Date: Wed, 5 Sep 2007 11:57:08 -0300 (ART) From: Danett song <danett18@...oo.com.br> To: john-users@...ts.openwall.com Subject: Lotus Domino 6 and 7 multiple hash formats... Can JtR crack? Hi all JtR users, How are you doing? I was looking at (http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf) and seen that is very strange in FireFox you can't check this values, however in IE you can. Lollll!!! In my server we have this values in the source code, avaible with the name of "dspHTTPPassword", it's the same (The domino hash)? Also my password format is different, it's not the 32 characters hex code, it's a 22 character not hex encoded, check it please: <input name="$dspHTTPPassword" type="hidden" value="(GFmjA4YmP9C05vHn09gI)"> Is this format a new format? Not anymore based in RC4? Can JtR Break this format (with which module and any link or example?)? I tried Lcrack and Lotus Hash Breaker WITHOUT sucess. :( Any tool for this hard job? Do you know in what algorithm it's based? Also, do you know for what is used the PasswordDigest field? It's a hash to authenticate against what? <input name="$dspPasswordDigest" type="hidden" value="F05389C37C850260F278FED23334C172"> It use a password format like the old lotus domino hash (RC4), however I also can't breal it with lcrack and Domino Hash Breaker. Can JtR Break this format (with which module and any link or example?)? And also there is other hash (insane the amount of hashs...hehe), called "$dspNetUserName", for what it username is used? Username in the LAN? Maybe it's integrated with the DC? Or only to login into Lotus Notes (note the Domino)? <input name="$dspNetUserName" type="hidden" value="abf7a82595cb304e92940de392aac8df"> Thank you a lot and sorry for idiot questions. Cheers, Flickr agora em portuguÍs. VocÍ clica, todo mundo vÍ. http://www.flickr.com.br/ -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ