Penetration Testing mailing list archives
Re: Oracle AUTH_PASSWORD string
From: David Cravshaw <david.cravshaw () gmail com>
Date: Thu, 1 Dec 2005 09:24:25 -0600
The Oracle Security Handbook by Oracle Press has a good section on the TNS protocol, including a step-by-step overview of the logon process. Basically, to answer your question, AUTH_PASSWORD is DES encrypted using a random number that is sent by the database to the client in the AUTH_SESSKEY string. AUTH_SESSKEY is also DES encrypted with the user's password hash. What this means is that you won't be able to determine the password simply by sniffing the traffic. Here's a basic dataflow: User passes a username to the database Database response by sending a challenge created by DES encrypting a random number with the user's password hash. (Decrypt the challenge with the password hash to determine the random number...) The client then sends the password, which has been DES encrypted using the random number as the key. dpc On 12/1/05, P. Entester <pentest__ () hotmail com> wrote:
Hello gentlemen, I am looking for pointers on information showing me how to decypher AUTH_PASSWORD strings, which look like some kind of hash to me. The rest of the traffic is clear text however, including the SQL queries and answers. I captured a few megs of Oracle traffic and want to be able to show the customer the importance of encrypting Oracle traffic on their network. Since i am new to pentesting Oracle databases and analyzing Oracle traffic, i guess some basic guide on Oracle dialog interpretatino would best fit the purpose. Thanks in advance, Peter. _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar - get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Oracle AUTH_PASSWORD string P. Entester (Dec 01)
- Re: Oracle AUTH_PASSWORD string David Cravshaw (Dec 01)
- Re: Oracle AUTH_PASSWORD string Joshua Wright (Dec 01)
- Re: Oracle AUTH_PASSWORD string Byron Sonne (Dec 01)