A blog about generally interesting infosec stuff..

Friday, 14 September 2012

44Con - Cracking Lotus Domino Passwords

Following my presentation on penetration testing in a Notes/Domino environment (slides will be uploaded soon!) I had a couple of queries about the software used in the Notes ID file password cracking demo & where to download the local access protection tool.

The software was Passware's latest and greatest "Passware Password Recovery Kit Forensic V12" which their marketing manager, Nataly, had been kind enough to allow us to use a beta version for 44Con.

The difference between this software and any of the others that we've tried is that this allows multiple ID files to be loaded in and cracked in a batch along with other file types!

Read more »
Posted by at No comments:

Thursday, 30 August 2012

SmartScreen Filter Revisited

Following up on the blog post last year about Microsoft downloading potentially private/sensitive files due to SmartScreen filter we thought that we'd take a look at IE10 on Windows 8. Files used in testing were old versions of cmd.exe so should be "known good" on any whitelists.

Yet again we found that files that you download are hoovered up by Microsoft servers a short time after!

Read more »
Posted by at No comments:

Thursday, 26 April 2012

Bsides London Challenge 6 Solution

As it's the day after Bsides London which was excellent with some talented presenters I thought I'd post my solution to challenge 6 - Finding Nero.

Linky --> Bsides_Walkthrough.pdf

Enjoy!
Fully
Posted by at No comments:

Thursday, 9 February 2012

Foxconn Lotus Domino Breakdown

Following Swagg Security's release of some Foxconn info (http://pastebin.com/DbHu7xCQ) I thought I'd take a quick look at the Lotus Notes stuff they posted whilst munching my sarnies. Please note that this is a quick (20 minute) crack/breakdown and not a week of real research!

The leaked "MailUsers.txt" file in the torrent contained two types of Domino hash formats; weak/unsalted (user1) and salted (user2)
user1:D3D44EED37928E47777F1B6C937F4068
user2:(GcE5LxKhZO5riNHlvasU)

Read more »
Posted by at No comments:

Friday, 9 December 2011

SmartScreen Filter Going Too Far?

Chatting to a friend earlier who had noticed requests for files on his server coming from unknown IP addresses.  Nothing weird about that, happens all the time...

BUT the files being requested had UNIQUE filenames known only to person-X and person-Y!

Looking in to this the issue is caused by IE9's SmartScreen protection. Files you download with IE are subsequently downloaded by a 3rd party, presumably for analysis. This could cause a serious breach of privacy and is DEFAULT behaviour.

Read more »
Posted by at No comments:
Subscribe to: Posts (Atom)