Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 5 Sep 2007 11:57:08 -0300 (ART)
From: Danett song <danett18@...oo.com.br>
To: john-users@...ts.openwall.com
Subject: Lotus Domino 6 and 7 multiple hash formats... Can JtR crack?

Hi all JtR users,

How are you doing?

I was looking at
(http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf)
and seen that is very strange in FireFox you can't
check this values, however in IE you can. Lollll!!!

In my server we have this values in the source code,
avaible with the name of "dspHTTPPassword", it's the
same  (The domino hash)?

Also my password format is different, it's not the 32
characters hex code, it's a 22 character not hex
encoded, check it please:

<input name="$dspHTTPPassword" type="hidden"
value="(GFmjA4YmP9C05vHn09gI)">

Is this format a new format? Not anymore based in RC4?
Can JtR Break this format (with which module and any
link or example?)? I tried Lcrack and Lotus Hash
Breaker WITHOUT sucess. :(

Any tool for this hard job? Do you know in what
algorithm it's based?

Also, do you know for what is used the PasswordDigest
field? It's a hash to authenticate against what?

<input name="$dspPasswordDigest" type="hidden"
value="F05389C37C850260F278FED23334C172">

It use a password format like the old lotus domino
hash (RC4), however I also can't breal it with lcrack
and Domino Hash Breaker. Can JtR Break this format
(with which module and any link or example?)?

And also there is other hash (insane the amount of
hashs...hehe), called "$dspNetUserName", for what it
username is used? Username in the LAN? Maybe it's
integrated with the DC? Or only to login into Lotus
Notes (note the Domino)?

<input name="$dspNetUserName" type="hidden"
value="abf7a82595cb304e92940de392aac8df">

Thank you a lot and sorry for idiot questions.

Cheers,


      Flickr agora em português. Você clica, todo mundo vê.
http://www.flickr.com.br/

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ