A blog about generally interesting infosec stuff by Darren Fuller/Paul Marsh, SecQuest Information Security https://www.secquest.co.uk

Friday, 14 September 2012

44Con - Cracking Lotus Domino Passwords

Following my presentation on penetration testing in a Notes/Domino environment (slides will be uploaded soon!) I had a couple of queries about the software used in the Notes ID file password cracking demo & where to download the local access protection tool.

Second question first: you can get the tool from https://www.secquest.co.uk/downloads.sq

The software was Passware's latest and greatest "Passware Password Recovery Kit Forensic V12" which their marketing manager, Nataly, had been kind enough to allow us to use a beta version for 44Con.

The difference between this software and any of the others that we've tried is that this allows multiple ID files to be loaded in and cracked in a batch along with other file types!


As security consultants it is important to us that we give our clients the best value for money possible and batch processing allows things like queuing Notes ID files for password cracking at the same time as Excel and Word documents! Passwords.doc can be cracking at the same time as the ID files for a bunch of Notes admins!

Without making this blog post sound more like an advert than a post about Notes password cracking I have to say that I'm quite impressed with the software, previous versions required every ID to be loaded individually, run through a dictionary, checked for output and the process restarted until a password was found.  This allows you to load a lot of files (I've tried 520 with success) and just let the software crack on (pun intended!).

The only thing missing here is a sound being played when an ID file is cracked.. you could leave it cracking and get on with other hackery type stuff until you hear "Yabba Dabba Dooooooo!" and know that the Notes domain is yours :o)

Not sure about pricing for V12 but there should be some information on Passware's site soon.   Anyway, the following video shows the latest beta in action (I think the release version is due out in a week or two).

This uses one of the Lulzsec password leaks as a dictionary which contains just over 36,300 words. 17 ID files are cracked in about a minute with the app running in an XP VM with 2GB RAM, not bad!

Video looks best when viewed in HD..
 

No comments:

Post a Comment