Domino effect exploits an IBM Domino Database Security Bypass vulnerability, CVE-2005-2428, to extract password hashes from the names.nsf database. Domino effect obtains password hashes from hidden HTML HTTPPassword and dspHTTPPassword fields and outputs them to stdout in multiple formats for use with hashcat and/or john the ripper.
This script was inspired by @maudits's fetchDomino
Domino Effect - A Lotus Domino password hash tool by Jonathan Broche (@g0jhonny)
positional arguments:
system IP address or hostname to harvest hashes from.
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-u path, --uri path Path to the names.nsf file. [Default: /names.nsf]
Output Options:
--hashcat Print results for use with hashcat.
--john Print results for use with John the Ripper.