Attempts to discover valid IBM Lotus Domino users and download their ID files by exploiting the CVE-2006-5835 vulnerability.
the location to which any retrieved ID files are stored
the name of the user from which to retrieve the ID. If this parameter is not specified, the unpwdb library will be used to brute force names of users.
For more information see: http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21248026
Credits ------- o Ollie Whitehouse for bringing this to my attention back in the days when it was first discovered and for the c-code on which this is based.
passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdbSee the documentation for the unpwdb library.
nmap --script domino-enum-users -p 1352 <host>
PORT STATE SERVICE REASON 1352/tcp open lotusnotes | domino-enum-users: | User "Patrik Karlsson" found, but not ID file could be downloaded | Succesfully stored "FFlintstone" in /tmp/FFlintstone.id |_ Succesfully stored "MJacksson" in /tmp/MJacksson.id
Author: Patrik Karlsson
License: Same as Nmap--See http://nmap.org/book/man-legal.html