THC released the password cracker “OrakelCrackert” for Oracle 11g

Van Hauser from THC told me today that vonjeek/THC from released a password cracker for Oracle 11g on the THC website called OrakelCrackert. OrakelCrackert checks approx. 400.000 passwords/second on my 2 GHz Core2Duo and has a similar speed as checkpwd 2.0 (which will be released next week).

In this blog entry I mentioned that OrakelCrackert comes with the dictionary file from checkpwd. This is not true and I really apologize for this wrong accusation. In the case of OrakelCrackert I was looking for my lastname which is really unusual (not part of a normal dictionary)

But the other sidguessing tools (sidguesser, ora-getsid, coss) took my list of Oracle SIDs. “Taking” such collections without giving credentials is not unusual. The tools for guessing SIDs (e.g. . sidguesser from Cqure or ora-getsid from NGS Software) for example are taking the SID list I composed via Google Hacking, manual editing, …. without mentioning my work.

As a consequence of this wrong accusation of vonJeek I recreated the dictionary file for checkpwd 2.0 and I will document where I took the passwords from. This will become another blog entry.

Dieser Eintrag wurde am 2 Okt 2007 um 19:15 verfasst und befindet sich in Oracle Security. Sie können alle Antworten zu diesem Eintrag über den Feed RSS 2.0 mitverfolgen. Hinterlassen Sie eine Antwort oder einen Trackback-Link zu Ihrer eigenen Homepage.