Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Lotus Notes Password Hash Redux

BSidesLV via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the vulnerabilities and security implications of Lotus Notes in this comprehensive conference talk from BSidesLV 2012. Delve into the history of weaknesses, tools for exploitation, and methods for enumerating servers and accessing sensitive information. Learn about web access vulnerabilities, Google domain searches, and user directory exploits. Discover techniques for extracting password hashes and using John the Ripper for cracking. Examine real-world examples of compromised servers, discuss mitigation strategies, and consider the current state of Lotus Notes security. Gain valuable insights for both offensive and defensive cybersecurity professionals dealing with Lotus Domino environments.

Syllabus

Intro
Who am I
What is Lotus Notes
Lotus Domino
SameTime
Who uses Lotus Domino
Companies using Lotus Domino
Previous work
History of weakness
Links
Tools
Web Access
Google Domains
Alabama
Google Search
User Directory
All Server Documents
HTTP Password
Clustered Environment
Enumerating IP Addresses
Metasploit module
Output
List of servers
Other queries
Batch vash
Showdown
Results
Individual Servers
Manual script
John the Ripper
Hash formats
snapshot
unsalted
findings
mitigations
is it dead
take action
corporate English

Taught by

BSidesLV

Reviews

Start your review of Lotus Notes Password Hash Redux

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.