Re: Password cracking / recovery Lotus Notes R6

From: Francois Labreque (flabreq_at_ca.ibm.com)
Date: 11/28/05

  • Next message: thomas springer: "Re: Password cracking / recovery Lotus Notes R6" 
    To: Joachim Schipper <j.schipper@math.uu.nl>
Date: Mon, 28 Nov 2005 09:20:47 -0500

    Joachim Schipper <j.schipper@math.uu.nl> a écrit sur 2005-11-25 17:37:16 :

    > On Fri, Nov 25, 2005 at 08:38:09AM -0500, Richard Zaluski wrote:
    > > Hello,
    > >
    > > Currently I am working with a client to gain access to a Lotus Notes
    R6
    > > (running on NT) database. We have full access to the box and need to
    > > penetrate the passwords on the data bases.
    > >
    > > Does anyone have tools or techniques they can suggest to achieve this
    goal?
    > >
    > > Thanks....
    >
    > Can't you just sniff them off the wire?
    >

    Lotus Notes traffic and passwords and encrypted on the wire.

    ------------------------------------------------------------------------------
    Audit your website security with Acunetix Web Vulnerability Scanner:

    Hackers are concentrating their efforts on attacking applications on your
    website. Up to 75% of cyber attacks are launched on shopping carts, forms,
    login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
    futile against web application hacking. Check your website for vulnerabilities
    to SQL injection, Cross site scripting and other web attacks before hackers do!
    Download Trial at:

    http://www.securityfocus.com/sponsor/pen-test_050831
    -------------------------------------------------------------------------------

  • Next message: thomas springer: "Re: Password cracking / recovery Lotus Notes R6"

    Relevant Pages

    • RE: Whitespace in passwords - now alt+xxx
      ... Subject: Whitespace in passwords ... 60 possible characters and the password is 7 characters long. ... >> Check your website for vulnerabilities to SQL injection, ... >> scripting and other web attacks before hackers do! ...
      (Pen-Test)
    • RE: Rainbow Tables
      ... Subject: Rainbow Tables ... Fortunatly for this project we are only doing LM passwords, ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, ...
      (Pen-Test)
    • RE: Rainbow Tables
      ... Subject: Rainbow Tables ... Fortunatly for this project we are only doing LM passwords, ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are ...
      (Pen-Test)
    • Re: Rainbow Tables
      ... wouldn't it be easier to create a diccionary with the passwords ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
      (Pen-Test)
    • Re: Rainbow Tables
      ... I have now been tasked to take a list of passwords and try to generate a precomputed hash table out of those passwords...not sure if this can be done but of course I have to find a way..since I am "holding up a project". ... Reason for this...the idea is that if we take the current list of passwords create a pre-computed hash table the next time we audit we'd run LC5 and all but the passwords that changed and new accounts would get knocked out right away. ... Hackers are concentrating their efforts on attacking applications on your website. ... Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. ...
      (Pen-Test)