Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Script suggestion - oracle

From: Martin Holst Swende <martin () swende se>
Date: Fri, 28 Sep 2012 10:59:14 +0200
I took a look at this
http://marcel.vandewaters.nl/oracle/security/cryptographic-flaws-in-oracle-database-authentication-protocol   

Then checked tns.lua. Patrik has implemented TNS far enough it seems,
there is implementation support for enumerating users and getting the
salt (auth["AUTH_VFR_DATA"] ) and session key.

As I interpret the info given above and in the comments on
http://threatpost.com/en_us/blogs/flaw-oracle-logon-protocol-leads-easy-password-cracking-092012?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular
), it seems like the session key is encrypted with SHA1(salt+pw), and it
is possible to determine whether the decryption is correct or not, and
thereby determine what the password is.

More info about this will probably be released soon, would be solid
script to add to NSE. Since enumeration is already implemented, a script
could just get all users and their passwords in one go. That's pretty
awesome.

Cheers,
Martin


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: