«
Expand/Collapse
73 items tagged "domino"
Related tags:
exe component [+],
buffer overflow vulnerability [+],
security [+],
w activex [+],
module [+],
lotus inotes [+],
initiative [+],
dwa [+],
bind request [+],
activex buffer overflow [+],
site [+],
service vulnerability [+],
secunia [+],
domino sametime [+],
domino event [+],
denial [+],
cross site scripting [+],
black hat [+],
advisory [+],
lotus domino [+],
security advisory [+],
pdf [+],
domino server [+],
domino icalendar [+],
denial of service [+],
code execution [+],
zero day [+],
tags [+],
service [+],
scripting [+],
request packet [+],
remote [+],
mailto [+],
mailbox account [+],
imap services [+],
http [+],
falling [+],
execution [+],
domino authentication [+],
cross [+],
content [+],
cid [+],
bypass [+],
authors [+],
authentication [+],
lotus [+],
whitepaper [+],
usa [+],
slides [+],
scanner [+],
reflected [+],
multiple [+],
lotus notes domino [+],
lotus domino server [+],
kevin mcpeake [+],
dominos [+],
cybsec [+],
criando [+],
buffer [+],
zero [+],
day [+],
wouter aukema [+],
windows [+],
william [+],
target address [+],
stack overflow [+],
security 2001 [+],
safer use [+],
s system [+],
remote buffer overflow [+],
part [+],
paper [+],
overflow vulnerability [+],
nsfcomputeevaluateext [+],
nldap [+],
nbsp [+],
lotus script [+],
install [+],
hat [+],
hackproofing [+],
domino web server [+],
domino version [+],
domino servers [+],
domino scanner [+],
domino hasheslink [+],
domino current [+],
domino base [+],
dawson [+],
david litchfield [+],
buffer overflow [+],
black [+],
bill [+],
asia [+],
aldora louw [+],
vulnerability [+],
arbitrary code execution [+],
ibm [+],
stack buffer [+],
code [+]
-
-
19:16
»
Packet Storm Security Exploits
This Metasploit module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "Attachment_Times" property, due to the insecure usage of the _swscanf. The affected ActiveX is provided by the dwa85W.dll installed with the IBM Lotus iNotes ActiveX installer. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the dwa85W.dll 85.3.3.0 as installed with Lotus Domino 8.5.3. In order to bypass ASLR the no aslr compatible module dwabho.dll is used. This one is installed with the iNotes ActiveX.
-
19:16
»
Packet Storm Security Exploits
This Metasploit module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "Attachment_Times" property, due to the insecure usage of the _swscanf. The affected ActiveX is provided by the dwa85W.dll installed with the IBM Lotus iNotes ActiveX installer. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the dwa85W.dll 85.3.3.0 as installed with Lotus Domino 8.5.3. In order to bypass ASLR the no aslr compatible module dwabho.dll is used. This one is installed with the iNotes ActiveX.
-
19:16
»
Packet Storm Security Recent Files
This Metasploit module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "Attachment_Times" property, due to the insecure usage of the _swscanf. The affected ActiveX is provided by the dwa85W.dll installed with the IBM Lotus iNotes ActiveX installer. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the dwa85W.dll 85.3.3.0 as installed with Lotus Domino 8.5.3. In order to bypass ASLR the no aslr compatible module dwabho.dll is used. This one is installed with the iNotes ActiveX.
-
19:16
»
Packet Storm Security Recent Files
This Metasploit module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "Attachment_Times" property, due to the insecure usage of the _swscanf. The affected ActiveX is provided by the dwa85W.dll installed with the IBM Lotus iNotes ActiveX installer. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the dwa85W.dll 85.3.3.0 as installed with Lotus Domino 8.5.3. In order to bypass ASLR the no aslr compatible module dwabho.dll is used. This one is installed with the iNotes ActiveX.
-
19:16
»
Packet Storm Security Misc. Files
This Metasploit module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "Attachment_Times" property, due to the insecure usage of the _swscanf. The affected ActiveX is provided by the dwa85W.dll installed with the IBM Lotus iNotes ActiveX installer. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the dwa85W.dll 85.3.3.0 as installed with Lotus Domino 8.5.3. In order to bypass ASLR the no aslr compatible module dwabho.dll is used. This one is installed with the iNotes ActiveX.
-
19:16
»
Packet Storm Security Misc. Files
This Metasploit module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "Attachment_Times" property, due to the insecure usage of the _swscanf. The affected ActiveX is provided by the dwa85W.dll installed with the IBM Lotus iNotes ActiveX installer. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the dwa85W.dll 85.3.3.0 as installed with Lotus Domino 8.5.3. In order to bypass ASLR the no aslr compatible module dwabho.dll is used. This one is installed with the iNotes ActiveX.
-
-
20:04
»
Packet Storm Security Advisories
Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM Lotus Domino, which can be exploited by malicious people to conduct HTTP response splitting and cross-site scripting attacks.
-
-
8:28
»
Carnal0wnage
occasionally I run into Lotus Domino stuff on tests.
William Dawson (
@bill_e_ghote) did a talk at Bsides LV 2012 and skytalks on Lotus Domino hashes
Link -->
http://youtu.be/vfUqZo1Hrygits worth a listen if you need some background info.
in 2010 i dropped a lotus domino version module
http://carnal0wnage.attackresearch.com/2010/05/metasploit-lotus-domino-version-scanner.htmlThe module is in the trunk, you can read the post but in my experience newer version of Lotus Domino dont actually advertise that they are lotus domino in the banner, thus you need a way to identify these and once identified figure out current version so you can see if there are any exploits for it.
One of the other things Bill mentions is locating these vulnerable pages. He uses google dorks, which is useful as long as the site is indexed. While not in the trunk, awhile back i had a bunch of domino servers on a pentest. I ended up taking all the domino scanners i could find and combing those wordlists into one wordlist and writing a metasploit module to search for those URLs. The key was that we wanted to see which ones were open to the world and which ones require authentication (correct behavior) and any the forwarded you to somewhere else (probably because you are on 80 and the site requires 443).
In my github repo is the module and wordlist
module is here:
https://github.com/carnal0wnage/Metasploit-Code/blob/master/modules/auxiliary/scanner/lotus_domino_scanner.rbwordlist is here:
https://github.com/carnal0wnage/Metasploit-Code/blob/master/data/wordlists/lotus_domino_bases.txtif i'm missing some urls please let me know so i can update the list.
looks like this when run
msf auxiliary(lotus_domino_scanner) > run
[*] Scanning 192.168.1.4:443
[*] Bases with Anonymous Access:
download/filesets/l_LOTUS_SCRIPT.inf
download/filesets/l_SEARCH.inf
download/filesets/n_LOTUS_SCRIPT.inf
download/filesets/n_SEARCH.inf
events4.nsf
help/lsxlc.nsf
homepage.nsf
iNotes/Forms6.nsf
iNotes/Forms7.nsf
mtatbls.nsf
[*] Bases Requiring Authentication:
admin4.nsf
agentrunner.nsf
agentrunner.nsf
Bookmark.nsf
certlog.nsf
certsrv.nsf
certsrv.nsf
cldbdir.nsf
dbdirman.nsf
ddm.nsf
doladmin.nsf
domadmin.nsf
domcfg.nsf
domcfg.nsf/?open
log.nsf
log.nsf
mail1.box
mail2.box
names.nsf
names.nsf
names.nsf/$Users
schema.nsf
statrep.nsf
statrep.nsf
statrep.nsf?ReadEntries
webadmin.nsf
webadmin.nsf
[*] Forward:
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
-
-
19:20
»
Packet Storm Security Advisories
Secunia Security Advisory - A vulnerability has been reported in IBM Lotus Quickr for Domino, which can be exploited by malicious people to compromise a user's system.
-
-
8:35
»
Packet Storm Security Recent Files
IBM Lotus Notes/Domino server suffers from a remote denial of service vulnerability that can be triggered by a malformed TCP packet. Versions 8.5.2 FP3 and earlier, 8.5.1, 8.5 and 8.0.x are affected.
-
8:35
»
Packet Storm Security Misc. Files
IBM Lotus Notes/Domino server suffers from a remote denial of service vulnerability that can be triggered by a malformed TCP packet. Versions 8.5.2 FP3 and earlier, 8.5.1, 8.5 and 8.0.x are affected.
-
-
0:52
»
Packet Storm Security Advisories
Secunia Security Advisory - A vulnerability has been reported in IBM Lotus Domino, which can be exploited by malicious people to cause a DoS (Denial of Service).
-
-
19:49
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
17:58
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in IBM Lotus Domino iCalendar. By sending a long string of data as the "ORGANIZER;mailto" header, process "nRouter.exe" crashes due to a Cstrcpy() routine in nnotes.dll, which allows remote attackers to gain arbitrary code execution. Note: In order to trigger the vulnerable code path, a valid Domino mailbox account is needed.
-
17:58
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in IBM Lotus Domino iCalendar. By sending a long string of data as the "ORGANIZER;mailto" header, process "nRouter.exe" crashes due to a Cstrcpy() routine in nnotes.dll, which allows remote attackers to gain arbitrary code execution. Note: In order to trigger the vulnerable code path, a valid Domino mailbox account is needed.
-
17:58
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in IBM Lotus Domino iCalendar. By sending a long string of data as the "ORGANIZER;mailto" header, process "nRouter.exe" crashes due to a Cstrcpy() routine in nnotes.dll, which allows remote attackers to gain arbitrary code execution. Note: In order to trigger the vulnerable code path, a valid Domino mailbox account is needed.
-
-
1:16
»
Packet Storm Security Advisories
Secunia Security Advisory - A vulnerability has been reported in IBM Lotus Domino, which can be exploited by malicious people to compromise a vulnerable system.
-
-
18:24
»
Packet Storm Security Advisories
Secunia Security Advisory - Some vulnerabilities have been reported in IBM Lotus Domino, which can be exploited by malicious people to compromise a vulnerable system.
-
8:20
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-053 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the ndiiop.exe component which listens by default on a dynamic TCP port. When handling a GIOP getEnvironmentString request the process blindly copies user supplied argument into an stack buffer while checking the local variable cache. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
-
8:20
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-053 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the ndiiop.exe component which listens by default on a dynamic TCP port. When handling a GIOP getEnvironmentString request the process blindly copies user supplied argument into an stack buffer while checking the local variable cache. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
-
8:20
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-053 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the ndiiop.exe component which listens by default on a dynamic TCP port. When handling a GIOP getEnvironmentString request the process blindly copies user supplied argument into an stack buffer while checking the local variable cache. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
-
8:10
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-052 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the ndiiop.exe component which listens by default on a dynamic TCP port. When handling a GIOP client Request packet type the process can be made to mis-allocate a buffer size due to a signed-ness bug. Later, the process blindly copies user supplied data into this under allocated heap buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
-
8:10
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-052 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the ndiiop.exe component which listens by default on a dynamic TCP port. When handling a GIOP client Request packet type the process can be made to mis-allocate a buffer size due to a signed-ness bug. Later, the process blindly copies user supplied data into this under allocated heap buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
-
8:10
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-052 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the ndiiop.exe component which listens by default on a dynamic TCP port. When handling a GIOP client Request packet type the process can be made to mis-allocate a buffer size due to a signed-ness bug. Later, the process blindly copies user supplied data into this under allocated heap buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
-
7:01
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-049 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SMTP service while processing a malformed e-mail. The process continually appends each argument within a filename parameter into a buffer in memory. By providing enough data this buffer can overflow leading to arbitrary code execution under the context of the SYSTEM user.
-
7:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-049 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SMTP service while processing a malformed e-mail. The process continually appends each argument within a filename parameter into a buffer in memory. By providing enough data this buffer can overflow leading to arbitrary code execution under the context of the SYSTEM user.
-
7:01
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-049 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SMTP service while processing a malformed e-mail. The process continually appends each argument within a filename parameter into a buffer in memory. By providing enough data this buffer can overflow leading to arbitrary code execution under the context of the SYSTEM user.
-
6:32
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-048 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nrouter.exe service while processing a malformed calendar meeting request. The process copies the contents of the name parameter within the Content-Type header into a fixed size stack buffer. By providing enough data this buffer can overflow leading to arbitrary code execution under the context of the SYSTEM user.
-
6:32
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-048 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nrouter.exe service while processing a malformed calendar meeting request. The process copies the contents of the name parameter within the Content-Type header into a fixed size stack buffer. By providing enough data this buffer can overflow leading to arbitrary code execution under the context of the SYSTEM user.
-
6:32
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-048 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nrouter.exe service while processing a malformed calendar meeting request. The process copies the contents of the name parameter within the Content-Type header into a fixed size stack buffer. By providing enough data this buffer can overflow leading to arbitrary code execution under the context of the SYSTEM user.
-
6:19
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-047 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the nLDAP.exe component which listens by default on TCP port 389. When handling the an LDAP Bind Request packet the process blindly copies user supplied data into an undersized shared memory buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
-
6:19
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-047 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the nLDAP.exe component which listens by default on TCP port 389. When handling the an LDAP Bind Request packet the process blindly copies user supplied data into an undersized shared memory buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
-
6:19
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-047 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the nLDAP.exe component which listens by default on TCP port 389. When handling the an LDAP Bind Request packet the process blindly copies user supplied data into an undersized shared memory buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
-
6:12
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-046 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NRouter service while transporting malformed e-mails. The vulnerable code copies data from the ATTACH:CID and Content-ID headers within an e-mail into a fixed length stack buffer. By providing a large enough file name, this buffer can overflow leading to arbitrary code execution under the context of the SYSTEM user.
-
6:12
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-046 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NRouter service while transporting malformed e-mails. The vulnerable code copies data from the ATTACH:CID and Content-ID headers within an e-mail into a fixed length stack buffer. By providing a large enough file name, this buffer can overflow leading to arbitrary code execution under the context of the SYSTEM user.
-
6:12
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-046 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NRouter service while transporting malformed e-mails. The vulnerable code copies data from the ATTACH:CID and Content-ID headers within an e-mail into a fixed length stack buffer. By providing a large enough file name, this buffer can overflow leading to arbitrary code execution under the context of the SYSTEM user.
-
5:12
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-045 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the POP3 and IMAP services while processing malformed e-mails. The vulnerable code expands specific non-printable characters within a "mail from" command without allocating adequate space. By providing enough of these characters, memory can be corrupted leading to arbitrary code execution under the context of the SYSTEM user.
-
5:12
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-045 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the POP3 and IMAP services while processing malformed e-mails. The vulnerable code expands specific non-printable characters within a "mail from" command without allocating adequate space. By providing enough of these characters, memory can be corrupted leading to arbitrary code execution under the context of the SYSTEM user.
-
5:12
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-045 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the POP3 and IMAP services while processing malformed e-mails. The vulnerable code expands specific non-printable characters within a "mail from" command without allocating adequate space. By providing enough of these characters, memory can be corrupted leading to arbitrary code execution under the context of the SYSTEM user.
-
-
17:33
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
22:01
»
Packet Storm Security Recent Files
Whitepaper called Criando scanner para detector a falha Lotus Domino vulneravel ao exploit do Metasploit. Written in Portuguese.
-
-
21:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-177 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nrouter.exe service while processing a malformed e-mail. The process copies the contents of the MAILTO header within a calendar request into a fixed size stack buffer. By providing enough data this buffer can overflow leading to arbitrary code execution under the context of the SYSTEM user.
-
21:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-177 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nrouter.exe service while processing a malformed e-mail. The process copies the contents of the MAILTO header within a calendar request into a fixed size stack buffer. By providing enough data this buffer can overflow leading to arbitrary code execution under the context of the SYSTEM user.
-
-
6:36
»
Carnal0wnage
I pushed out the first of a few Lotus Domino modules I've been working on to the metasploit trunk last nite.
The first one is a
Lotus Domino Version Module.
There is no real "banner grabbing" for versions with Lotus Domino, old old versions "may" display the version in the server headers but I've never seen anything above 5.x do this. You usually get something like:
HTTP/1.0 200 OK
Server: Lotus-Domino
Date: Fri, 30 Apr 2010 00:19:11 GMT
Last-Modified: Wed, 07 Apr 2010 01:39:54 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 5390
Cache-control: private
ETag: W/"MTAtODA4NS1DMTI1NzZENjAwMTVGRDhELTAtMA=="
for headers.
Useful enough to identify that its a Domino web server but not so much for using the couple of remote exploits out there that are very version and/or fixpack dependent.
There are a couple of files that the web server may serve up that have version information.
The first being iNotes/FormsX.nsf that usually has the version information as a comment in the html (this can be turned off) and the second being download/filesets/l_LOTUS_SCRIPT.inf
type files that has the base install version (at least as far as I can tell its the base install). *If thats not right please let me know*
So let's give it a test drive...
msf > use auxiliary/scanner/lotus/lotus_domino_version
msf auxiliary(lotus_domino_version) > info
Name: Lotus Domino Version
Version: $Revision$
License: Metasploit Framework License (BSD)
Rank: Normal
Provided by:
CG
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
PATH / yes path
Proxies no Use a proxy chain
RHOSTS yes The target address range or CIDR identifier
RPORT 80 yes The target port
THREADS 1 yes The number of concurrent threads
VHOST no HTTP server virtual host
Description:
Checks to determine Lotus Domino Server Version.
msf auxiliary(lotus_domino_version) > set RHOSTS file:/home/user/shodan-domino.txt
RHOSTS => file:/home/user/shodan-domino.txt
msf auxiliary(lotus_domino_version) > run
[*] 192.168.245.101:80 Lotus Domino Current Version: 6.5.4 (Windows NT/Intel)
[*] 192.168.245.101:80 Lotus Domino Base Install Version: 6.0.5.50
[*] 192.168.245.101:80 Lotus Domino Base Install Version: 6.0.5.50
[*] 192.168.245.101:80 Lotus Domino Base Install Version: 6.0.5.50
[*] 192.168.245.101:80 Lotus Domino Base Install Version: 6.0.5.50
[*] 192.168.80.132:80 Lotus Domino Current Version: 6.5.5 (Solaris Sparc)
[*] 192.168.80.132:80 Lotus Domino Base Install Version: 6.0.4
[*] 192.168.80.132:80 Lotus Domino Base Install Version: 6.0.4
[-] no response for 192.168.80.132:80 download/filesets/l_SEARCH.inf
[*] 192.168.80.132:80 Lotus Domino Base Install Version: 6.0.4
[*] Scanned 02 of 20 hosts (010% complete)
[*] 192.168.220.33:80 Lotus Domino Current Version: 8.0.2 HF1190 (Windows NT/Intel)
[*] 192.168.220.33:80 Lotus Domino Current Version: 8.0.2 HF1190 (Windows NT/Intel)
[*] 192.168.220.33:80 Lotus Domino Base Install Version: 8.0.1.0
[*] 192.168.220.33:80 Lotus Domino Base Install Version: 8.0.1.0
[*] 192.168.220.33:80 Lotus Domino Base Install Version: 8.0.1.0
[*] 192.168.220.33:80 Lotus Domino Base Install Version: 8.0.1.0
[-] 192.168.152.68:80 302 Redirect to https://192.168.152.68/iNotes/Forms5.nsf
[-] 192.168.152.68:80 302 Redirect to https://192.168.152.68/iNotes/Forms6.nsf
[-] 192.168.152.68:80 302 Redirect to https://192.168.152.68/iNotes/Forms7.nsf
[-] 192.168.152.68:80 302 Redirect to https://192.168.152.68/download/filesets/l_LOTUS_SCRIPT.inf
[-] 192.168.152.68:80 302 Redirect to https://192.168.152.68/download/filesets/n_LOTUS_SCRIPT.inf
[-] 192.168.152.68:80 302 Redirect to https://192.168.152.68/download/filesets/l_SEARCH.inf
[-] 192.168.152.68:80 302 Redirect to https://192.168.152.68/download/filesets/n_SEARCH.inf
[*] Scanned 04 of 20 hosts (020% complete)
[*] 192.168.166.33:80 Lotus Domino Current Version: 7.0.1 (Windows NT/Intel)
[*] 192.168.166.33:80 Lotus Domino Current Version: 7.0.1 (Windows NT/Intel)
[*] 192.168.166.33:80 Lotus Domino Base Install Version: 7.0.1.0
[*] 192.168.166.33:80 Lotus Domino Base Install Version: 7.0.1.0
[*] 192.168.166.33:80 Lotus Domino Base Install Version: 7.0.1.0
[*] 192.168.166.33:80 Lotus Domino Base Install Version: 7.0.1.0
[*] Scanned 06 of 20 hosts (030% complete)
[*] 192.168.33.93:80 Lotus Domino Current Version: 7.0.2 (Windows NT/Intel)
[*] 192.168.33.93:80 Lotus Domino Current Version: 7.0.2 (Windows NT/Intel)
[*] 192.168.33.93:80 Lotus Domino Base Install Version: 7.0.2.0
[*] 192.168.33.93:80 Lotus Domino Base Install Version: 7.0.2.0
[*] 192.168.33.93:80 Lotus Domino Base Install Version: 7.0.2.0
[*] 192.168.33.93:80 Lotus Domino Base Install Version: 7.0.2.0
[*] 192.168.246.154:80 Lotus Domino Current Version: 7.0.3FP1 (Windows NT/Intel)
[*] 192.168.246.154:80 Lotus Domino Current Version: 7.0.3FP1 (Windows NT/Intel)
[*] 192.168.246.154:80 Lotus Domino Base Install Version: 7.0.3.0
[*] 192.168.246.154:80 Lotus Domino Base Install Version: 7.0.3.0
[*] 192.168.246.154:80 Lotus Domino Base Install Version: 7.0.3.0
[*] 192.168.246.154:80 Lotus Domino Base Install Version: 7.0.3.0
...
-
19:00
»
Packet Storm Security Exploits
CYBSEC Security Advisory - The help section in IBM Lotus Domino version 7.0.2 suffers from a reflected cross site scripting vulnerability.