« Solaris mostrar los dispositivos en los bus PCI | Main | wardialing tools »

Cracking de passwords de oracle


Rehan,

On Fri, 25 Jan 2008, ahgaber_rehan@yahoo.com wrote:

> Hi All , i am auditing Oracle DB , i have requested the DBA to extract
> all Password has in text file, i have the list, any body have a tool
> which can import the file and verify the hash against my dictionary ? i
> have cain , but i couldn’t find the option to import the list of
> passwords, it’s done 1 by 1

Here's a list of Oracle offline password cracking tools:

- bob the butcher (http://btb.banquise.net/)
- hashattack (http://802.11ninja.net/code/hashattack-0.2.0.tgz)
- orabf (http://www.toolcrypt.org/index.html?orabf)
- pass_cracker (http://www.trantechnologies.com/pass_cracker.zip)

I personally use Alexander Kornbrust's excellent checkpwd, in conjuction
with a small helper script i made:

http://www.0xdeadbeef.info/code/oracrack
http://www.red-database-security.com/software/checkpwd.html

You can easily edit your password list to make it fit the format required
by the script (an awk/sed one-liner should be enough;).

Other useful miscellaneous information about Oracle auditing:

http://seclists.org/pen-test/2007/May/0096.html
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
http://freeworld.thc.org/thc-orakel/
http://www.milw0rm.com/related.php?program=Oracle

Cheers,

--
Marco Ivaldi, OPST

Posted on Enero 30, 2008 11:37 PM |

Search


About

This page contains a single entry from the blog posted on Enero 30, 2008 11:37 PM.

The previous post in this blog was Solaris mostrar los dispositivos en los bus PCI.

The next post in this blog is wardialing tools.

Many more can be found on the main index page or by looking through the archives.

rss
unsec dot net