viernes, 5 de agosto de 2005

Seguridad en Lotus Domino

http://www.cqure.net/tools.jsp?id=11
Lodowep is a tool for analyzing password strength of accounts on a Lotus Domino webserver system. The tool supports both session- and basic-authentication. It runs 20 simultaneous connection guessing passwords specified in a dictionaryfile against the supplied userfile. The tool is written in java and is released under the GPL version 2.

http://usuarios.lycos.es/reinob/
Lepton's Crack is a generic password cracker, easily customizable with a simple plug-in system. It can perform a dictionary-based (wordlist) attack, as well as a brute-force
(incremental) password scan, including enumeration of a regular expression
(useful if you know something about the password). Currently the formats supported are: standard MD4 hash, standard MD5 hash, NT MD4/Unicode, Lotus Domino HTTP password (R4) and SHA-1. LM (LAN Manager) support added by Piero Brunati, see below.

http://www.nestonline.com/lcrack/
Port de LCrack con soporte de otros cifrados.

http://packetstormsecurity.org/Crackers/dhb.zip
Lotus Domino HTTP password

http://packetstormsecurity.org/UNIX/scanners/DominoHunter-0.92.zip
Domino Hunter 0.92 is a Lotus Domino web server scanner, written in Perl. It attempts to access default NSF databases, as well as crawl user-defined bases. It tries to enumerate the database structure, enumerate available views, available documents, and ACLs set on documents. It also tries to retrieve documents from available views in order to check if ACLs are correctly set to restrict documents and not views. The scanner works in both anonymous mode or privileged mode if user supplied credentials are supplied to then be passed to the default names.nsf/?Login form.

http://packetstormsecurity.org/UNIX/scanners/domino.tar.gz
Domino.pl is a perl script which checks for remote vulnerabilities in lotus Domino servers.


DOCUMENTACION:
Es bastante pobre lo que hay:

Security HandBook (RedBook de IBM)

Lotus Notes and Domino R5.0 Security Infrastructure Revealed

ISS domino