From: Rodrigo Montoro (Sp0oKeR) (spooker@gmail.com)
Date: Sat Jan 26 2008 - 07:41:03 EST
If it's Oracle 11g try
vonjeek/THC is proud to release thc-orakelcrackert11g, the firstpublicly available full blown cracker for Oracle 11g. This tool cancrack passwords which are stored using the latest SHA1 based passwordhashing algorithm. To speed up cracking, the tool exploits a weaknessin the Oracle password storage strategy. Therfore, cracking - for mostpasswords - is still just as fast as it was before the introduction ofOralce 11g.
http://freeworld.thc.org/thc-orakelcrackert11g/
Regards,
Rodrigo Montoro (Sp0oKeR)
On 25 Jan 2008 08:25:31 -0000, <ahgaber_rehan@yahoo.com> wrote:>> Hi All ,>> i am auditing Oracle DB , i have requested the DBA to extract all Password has in text file, i have the list, any body have a tool which can import the file and verify the hash against my dictionary ?>> i have cain , but i couldn't find the option to import the list of passwords, it's done 1 by 1>>> regards,>>>>>> ------------------------------------------------------------------------> This list is sponsored by: Cenzic>> Need to secure your web apps NOW?> Cenzic finds more, "real" vulnerabilities fast.> Click to try it, buy it or download a solution FREE today!>> http://www.cenzic.com/downloads> ------------------------------------------------------------------------>>
-- ========================= Rodrigo Ribeiro Montoro Analista de Segurança SnortCP / RHCE / LPIC-I http://spookerlabs.multiply.com=========================
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:22 EDT