Re: Oracle hash rainbowtables

From: Carl-Johan Bostorp (carl-johan.bostorp@hps.se)
Date: Fri Feb 03 2006 - 07:23:04 EST

• Next message: Doug Fox: "Identification of a Mail Server"
• Previous message: Pete Herzog: "Re: Getting a Machines Uptime Remotely"
• Maybe in reply to: Carl-Johan Bostorp: "Oracle hash rainbowtables"
• Next in thread: jdurick: "Re: Oracle hash rainbowtables"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

Yes, I realize it depends on the login name, which is why I asked for SYS/SYSTEM :)

Even though your patch may be slow, it's of interest to me. Do you mind posting it? (either directly to me or publicly)

/C-J

P.s. I'm still interested in breaking a couple of hashes right away so if anybody already has the tables setup...?

-----Ursprungligt meddelande-----
Från: Fabien Kraemer [mailto:kraemer@darwin2.dyndns.org]
Skickat: den 3 februari 2006 11:16
Till: Carl-Johan Bostorp
Kopia: pen-test@securityfocus.com
Ämne: Re: Oracle hash rainbowtables

Hello,

The problem is that Oracle hash depend on the login name. So you have to
  generate rainbow table for each login. A good idea is to create rainbow table for the defaults system account like : sys, system etc...

I made a patch for rainbowcrack but i did not have time to optimize it so it s pretty slow: 300 000 C/s on a pentium M 1.6 ghz compared to more than 600 000 c/s for orabf.

Good luck ;)

Carl-Johan Bostorp wrote:
> Hello peeps,
>
> Does anybody have the patch to rainbowcrack to build Oracle
> rainbowtables? Or does anybody know of any service that does what
> rainbowcrack-online does but with a SYS/SYSTEM Oracle-hash?
>
> /C-J
>
> ----------------------------------------------------------------------
> -------- Audit your website security with Acunetix Web Vulnerability
> Scanner:
>
> Hackers are concentrating their efforts on attacking applications on
> your website. Up to 75% of cyber attacks are launched on shopping
> carts, forms, login pages, dynamic content etc. Firewalls, SSL and
> locked-down servers are futile against web application hacking. Check
> your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> ----------------------------------------------------------------------
> ---------

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Doug Fox: "Identification of a Mail Server"
• Previous message: Pete Herzog: "Re: Getting a Machines Uptime Remotely"
• Maybe in reply to: Carl-Johan Bostorp: "Oracle hash rainbowtables"
• Next in thread: jdurick: "Re: Oracle hash rainbowtables"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:26 EDT