Beispiel #1
0
	parser.add_argument('-p', '--password', help='Password', default='', nargs='+', required=False)
	parser.add_argument('--hashdump', help='Dump Domino hashes', action='store_true', required=False)
	parser.add_argument('--quickconsole', help='Interact with Domino Quick Console', action='store_true', required=False)
	args = parser.parse_args()

	HEADER = {
		'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36',
		'Accept': '*/*',
		'Accept-Language': 'en-US,en;q=0.5',
		'Accept-Encoding': 'gzip, deflate',
		'Connection': 'keep-alive'
	}
	# Process Domino URL
	target = utility.process_url(args.url)

	# Interact with quick console
	if args.quickconsole:
		utility.print_status('Accessing Domino Quick Console...')
		quickconsole.check_access(target, HEADER, args.username, ' '.join(args.password))

	# Dump hashes
	elif args.hashdump:
		utility.print_status('Enumerating accounts...')
		hashdump.enum_accounts(target, HEADER, args.username, ' '.join(args.password))

	# Fingerprint
	else:
		utility.print_status('Fingerprinting Domino server...')
		fingerprint.fingerprint(target, HEADER)
		fingerprint.check_portals(target, HEADER)
Beispiel #2
0
	# Process Domino URL
	target = utility.check_url(args.url)
	if target:
		# Detect type of authentication
		auth_type = utility.detect_auth(target)
		if auth_type:

			# Fingerprint
			if args.action == 'fingerprint':
				utility.print_status('Fingerprinting Domino server')
				fingerprint.fingerprint(target, args.username, ' '.join(args.password), auth_type)

			# Dump hashes
			elif args.action == 'hashdump':
				utility.print_status('Dumping account hashes')
				hashdump.enum_accounts(target, args.username, ' '.join(args.password), auth_type)

			# Interact with Quick Console
			elif args.action == 'console':
				utility.print_status('Accessing Domino Quick Console')
				quickconsole.check_access(target, args.username, ' '.join(args.password), auth_type)

			# Reverse brute force
			else:
				if os.path.isfile(args.userlist):
					utility.print_status("Starting reverse brute force with '{0}' as the password".format(' '.join(args.password)))
					bruteforce.reverse_bruteforce(target, os.path.abspath(args.userlist), ' '.join(args.password), auth_type)
				else:
					utility.print_warn('You must supply a file containing a list of usernames')

		else:
Beispiel #3
0
	target = utility.check_url(args.url)
	if target == None:
		utility.print_warn('Please provide a valid URL!')
	else:

		# Detect type of authentication the Domino server is using
		auth_type = utility.detect_auth(target)

		# Interact with quick console
		if args.quickconsole:
			utility.print_status('Accessing Domino Quick Console...')
			quickconsole.check_access(target, args.username, ' '.join(args.password), auth_type)

		# Dump hashes
		elif args.hashdump:
			utility.print_status('Dumping account hashes...')
			hashdump.enum_accounts(target, args.username, ' '.join(args.password), auth_type)

		# Reverse brute force
		elif args.bruteforce:
			if os.path.isfile(args.username):
				utility.print_status("Starting reverse brute force with {0} as the password...".format(' '.join(args.password)))
				bruteforce.reverse_bruteforce(target, args.username, ' '.join(args.password), auth_type)
			else:
				utility.print_warn('You must supply the full path to a file containing a list of usernames!')

		# Fingerprint
		else:
			utility.print_status('Fingerprinting Domino server...')
			fingerprint.fingerprint(target, args.username, ' '.join(args.password), auth_type)