A blog about generally interesting infosec stuff by employees of SecQuest Information Security https://www.secquest.co.uk

Thursday, 9 February 2012

Foxconn Lotus Domino Breakdown

Following Swagg Security's release of some Foxconn info (http://pastebin.com/DbHu7xCQ) I thought I'd take a quick look at the Lotus Notes stuff they posted whilst munching my sarnies. Please note that this is a quick (20 minute) crack/breakdown and not a week of real research!

The leaked "MailUsers.txt" file in the torrent contained two types of Domino hash formats; weak/unsalted (user1) and salted (user2)

John the Ripper has support for both types of these hashes so I ran these files through john using the "Rockyou" leaked dictionary.

From the 7730 users that had an entry for password along with a valid username just over 1800 password hashes were cracked with this dictionary. A breakdown of the top 10 passwords in use is below & seems to follow the "usual" pattern we see in these cases:
#  Password
85 12345678
53 password
53 123456
15 1234
14 password123
13 123
12 888888
9  foxconn
7  init123
7  999999
Some things never change eh!

From this leaked info it looks as if one of their Domino Directory (names.nsf) files allows either anonymous access or has been dumped using a valid user..

Digininja has a bit of a breakdown of the non-Lotus related passwords here

1 comment:

  1. A lot of business owners don’t know that they need to have a very clear understanding of their potential competitors. Now you can visit https://www.essaywritinglab.co.uk/assignment/ to get thesis task easily. When you’re planning a business, you need to be clear about your future competitors and what you want from them.