domino-enum-users
脚本使用类型:
portrule
脚本所属分类:
intrusive, auth
脚本下载地址: http://nmap.org/svn/scripts/domino-enum-users.nse
Attempts to discover valid IBM Lotus Domino users and download their ID files by exploiting the CVE-2006-5835 vulnerability.
the location to which any retrieved ID files are stored
the name of the user from which to retrieve the ID. If this parameter is not specified, the unpwdb library will be used to brute force names of users.
For more information see: http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21248026
Credits ------- o Ollie Whitehouse for bringing this to my attention back in the days when it was first discovered and for the c-code on which this is based.
执行格式
nmap --script domino-enum-users -p 1352 <host>
PORT STATE SERVICE REASON 1352/tcp open lotusnotes | domino-enum-users: | User "Patrik Karlsson" found, but not ID file could be downloaded | Succesfully stored "FFlintstone" in /tmp/FFlintstone.id |_ Succesfully stored "MJacksson" in /tmp/MJacksson.id
Author: Patrik Karlsson
License: VER007 整理 http://www.ver007.com