Penetration Testing mailing list archives

Re: Oracle hash rainbowtables

From: Fabien Kraemer <kraemer () darwin2 dyndns org>
Date: Fri, 03 Feb 2006 11:16:27 +0100

Hello,

The problem is that Oracle hash depend on the login name. So you have togenerate rainbow table for each login. A good idea is to createrainbow table for the defaults system account like : sys, system etc...

I made a patch for rainbowcrack but i did not have time to optimize itso it s pretty slow: 300 000 C/s on a pentium M 1.6 ghz compared to morethan 600 000 c/s for orabf.


Good luck ;)


Carl-Johan Bostorp wrote:

Hello peeps,

Does anybody have the patch to rainbowcrack to build Oracle
rainbowtables? Or does anybody know of any service that does what
rainbowcrack-online does but with a SYS/SYSTEM Oracle-hash?

/C-J

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:Hackers are concentrating their efforts on attacking applications on yourwebsite. Up to 75% of cyber attacks are launched on shopping carts, forms,login pages, dynamic content etc. Firewalls, SSL and locked-down servers arefutile against web application hacking. Check your website for vulnerabilitiesto SQL injection, Cross site scripting and other web attacks before hackers do!Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



------------------------------------------------------------------------------

Audit your website security with Acunetix Web Vulnerability Scanner:Hackers are concentrating their efforts on attacking applications on yourwebsite. Up to 75% of cyber attacks are launched on shopping carts, forms,login pages, dynamic content etc. Firewalls, SSL and locked-down servers arefutile against web application hacking. Check your website for vulnerabilitiesto SQL injection, Cross site scripting and other web attacks before hackers do!Download Trial at:


http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

Oracle hash rainbowtables Carl-Johan Bostorp (Feb 02)
- Re: Oracle hash rainbowtables Fabien Kraemer (Feb 03)
- Re: Oracle hash rainbowtables jdurick (Feb 07)
- <Possible follow-ups>
- RE: Oracle hash rainbowtables Sulaiman, Wilmar (Feb 05)
- Re: Oracle hash rainbowtables Carl-Johan Bostorp (Feb 05)