Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: HOWTO: Crack Oracle Security like a peanut?

From: Fabien Kraemer <fabien.kraemer () gmail com>
Date: Thu, 25 Aug 2005 14:23:39 +0200
Now i need a beer ;)

On 8/25/05, Simon Marechal <simon () lab b-care net> wrote:

Jeroen wrote:

I can reproduce the things mentioned for user/pass-combinations sized 64
bits. For larger combinations (> 64 bits ---> 2 or more 64 bits DES blocks)
I can't figure out yet how things work. Have some of you guys 'n girls
already played around with this description? And are you willing to share
results?

Thanks,

Jeroen


AFAIK, it works this way:
* usernames and password are concatenated in a string s
* s is converted to unicode
* it is encrypted using des ncbc mode, with key 0x123456789abcdef, and
initialization vector 0
* the same string is encrypted again using the updated initialization
vector as a key, with another null initialization vector
* the updated initialization vector is the hash

Attached is the corresponding john plugin. It is somehow like the mscash
plugin in the sense that it uses usernames, that means it wont work
properly out of the box, manual tweaking is required. Bob the Butcher
will provide this cipher by default when it ships.

At least it is way better than those SQL password checking scripts.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: