Results 1 to 10 of 10

Thread: names.nsf

  1. #1

    names.nsf

    Hello,

    I am doing a pentest on a Dominos server and have read access to many databases, among others the names.nsf, admin4.nsf, and log.nsf. I can read their contents but don't really know what I should do to come further. Does anyone have any tips?

    Regards,

  2. #2
    Senior Member VicE$DoS$'s Avatar
    Join Date
    Nov 2002
    Posts
    209
    Hi Surreal,

    Erm...give us a bit more of an idea of what you want to achieve.

    I can read their contents but don't really know what I should do to come further. Does anyone have any tips?
    When you say come further what do you mean? Expand on that a bit.





    {not relevant}
    Advice for 'coming further' is as follows: Eat lots of eggs, milk and soda water and LEAVE IT ALONE for a couple of weeks. That should build the pressure up!
    I remember when Nihil was ickle. Does that mean I'm old?

  3. #3
    Alright,

    well, I don't really know notes that well and as a result, I don't know what the stuff in the NSF files means (not much anyway). I have been looking for an upload function (reverse shell) on the site, but there is none. Anything really - just want to get a little deeper. Are yoyu familiar with notes?

  4. #4
    Banned
    Join Date
    Jul 2002
    Posts
    877
    Ok hang on... Might be crap but I found something interesting about Lotus Domino Web servers some time ago. http://www.opennet.ru/base/ms/1012930683_669.txt.html Is this what you were attempting to do? I dunno what the patches are like now days... Also you didn't word your post very well. Many peaple might get confused into thinking your trying to break into a pizza place...

  5. #5
    Senior Member VicE$DoS$'s Avatar
    Join Date
    Nov 2002
    Posts
    209
    Thanks Surreal...... looking into.... as per the specialists post what OS, DB's etc are you running?
    I remember when Nihil was ickle. Does that mean I'm old?

  6. #6
    Left that out..

    Server: Lotus-Domino/0
    OS: W2K Server

    I can't really say what sort of setup they have due to the fact that it is my job to figure that out. I made a Lotus scanner and it found the following databases:

    /domcfg.nsf
    /admin4.nsf
    /agentrunner.nsf
    /bookmark.nsf
    /busytime.nsf
    /catalog.nsf
    /certsrv.nsf
    /cpa.nsf
    /dirassist.nsf
    /doc/dspug.nsf
    /domcfg.nsf
    /events4.nsf
    /help/decsdoc.nsf
    /help/dols_help.nsf
    /help/help5_admin.nsf
    /help/help5_client.nsf
    /help/help5_designer.nsf
    /help/lccon.nsf
    /help/lsxlc.nsf
    /help/readme.nsf
    /homepage.nsf
    /iNotes/Forms5.nsf/$DefaultNav
    /iNotes/Forms5.nsf
    /log.nsf
    /mail.box
    /mtatbls.nsf
    /names.nsf
    /reports.nsf
    /statmail.nsf
    /statrep.nsf
    vpuserinfo.nsf
    /webadmin.nsf
    /admin4.nsf
    /AgentRunner.nsf
    /bookmark.nsf
    /busytime.nsf
    /catalog.nsf
    /certsrv.nsf
    /cpa.nsf
    /dirassist.nsf
    /doc/dspug.nsf
    /domcfg.nsf
    /events4.nsf
    /help/decsdoc.nsf
    /help/dols_help.nsf
    /help/help5_admin.nsf
    /help/help5_client.nsf
    /help/help5_designer.nsf
    /help/lccon.nsf
    /help/lsxlc.nsf
    /help/readme.nsf
    /homepage.nsf
    /iNotes/Forms5.nsf
    /log.nsf
    /mail.box
    /mtatbls.nsf
    /names.nsf
    /reports.nsf
    /statmail.nsf
    /statrep.nsf
    /webadmin.nsf


    I have read access to about 85% of them.

    I really appreciate your help lads!

  7. #7
    Senior Member VicE$DoS$'s Avatar
    Join Date
    Nov 2002
    Posts
    209
    Sorry Surreal,

    Thought I knew more about this than I actually do:

    Here's a weak link that may help:
    http://lists.insecure.org/lists/pen-.../Dec/0004.html

    If not have a look through the insecure forums, theres quite a lot of Domino pentesting in there. The lotus's support site has file definitions if thats any help.

    Cheers mate

    Vice$Dos$
    I remember when Nihil was ickle. Does that mean I'm old?

  8. #8
    I'll have a butchers. Thanks vice DoS!

  9. #9
    Senior Member VicE$DoS$'s Avatar
    Join Date
    Nov 2002
    Posts
    209
    Sorry I couldnt be of more help Surreal.

    Also to get a bit of a better answer you might want to re-post this thread in either the 'Programming Security' forum or 'Miscellanious security' discussions forum.

    You might find a domino specialist floating around in one of those.

    Ps. Do you know about Antipoints yet??
    I remember when Nihil was ickle. Does that mean I'm old?

  10. #10
    Don't know anything about antipoints. I see them next to peoples names bu that is the extent o my "Antipoint" knowledge.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •