Script domino-enum-users

Script types: portrule
Categories: intrusive, auth
Download: https://svn.nmap.org/nmap/scripts/domino-enum-users.nse

Script Summary

Attempts to discover valid IBM Lotus Domino users and download their ID files by exploiting the CVE-2006-5835 vulnerability.

Script Arguments

domino-enum-users.path

the location to which any retrieved ID files are stored

domino-enum-users.username

the name of the user from which to retrieve the ID. If this parameter is not specified, the unpwdb library will be used to brute force names of users.

For more information see: http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21248026

Credits ------- o Ollie Whitehouse for bringing this to my attention back in the days when it was first discovered and for the c-code on which this is based.

passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb

See the documentation for the unpwdb library.

Example Usage

nmap --script domino-enum-users -p 1352 <host>

Script Output

PORT     STATE SERVICE REASON
1352/tcp open  lotusnotes
| domino-enum-users:
|   User "Patrik Karlsson" found, but not ID file could be downloaded
|   Successfully stored "FFlintstone" in /tmp/FFlintstone.id
|_  Successfully stored "MJacksson" in /tmp/MJacksson.id

Requires

• io
• nrpc
• shortport
• stdnse
• stringaux
• table
• unpwdb

---

Author:

• Patrik Karlsson

License: Same as Nmap--See https://nmap.org/book/man-legal.html