Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Lotus 1352 NRPC Encryption

from [Chris . McGinley] Network Security [Permanent Link]
Subject: Re: Lotus 1352 NRPC Encryption
Date: Thu, 20 Dec 2007 15:30:58 -0500 
Domino has a vulnerability in that it allows Notes clients without ID 
files to enter their name and ask for the ID file. You can use the Notes 
client (new setup) to manually test this; just point to the server and 
specify your username. Notes will grab the ID file if it exists...you'll 
have to intercept it from your Notes data directory and crack its 
password.

It can be scripted with Perl as well, but I've not seen a tool publicly 
available to exploit it.

-Chris




Clone <c70n3@yahoo.co.in> 
12/20/2007 03:38 AM

To
Chris.McGinley@sungard.com
cc
pen-test@securityfocus.com
Subject
Re: Lotus 1352 NRPC Encryption






Hmm.. we are doing a blacbox pen test .. we do not
have a test username or password or ID file.. in such
a scenario how can we use the Notes client to get this
info?


--- Chris.McGinley@sungard.com wrote:


NRPC encryption is configured by the Notes client,
not the server.

-Chris




Clone <c70n3@yahoo.co.in> 
Sent by: listbounce@securityfocus.com
12/18/2007 11:39 PM

To
pen-test@securityfocus.com
cc

Subject
Lotus 1352 NRPC Encryption






Hello All,

Is there a way to find out anonymously whether port
1352 of Lotus Notes NRPC service uses encryption
mechanisms or not?

Good day.


      Share files, take polls, and discuss your
passions - all under one 
roof. Go to http://in.promos.yahoo.com/groups




------------------------------------------------------------------------

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE
today!

http://www.cenzic.com/downloads


------------------------------------------------------------------------










      Explore your hobbies and interests. Go to 
http://in.promos.yahoo.com/groups






------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: GCIA, GSEC, GCIH, CISSP, CEH ???, Cristian Serban
Next by Date:  Re: Re: GCIA, GSEC, GCIH, CISSP, CEH ???, cwright
Previous by Thread:  Re: Lotus 1352 NRPC Encryption, Clone
Next by Thread:  brute force ColdFusion MX7 admin page, Anonymous
Indexes:  [Date] [Thread] [Top] [All Lists]