Re: Password cracking / recovery Lotus Notes R6

From: AdamT (adwulf_at_gmail.com)
Date: 11/25/05

  • Next message: AdamT: "Re: Password cracking / recovery Lotus Notes R6" 
    Date: Fri, 25 Nov 2005 16:59:50 +0000
To: Richard Zaluski <rzaluski@ivolution.ca>

    Is it the .id files you're trying to crack?

    It might be easier to break some of the 'internet passwords' in domino.
    This is the password that will be requested for things like webmail,
    pop3, nntp access and suchlike. If you can brute-force a notes
    administrator account's internet password and browse to /names.nsf,
    you should be able to do whatever you like.

    The other option is - login to notes with the server's .id file
    (assuming you know the password for that). I'm not aware of any tools
    or scripts which crack notes/domino .id files. In most notes-using
    networks, they keep a copy of every user's .id file with a standard
    password in a central location someplace. They do that because if you
    lose your .id file, even if one is recreated for you, you'll have lost
    all the certificates it contained, and won't be able to access
    anything encrypted for that ID. 

    --
AdamT
"Maidenhead is *not* in Kent"
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
  • Next message: AdamT: "Re: Password cracking / recovery Lotus Notes R6"

    Relevant Pages

    • RE: policy-based password cracker
      ... You can give Lepton's Crack a try, depending on the algorithm you need ... etc) What I want is to only brute-force passwords that fit that policy. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)
    • Re: Password cracking / recovery Lotus Notes R6
      ... > readme to incorporate it into your copy of names.nsf and dump all HTTP ... > cracked with Lepton's Crack. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)
    • RE: Secure Password Policy?
      ... Making rainbow tables ... crack passwords even longer than 14 characters. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
      (Pen-Test)
    • Re: Cisco Secret 5 and John Password Cracker
      ... Cain and Abel can be used to crack that. ... > Any other tools available to crack these types of passwords. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)
    • Re: Cracking decrypted file when knowing partial contents
      ... Of course it would make it easier to crack if you know ... It does open up some attacks, but they may well not be useful attacks. ... partial plaintext in an unknown position doesn't help at all. ... Modern cipher designers take resistance to known-plaintext attacks very ...
      (comp.security.misc)