Skip to content

yehgdotnet/domi-owned

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits

domi_owned

domi_owned

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

domi-owned.py

domi-owned.py

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation

Domi-Owned

Summary

Domi-Owned is a tool used for compromising IBM/Lotus Domino servers.

Tested on IBM/Lotus Domino 8.5.2, 8.5.3, 9.0.0, and 9.0.1 running on Windows and Linux.

Usage

A valid username and password is not required unless 'names.nsf' and/or 'webadmin.nsf' requires authentication.

Fingerprinting

Running Domi-Owned with the fingerprint action argument, and a URL will attempt to identify the Domino server version, as well as check if 'names.nsf' and 'webadmin.nsf' requires authentication.

If a username and password are given, using the --username and --password arguments, Domi-Owned will check to see if that account can access 'names.nsf' and 'webadmin.nsf' with those credentials.

Example:

./domi-owned.py fingerprint http://domino-server.com

asciicast

Dump Hashes

To dump all Domino accounts with a non-empty hash, run Domi-Owned with the hashdump action argument and the server URL. Optionally, supply Domi-Owned with a username and password using the --username and --password arguments. This will print the results to the screen and write the account hashes to separate out-files, depending on the hash type (Domino 5, Domino 6, Domino 8).

Example:

./domi-owned.py hashdump http://domino-server.com --username USERNAME --password PASSWORD

asciicast

Quick Console

The Domino Quick Console is active by default; however, it will not show the output of issued commands. A work around to this problem is to redirect the command output to a file, in this case 'log.txt', that is then displayed as a web page on the Domino server.

If the console action argument is given, Domi-Owned will access the Domino Quick Console, through 'webadmin.nsf', allowing the user to issue native Windows or Linux commands. Optionally, supply a username and password using the --username and --password arguments. Domi-Owned will then retrieve the output of the command and display the results in real time through a command line interpreter. Type exit to quit the Quick Console interpreter. Upon exit, Domi-Owned will delete the 'log.txt' output file.

Example:

./domi-owned.py console http://domino-server.com --username USERNAME --password PASSWORD

asciicast

Reverse Brute Force

To perform a reverse brute force attack against a Domino server, run Domi-Owned with the brute action argument, the server URL, a list of usernames, and an optional password with the --password argument. Domi-Owned will then try to authenticate to 'names.nsf', returning successful accounts.

Example:

./domi-owned.py brute http://domino-server.com usernames.txt --password PASSWORD

asciicast

Credits

Special Thanks:

  • Jeff McCutchan - jamcut (@jamcut) - For coming up with an awesome name!

About

IBM/Lotus Domino exploitation

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%