THC released the password cracker “OrakelCrackert” for Oracle 11g
Dieser Eintrag stammt von Alexander Kornbrust Am 2 Okt 2007 @ 19:15 In Oracle Security | 3 Kommentare
Van Hauser from THC told me today that vonjeek/THC from released a password cracker for Oracle 11g on the [1] THC website called OrakelCrackert. [2] OrakelCrackert checks approx. 400.000 passwords/second on my 2 GHz Core2Duo and has a similar speed as checkpwd 2.0 (which will be released next week).
[3] 
In this blog entry I mentioned that OrakelCrackert comes with the dictionary file from checkpwd. This is not true and I really apologize for this wrong accusation. In the case of OrakelCrackert I was looking for my lastname which is really unusual (not part of a normal dictionary)
But the other sidguessing tools (sidguesser, ora-getsid, coss) took my list of Oracle SIDs. “Taking” such collections without giving credentials is not unusual. The tools for guessing SIDs (e.g. . [4] sidguesser from Cqure or [5] ora-getsid from NGS Software) for example are taking the SID list I composed via Google Hacking, manual editing, …. without mentioning my work.
As a consequence of this wrong accusation of vonJeek I recreated the dictionary file for checkpwd 2.0 and I will document where I took the passwords from. This will become another blog entry.
Dieser Artikel wurde ausgedruckt ab Alexander Kornbrust Oracle Security Blog: http://blog.red-database-security.com
URL zum Artikel: http://blog.red-database-security.com/2007/10/02/thc-released-the-password-cracker-orakelcrackert-for-oracle-11g/
URLs in this post:
[1] THC: http://www.thc.org
[2] OrakelCrackert: http://freeworld.thc.org/thc-orakelcrackert11g/
[3] Image: http://www.red-database-security.com/pictures/orakelcrackert.jpg
[4] sidguesser: http://www.cqure.net/wp/?page_id=41
[5] ora-getsid: http://www.databasesecurity.com/dbsec/OAK.zip
Klicken hier zum Drucken.