Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Oracle password cracker

From: "Rodrigo Montoro (Sp0oKeR)" <spooker () gmail com>
Date: Sat, 26 Jan 2008 10:41:03 -0200
If it's Oracle 11g try

vonjeek/THC is proud to release thc-orakelcrackert11g, the first
publicly available full blown cracker for Oracle 11g. This tool can
crack passwords which are stored using the latest SHA1 based password
hashing algorithm. To speed up cracking, the tool exploits a weakness
in the Oracle password storage strategy. Therfore, cracking - for most
passwords - is still just as fast as it was before the introduction of
Oralce 11g.

http://freeworld.thc.org/thc-orakelcrackert11g/


Regards,

Rodrigo Montoro (Sp0oKeR)

On 25 Jan 2008 08:25:31 -0000,  <ahgaber_rehan () yahoo com> wrote:


Hi All ,

i am auditing Oracle DB , i have requested the DBA to extract all Password has in text file, i have the list, any 
body have a tool which can import the file and verify the hash against my dictionary ?

i have cain , but i couldn't  find the option to import the list of passwords, it's done 1 by 1


regards,





------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------






-- 
=========================
     Rodrigo Ribeiro Montoro
      Analista de Segurança
    SnortCP / RHCE / LPIC-I
 http://spookerlabs.multiply.com
=========================
Previous By Date Next
Previous By Thread Next

Current thread: