Nmap domino-enum-users NSE Script
This page contains detailed information about how to use the domino-enum-users NSE script. For list of all NSE scripts, visit the Nmap NSE Library.
| Select: |
|---|
Script Overview
Script source code: https://github.com/nmap/nmap/tree/master/scripts/domino-enum-users.nse
Script categories: intrusive, auth
Target service / protocol: lotusnotes, tcp
Target network port(s): 1352
List of CVEs: CVE-2006-5835
Script Description
The domino-enum-users.nse script attempts to discover valid IBM Lotus Domino users and download their ID files by exploiting the CVE-2006-5835 vulnerability.
Domino-enum-users NSE Script Arguments
This is a full list of arguments supported by the domino-enum-users.nse script:
domino-enum-users.pathThe location to which any retrieved ID files are stored
domino-enum-users.usernameThe name of the user from which to retrieve the ID. If this parameter is not specified, the unpwdb library will be used to brute force names of users.
passdbThe filename of an alternate password database. Default: nselib/data/passwords.lst
unpwdb.passlimit
The maximum number of passwords passwords will return (default unlimited).
The maximum amount of time that any iterator will run before stopping. The value is in seconds by default and you can follow it with ms, s, m, or h for milliseconds, seconds, minutes, or hours. For example, unpwdb.timelimit=30m or unpwdb.timelimit=.5h for 30 minutes. The default depends on the timing template level (see the module description). Use the value 0 to disable the time limit.
The maximum number of usernames usernames will return (default unlimited).
The filename of an alternate username database. Default: nselib/data/usernames.lst
- - -
To use these script arguments, add them to the Nmap command line using the --script-args arg1=value,[arg2=value,..] syntax. For example:
nmap --script=domino-enum-users --script-args domino-enum-users.path=value,domino-enum-users.username=value <target>Domino-enum-users NSE Script Example Usage
Here's an example of how to use the domino-enum-users.nse script:
nmap --script domino-enum-users -p 1352 <host>
Domino-enum-users NSE Script Example Output
Here's a sample output from the domino-enum-users.nse script:
PORT STATE SERVICE REASON
1352/tcp open lotusnotes
| domino-enum-users:
| User "Patrik Karlsson" found, but not ID file could be downloaded
| Successfully stored "FFlintstone" in /tmp/FFlintstone.id
|_ Successfully stored "MJacksson" in /tmp/MJacksson.id
Domino-enum-users NSE Script Example XML Output
There is no sample XML output for this module. However, by providing the -oX <file> option, Nmap will produce a XML output and save it in the file.xml file.
Author
- Patrik Karlsson
References
- https://nmap.org/nsedoc/scripts/domino-enum-users.html
- https://github.com/nmap/nmap/tree/master/scripts/domino-enum-users.nse
- http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21248026
See Also
Visit Nmap NSE Library for more scripts.
The domino-enum-users.nse script may fail with the following error messages. Check for the possible causes by using the code snippets highlighted below found in the script source code. This can often times help in identifying the root cause of the problem.
Failed to open file (%s)
Here is a relevant code snippet related to the "Failed to open file (%s)" error message:
55: -- @return status true on success, false on failure
56: -- @return err string containing error message if status is false
57: local function saveIDFile( filename, data )
58: local f = io.open( filename, "w")
59: if ( not(f) ) then
60: return false, ("Failed to open file (%s)"):format(filename)
61: end
62: if ( not(f:write( data ) ) ) then
63: return false, ("Failed to write file (%s)"):format(filename)
64: end
65: f:close()
Failed to write file (%s)
Here is a relevant code snippet related to the "Failed to write file (%s)" error message:
58: local f = io.open( filename, "w")
59: if ( not(f) ) then
60: return false, ("Failed to open file (%s)"):format(filename)
61: end
62: if ( not(f:write( data ) ) ) then
63: return false, ("Failed to write file (%s)"):format(filename)
64: end
65: f:close()
66:
67: return true
68: end
Failed to load usernames
Here is a relevant code snippet related to the "Failed to load usernames" error message:
87: end
88: end )()
89: else
90: status, usernames = unpwdb.usernames()
91: if ( not(status) ) then
92: return false, "Failed to load usernames"
93: end
94: end
95:
96: for username in usernames do
97: status = helper:connect()
ERROR: Failed to connect to Lotus Domino Server %s
Here is a relevant code snippet related to the "ERROR: Failed to connect to Lotus Domino Server %s" error message:
94: end
95:
96: for username in usernames do
97: status = helper:connect()
98: if ( not(status) ) then
99: err = ("ERROR: Failed to connect to Lotus Domino Server %s"):format( host.ip )
100: break
101: end
102:
103: status, data = helper:isValidUser( username )
104: helper:disconnect()
Failed to store "%s" to %s
Here is a relevant code snippet related to the "Failed to store "%s" to %s" error message:
109:
110: if ( status ) then
111: table.insert(result, ("Successfully stored "%s" in %s"):format(username, filename) )
112: else
113: stdnse.debug1("%s", err)
114: table.insert(result, ("Failed to store "%s" to %s"):format(username, filename) )
115: end
116: elseif( status and data ) then
117: table.insert(result, ("Successfully retrieved ID for "%s" (to store set the domino-enum-users.path argument)"):format(username) )
118: elseif ( status ) then
119: table.insert(result, ("User "%s" found, but no ID file could be downloaded"):format(username) )
Version
This page has been created based on Nmap version 7.92.
Go back to menu.
