A blog about generally interesting infosec stuff by Darren Fuller/Paul Marsh, SecQuest Information Security https://www.secquest.co.uk

Friday, 14 September 2012

44Con - Cracking Lotus Domino Passwords

Following my presentation on penetration testing in a Notes/Domino environment (slides will be uploaded soon!) I had a couple of queries about the software used in the Notes ID file password cracking demo & where to download the local access protection tool.

Second question first: you can get the tool from https://www.secquest.co.uk/downloads.sq

The software was Passware's latest and greatest "Passware Password Recovery Kit Forensic V12" which their marketing manager, Nataly, had been kind enough to allow us to use a beta version for 44Con.

The difference between this software and any of the others that we've tried is that this allows multiple ID files to be loaded in and cracked in a batch along with other file types!

Thursday, 30 August 2012

SmartScreen Filter Revisited

Following up on the blog post last year about Microsoft downloading potentially private/sensitive files due to SmartScreen filter we thought that we'd take a look at IE10 on Windows 8. Files used in testing were old versions of cmd.exe so should be "known good" on any whitelists.

Yet again we found that files that you download are hoovered up by Microsoft servers a short time after!

Thursday, 26 April 2012

Bsides London Challenge 6 Solution

As it's the day after Bsides London which was excellent with some talented presenters I thought I'd post my solution to challenge 6 - Finding Nero.

Linky --> Bsides_Walkthrough.pdf

Enjoy!
Fully

Thursday, 9 February 2012

Foxconn Lotus Domino Breakdown

Following Swagg Security's release of some Foxconn info (http://pastebin.com/DbHu7xCQ) I thought I'd take a quick look at the Lotus Notes stuff they posted whilst munching my sarnies. Please note that this is a quick (20 minute) crack/breakdown and not a week of real research!

The leaked "MailUsers.txt" file in the torrent contained two types of Domino hash formats; weak/unsalted (user1) and salted (user2)
user1:D3D44EED37928E47777F1B6C937F4068
user2:(GcE5LxKhZO5riNHlvasU)