[PDF] Penetration: from Application down to OS.

Getting OS Access Using Lotus Domino Application Server Vulnerabilities.

This whitepaper continues a series of publications made by DSecRG
researchers describing various ways of obtaining access to the server operating system, using vulnerabilities in popular business applications which meet in the corporate environment.

This whitepaper continues a series of publications made by DSecRG
researchers describing various ways of obtaining access to the server operating system,
using vulnerabilities in popular business applications which meet in the corporate environment.

This time we will talk about Lotus Domino – a very popular application that provides enterprise-grade e-mail, collaboration capabilities. This system stores a huge amount of critical corporate data and represents a good target for a potential attacker. Also people must be aware of that this system is usually available from the Internet and can be hacked to get access to the operation system of the server in DMZ and then to the internal servers of corporate environment and in this paper we will show how to do this.

Post scriptum