Infos
Sie befinden sich aktuell in den Alexander Kornbrust Oracle Security Blog Blog-Archiven für den folgenden Tag 4 Jun 2007.
Calendar
Kategorien
- 11g (11)
- Allgemein (29)
- David Litchfield (7)
- Exploit (21)
- Forensics (5)
- Oracle Security (95)
- passwords (8)
- Repscan (1)
- Security (21)
- Sentrigo (5)
- software (9)
- source code audit (5)
- SQL Injection (24)
- Tools (24)
- Trainings (2)
- Tutorial (2)
Letzte Einträge
- 5 Aug 2010: Oracle Presentations from Blackhat 2010 Las Vegas are online
- 18 Apr 2010: Blackhat 2010 Presentation "Oracle, Interrupted: Stealing Sessions and Credentials" online
- 15 Apr 2010: New fast Oracle DES password cracker OPS_SSE2
- 14 Apr 2010: Oracle 11g R2 client trojan warning from Antivir
- 13 Apr 2010: Python Source for PLSQL Unwrapper posted
- 13 Apr 2010: Oracle CPU April 2010 is out
- 13 Apr 2010: Improve Oracle TDE with Intel AES-NI
- 12 Apr 2010: Man-in-the-Middle attacks at upcoming Black Hat Europe
- 9 Apr 2010: Oracle CPU April 2010 - Prerelease
- 8 Apr 2010: Cool Web Application Scanner: Netsparker Community Edition
Links
Oracle Security
SQL Injection
Archive
- August 2010
- April 2010
- März 2010
- Februar 2010
- Januar 2010
- Dezember 2009
- November 2009
- Oktober 2009
- September 2009
- August 2009
- Juli 2009
- Mai 2009
- April 2009
- März 2009
- Februar 2009
- Januar 2009
- Dezember 2008
- November 2008
- Oktober 2008
- August 2008
- Juli 2008
- Mai 2008
- April 2008
- März 2008
- Februar 2008
- Januar 2008
- Dezember 2007
- November 2007
- Oktober 2007
- September 2007
- August 2007
- Juli 2007
- Juni 2007
- Mai 2007
Archive für 4 Jun 2007
Oracle Password Sniffer THC Orakel
4 Jun 2007 von Alexander Kornbrust.
Last week VonJeek from the hacker group THC posted a nice tool and whitepaper about Oracle Password Security. VonJeek describes how to attack the Oracle password from sniffed network traffic (USERNAME, SESSION_ENCRYPTED and PASSWORD_ENCRYPTED).
At the moment the THC website is not available. http://www.thc.org/thc-orakel/
[...]
THC presents a crypto paper analyzing the database authentication mechansim used by oracle. THC further releases practical tools to sniff and crack the password of an oracle database within seconds.
[...]
It is a nice paper and THC-Orakel is a nice tool, even if some of the statements in the paper are not correct (e.g. page 10: "a password must start with a character" no it can also start with a number or page 13: "The cracking of Oracle passwords entered a new era after publication of the Oracle password hashing algorithm on 18 October 2005 by the SANS institute" - JoshWright from SANS only collected public available information like the Oracle Password algorithm and created a summary paper. The Oracle password algorithm and oracle password tools like checkpwd were available since years, e.g. here).
Geschrieben in Oracle Security | Drucken | Keine Kommentare »
|