurityFocus' SIA service which > > automatically alerts you to the latest security vulnerabilities please > see: > > https://alerts.securityfocus.com/ > > > > -- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Sat Nov 30 2002 - 12:53:05 PST