PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-01-05 22:19:03 +00:00
Code Issues Projects Releases Wiki Activity

Fix NSEdoc: wrap lines, fix bulleted lists

Browse Source
This commit is contained in:
dmiller
2015-07-11 04:01:05 +00:00
parent a59056e29e
commit 339f0ffd7d
63 changed files with 408 additions and 298 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
scripts/http-domino-enum-passwords.nse
View File

@@ -8,36 +8,29 @@ local string = require "string"
local table = require "table"
description = [[
Attempts to enumerate the hashed Domino Internet Passwords that are
(by default) accessible by all authenticated users. This script can
also download any Domino ID Files attached to the Person document.
Attempts to enumerate the hashed Domino Internet Passwords that are (by
default) accessible by all authenticated users. This script can also download
any Domino ID Files attached to the Person document. Passwords are presented
in a form suitable for running in John the Ripper.
The passwords may be stored in two forms (http://comments.gmane.org/gmane.comp.security.openwall.john.user/785):
1. Saltless (legacy support?)
Example: 355E98E7C7B59BD810ED845AD0FD2FC4
John's format name: lotus5
2. Salted (also known as "More Secure Internet Password")
Example: (GKjXibCW2Ml6juyQHUoP)
John's format name: dominosec
It appears as if form based authentication is enabled, basic authentication
still works. Therefore the script should work in both scenarios. Valid
credentials can either be supplied directly using the parameters username
and password or indirectly from results of http-brute or http-form-brute.
]]
---
-- @usage
-- nmap --script domino-enum-passwords -p 80 <host> --script-args domino-enum-passwords.username='patrik karlsson',domino-enum-passwords.password=secret
--
-- This script attempts to enumerate the password hashes used to authenticate
-- to the Lotus Domino Web interface. By default, these hashes are accessible
-- to every authenticated user. Passwords are presented in a form suitable for
-- running in John the Ripper.
--
-- The format can in two forms (http://comments.gmane.org/gmane.comp.security.openwall.john.user/785):
-- 1. Saltless (legacy support?)
-- Example: 355E98E7C7B59BD810ED845AD0FD2FC4
-- John's format name: lotus5
-- 2. Salted (also known as "More Secure Internet Password")
-- Example: (GKjXibCW2Ml6juyQHUoP)
-- John's format name: dominosec
--
-- In addition the script can be used to download
-- any ID files attached to the Person document.
--
-- It appears as if form based authentication is enabled, basic authentication
-- still works. Therefore the script should work in both scenarios. Valid
-- credentials can either be supplied directly using the parameters username
-- and password or indirectly from results of http-brute or http-form-brute.
--
-- @output
-- PORT STATE SERVICE REASON
-- 80/tcp open http syn-ack