Penetration Testing mailing list archives
Re: [PEN-TEST] Oracle USER$ password hashes
From: Michael Owen <mowen () COSTCO COM>
Date: Thu, 9 Nov 2000 16:44:36 -0800
- is there really a salt (just install two users with the same PW)
Yes. I created 10 users with the same PW, and all had different hashes.
- some more plain-text/ciphertext pairs. maybe some special sequences (e.g. aaaaaaaa, a) would also help.
8.0.6.0.0 on NT test/a 79473350AEFA57BA test/aa 54B38F33DBB95A76 test/aaa C3CD0C66DB7BB26B test/aaaa 0D1CAAFFA9E4A70B test/aaaaa 647057B4ADF59BDD test/aaaaaa F5D8DD3BD46C6E23 test/aaaaaaa FABE1F6F12698EE4 test/aaaaaaaa 7D7ED42E865A4A31
With this data some more research could be done. The other method would be the disassembling of the cryptocode in the Oracle program (which I'm not really eager to do).
Neither am I, which is why I'm posting this so someone else can do the work :) In January I might have time to take a look into it if anyone still has an interest in it. Mike ---------------------------------- Michael Owen Costco Wholesale Network Security (425) 313-2957
Current thread:
- Re: [PEN-TEST] Oracle USER$ password hashes, (continued)
- Re: [PEN-TEST] Oracle USER$ password hashes Stefan Aeschbacher (Nov 10)
- Re: [PEN-TEST] Oracle USER$ password hashes Edwards, Steve (Nov 10)
- Re: [PEN-TEST] Oracle USER$ password hashes Stefan Aeschbacher (Nov 11)
- Re: [PEN-TEST] Oracle USER$ password hashes Edwards, Steve (Nov 11)
- Re: [PEN-TEST] Oracle USER$ password hashes John Lauro (Nov 11)
- Re: [PEN-TEST] Oracle USER$ password hashes Pete Krawczyk (Nov 11)
- Re: [PEN-TEST] Oracle USER$ password hashes (Summary) Dragos Ruiu (Nov 16)
- Re: [PEN-TEST] Oracle USER$ password hashes (Summary) Stefan Aeschbacher (Nov 17)
- Re: [PEN-TEST] Oracle USER$ password hashes Wolfgang Zenker (Nov 11)