-
April 1st, 2003, 10:21 AM
#1
Member
names.nsf
Hello,
I am doing a pentest on a Dominos server and have read access to many databases, among others the names.nsf, admin4.nsf, and log.nsf. I can read their contents but don't really know what I should do to come further. Does anyone have any tips?
Regards,
-
April 1st, 2003, 10:38 AM
#2
Hi Surreal,
Erm...give us a bit more of an idea of what you want to achieve.
I can read their contents but don't really know what I should do to come further. Does anyone have any tips?
When you say come further what do you mean? Expand on that a bit.
{not relevant}
Advice for 'coming further' is as follows: Eat lots of eggs, milk and soda water and LEAVE IT ALONE for a couple of weeks. That should build the pressure up!
I remember when Nihil was ickle. Does that mean I'm old?
-
April 1st, 2003, 10:55 AM
#3
Member
Alright,
well, I don't really know notes that well and as a result, I don't know what the stuff in the NSF files means (not much anyway). I have been looking for an upload function (reverse shell) on the site, but there is none. Anything really - just want to get a little deeper. Are yoyu familiar with notes?
-
April 1st, 2003, 10:58 AM
#4
Ok hang on... Might be crap but I found something interesting about Lotus Domino Web servers some time ago. http://www.opennet.ru/base/ms/1012930683_669.txt.html Is this what you were attempting to do? I dunno what the patches are like now days... Also you didn't word your post very well. Many peaple might get confused into thinking your trying to break into a pizza place...
-
April 1st, 2003, 11:00 AM
#5
Thanks Surreal...... looking into.... as per the specialists post what OS, DB's etc are you running?
I remember when Nihil was ickle. Does that mean I'm old?
-
April 1st, 2003, 11:02 AM
#6
Member
Left that out..
Server: Lotus-Domino/0
OS: W2K Server
I can't really say what sort of setup they have due to the fact that it is my job to figure that out. I made a Lotus scanner and it found the following databases:
/domcfg.nsf
/admin4.nsf
/agentrunner.nsf
/bookmark.nsf
/busytime.nsf
/catalog.nsf
/certsrv.nsf
/cpa.nsf
/dirassist.nsf
/doc/dspug.nsf
/domcfg.nsf
/events4.nsf
/help/decsdoc.nsf
/help/dols_help.nsf
/help/help5_admin.nsf
/help/help5_client.nsf
/help/help5_designer.nsf
/help/lccon.nsf
/help/lsxlc.nsf
/help/readme.nsf
/homepage.nsf
/iNotes/Forms5.nsf/$DefaultNav
/iNotes/Forms5.nsf
/log.nsf
/mail.box
/mtatbls.nsf
/names.nsf
/reports.nsf
/statmail.nsf
/statrep.nsf
vpuserinfo.nsf
/webadmin.nsf
/admin4.nsf
/AgentRunner.nsf
/bookmark.nsf
/busytime.nsf
/catalog.nsf
/certsrv.nsf
/cpa.nsf
/dirassist.nsf
/doc/dspug.nsf
/domcfg.nsf
/events4.nsf
/help/decsdoc.nsf
/help/dols_help.nsf
/help/help5_admin.nsf
/help/help5_client.nsf
/help/help5_designer.nsf
/help/lccon.nsf
/help/lsxlc.nsf
/help/readme.nsf
/homepage.nsf
/iNotes/Forms5.nsf
/log.nsf
/mail.box
/mtatbls.nsf
/names.nsf
/reports.nsf
/statmail.nsf
/statrep.nsf
/webadmin.nsf
I have read access to about 85% of them.
I really appreciate your help lads!
-
April 1st, 2003, 11:31 AM
#7
Sorry Surreal,
Thought I knew more about this than I actually do:
Here's a weak link that may help:
http://lists.insecure.org/lists/pen-.../Dec/0004.html
If not have a look through the insecure forums, theres quite a lot of Domino pentesting in there. The lotus's support site has file definitions if thats any help.
Cheers mate
Vice$Dos$
I remember when Nihil was ickle. Does that mean I'm old?
-
April 1st, 2003, 11:33 AM
#8
Member
I'll have a butchers. Thanks vice DoS!
-
April 1st, 2003, 12:08 PM
#9
Sorry I couldnt be of more help Surreal.
Also to get a bit of a better answer you might want to re-post this thread in either the 'Programming Security' forum or 'Miscellanious security' discussions forum.
You might find a domino specialist floating around in one of those.
Ps. Do you know about Antipoints yet??
I remember when Nihil was ickle. Does that mean I'm old?
-
April 1st, 2003, 12:13 PM
#10
Member
Don't know anything about antipoints. I see them next to peoples names bu that is the extent o my "Antipoint" knowledge.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|