Nmap Development mailing list archives
Re: [NSE] oracle-brute
From: Patrik Karlsson <patrik () cqure net>
Date: Mon, 5 Sep 2011 19:59:20 +0200
On Sep 5, 2011, at 7:10 PM, David Fifield wrote:
On Mon, Sep 05, 2011 at 10:15:49AM +0200, Patrik Karlsson wrote:Hi all, I've just committed an updated version of the oracle-brute script. There are a few changes including the change to a connection pool and better suited set of credentials to guess.Instead of using the nmap user- and pass-lists it now defaults to a list of common oracle credentials. I ended up creating a new list of common credentials because I didn't wan't to spend more time trying to figure out how to get some of the good ones properly licensed.#!comment: This password file was created from the hashes in dfltpass.sql a #!comment: script created by Oracle to scan databases for default credentials.Is this dfltpass.sql the same as http://www.unicle.co.uk/prdb/scripts/dfltpass.html? If so, that file says "Copyright (c) 2005, 2006, Oracle. All rights reserved." so it might not be acceptable. Did you have to reverse the hashes from that script?
I actually ran these hashes through John the ripper, so I'm not sure where that leaves us.
We might want to filter the file down anyways, because according to the script the credentials come from "Database, iAS, OCS, EM, E-Business Suite, PeopleSoft and JD Edwards." There are some credentials that look specific to those organizations, like CARRIECONYERS/CARRIECONYERS, DAVIDMORGAN/DAVIDMORGAN, and KELLYJONES/KELLYJONES. There are others that might be people's initials. This is like how we filter out "rockyou" from the RockYou password list because it's not suitable for general password guessing.
Sounds reasonable, although I must admit that I myself won't be able to distinguish what belongs where. Maybe we should start reasonably small with the most common ones e.g. sys/change_on_install, system/manager etc. and build from there? Please advice on how to proceed with this. Should I remove the list for now?
David Fifield
-- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] oracle-brute Patrik Karlsson (Sep 05)
- Re: [NSE] oracle-brute David Fifield (Sep 05)
- Re: [NSE] oracle-brute Patrik Karlsson (Sep 05)
- Re: [NSE] oracle-brute A. Ramos (Sep 06)
- Re: [NSE] oracle-brute Patrik Karlsson (Sep 06)
- Re: [NSE] oracle-brute Fyodor (Sep 08)
- Re: [NSE] oracle-brute Patrik Karlsson (Sep 05)
- Re: [NSE] oracle-brute David Fifield (Sep 05)