- 11g (12)
- Allgemein (29)
- David Litchfield (7)
- Exploit (23)
- Forensics (7)
- Oracle Security (105)
- passwords (8)
- Repscan (1)
- Security (22)
- Sentrigo (5)
- software (9)
- source code audit (5)
- SQL Injection (24)
- Tools (24)
- Trainings (3)
- Tutorial (2)
- 18 Nov 2011: DOAG 2011 Presentation "Best of Oracle Security 2011"
- 15 Okt 2011: Oracle Critical Patch Update Pre-Release Announcement - October 2011
- 17 Sep 2011: Disable Auditing and running OS commands using oradebug
- 13 Apr 2011: Blackhat Training "HACKING AND SECURING ORACLE (2 days) "
- 2 Apr 2011: Oracle Database 11.2 Express Edition Beta comes with weak default password
- 23 Mrz 2011: McAfee acquires Sentrigo
- 12 Okt 2010: TDE decrypt utilities and TDE/Password flash demo
- 22 Sep 2010: Marcell published "Writing your own password cracker" presentation
- 21 Sep 2010: Laszlo's presentation "Oracle Post Exploitation Techniques" and Marcel's Sybase ASE Password Cracker
- 10 Sep 2010: Update of "Project Lockdown" released
Oracle Security
SQL Injection
- November 2011
- Oktober 2011
- September 2011
- April 2011
- März 2011
- Oktober 2010
- September 2010
- August 2010
- April 2010
- März 2010
- Februar 2010
- Januar 2010
- Dezember 2009
- November 2009
- Oktober 2009
- September 2009
- August 2009
- Juli 2009
- Mai 2009
- April 2009
- März 2009
- Februar 2009
- Januar 2009
- Dezember 2008
- November 2008
- Oktober 2008
- August 2008
- Juli 2008
- Mai 2008
- April 2008
- März 2008
- Februar 2008
- Januar 2008
- Dezember 2007
- November 2007
- Oktober 2007
- September 2007
- August 2007
- Juli 2007
- Juni 2007
- Mai 2007
Oracle Password Algorithm 11g - PoC Code
Oracle 11g is using a new password algorithm based on SHA-1 and finally supports case-sensitive passwords. Our partner, Recurity Labs GmbH (formerly known as S*bre Labs GmbH), did an analysis of the algorithm for us. A really great blog entry about their process of research could be found here.
Thorsten Schröder from Recurity Labs GmbH wrote a small python script as a PoC. The updated version of checkpwd 2.0 with support for Oracle 11g will be released on monday. On monday we will also release some performance numbers with a benchmark 10g vs 11g.
—
#!python
# “PoC” Oracle 11g Database password-hash cracker
# This program uses the password hash value “spare4″ from the internal
# oracle user-database and a list of passwords via stdin to calculate a new
# hash value of the plaintext password. The new generated hash value is subsequently
# compared against the hash-value from sys.user, the internal oracle user-database.
# Author: Thorsten Schroeder <ths “theAthing” recurity-labs.com>
# Berlin, 19. Sep. 2007
# TODO:
# cut passwords at length 30
import hashlib
import binascii
import sys
def main():
if( len(sys.argv[1]) != 60 ):
usage()
sys.exit(1)
try:
oraHash = sys.argv[1]
oraSalt = oraHash[40:60]
oraSha1 = oraHash[:40]
oraSha1 = oraSha1.upper()
print “[+] using salt: 0x%s” % oraSalt
print “[+] using hash: 0x%s” % oraSha1
for passwd in sys.stdin:
passwd = passwd.rstrip()
#print “[*] trying password “%s”” % passwd
s = hashlib.sha1()
s.update(passwd)
s.update(binascii.a2b_hex(oraSalt))
if( s.hexdigest().upper() == oraSha1 ):
print “[*] MATCH! -> %s” % passwd
sys.exit(0)
except Exception, e:
print “[!] Error: “, e
usage()
raise
sys.exit(0)
def usage():
print “[+] usage: ./ora11gPWCrack.py <hex-value> < wordlist.txt”
return
if __name__ == ‘__main__’:
main()
—
Antwort schreiben
Sie müssen als angemeldet sein, um einen Kommentar schreiben zu können.