Penetration Testing mailing list archives
Re: Oracle password cracker
From: "Rodrigo Montoro (Sp0oKeR)" <spooker () gmail com>
Date: Sat, 26 Jan 2008 10:41:03 -0200
If it's Oracle 11g try vonjeek/THC is proud to release thc-orakelcrackert11g, the first publicly available full blown cracker for Oracle 11g. This tool can crack passwords which are stored using the latest SHA1 based password hashing algorithm. To speed up cracking, the tool exploits a weakness in the Oracle password storage strategy. Therfore, cracking - for most passwords - is still just as fast as it was before the introduction of Oralce 11g. http://freeworld.thc.org/thc-orakelcrackert11g/ Regards, Rodrigo Montoro (Sp0oKeR) On 25 Jan 2008 08:25:31 -0000, <ahgaber_rehan () yahoo com> wrote:
Hi All , i am auditing Oracle DB , i have requested the DBA to extract all Password has in text file, i have the list, any body have a tool which can import the file and verify the hash against my dictionary ? i have cain , but i couldn't find the option to import the list of passwords, it's done 1 by 1 regards, ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
-- ========================= Rodrigo Ribeiro Montoro Analista de Segurança SnortCP / RHCE / LPIC-I http://spookerlabs.multiply.com =========================
Current thread:
- Oracle password cracker ahgaber_rehan (Jan 25)
- Re: Oracle password cracker Ti (Jan 28)
- Re: Oracle password cracker Rory McCune (Jan 28)
- Re: Oracle password cracker Rodrigo Montoro (Sp0oKeR) (Jan 28)
- Re: Oracle password cracker Marco Ivaldi (Jan 28)
- RE: Oracle password cracker Wozny, Scott (Jan 28)
- <Possible follow-ups>
- Re: Oracle password cracker techlists (Jan 29)