Re: Password cracking / recovery Lotus Notes R6

• Previous message: Francois Labreque: "Re: Password cracking / recovery Lotus Notes R6"
• In reply to: Richard Zaluski: "Password cracking / recovery Lotus Notes R6"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 28 Nov 2005 11:38:01 +0100
To: pen-test@securityfocus.com

try to get id-files from your notes-server. they are often left on the
server. have a look after the root-id (server.id) as well.
if you have id's, ask the employees for the initial password of the
notes-id's - most of the time they use only one password or
password-scheme company-wide, and the id's hanging around on the server
still use this password.
install a notes-client and try, if you got valid passwords for your id's
- you should be able to access every database with an administrator's
notes.id.

if you can't get the password for the notes.id-files, give john the
ripper a try - there's a brandnew patch for revovering
notes.id-passwords, have a look on john's mailinglist-archive for more
info on cracking notes.id with john.

tom

Richard Zaluski wrote:

>Hello,
>
>Currently I am working with a client to gain access to a Lotus Notes R6
>(running on NT) database. We have full access to the box and need to
>penetrate the passwords on the data bases.
>
>Does anyone have tools or techniques they can suggest to achieve this goal?
>
>

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Previous message: Francois Labreque: "Re: Password cracking / recovery Lotus Notes R6"
• In reply to: Richard Zaluski: "Password cracking / recovery Lotus Notes R6"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Penetration test of 1 IP address ... You could use a whole sleth of tools on some server, ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Check your website for vulnerabilities to SQL injection, ... Up to 75% of cyber attacks are launched on shopping ... (Pen-Test) Re: ARP Spoofing and Routing ... I would like to know how to go abt spoofing arp caches, ... >What I was trying to do was arpspoof a server so that I could intercept ... Up to 75% of cyber attacks are launched on shopping carts, forms, ... Check your website for ... (Pen-Test) RE: ARP Spoofing and Routing ... It's pretty nice and very easy to use once you figure out the arp spoofing piece. ... >What I was trying to do was arpspoof a server so that I could intercept ... Up to 75% of cyber attacks are launched on shopping carts, forms, ... Check your website for ... (Pen-Test) RE: database server audit tools ... For ongoing audit accountability and regulatory compliance via log ... Subject: database server audit tools ... please send me also some links to harden my database server from attacks.. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... (Pen-Test) Re: Re: database server audit tools ... Subject: database server audit tools ... please send me also some links to harden my database server from attacks.. ... Hackers are concentrating their efforts on attacking applications on your website. ... (Pen-Test)