GSAuditor - Fastest Oracle 11g password cracker (AFAIK)
Dieser Eintrag stammt von Alexander Kornbrust Am 7 Dez 2008 @ 16:36 In Tools, passwords, Oracle Security | 1 Kommentar
Danny boy from [1] evilfingers.com informed me that his tool [2] gsauditor now supports Oracle 11g passwords (+ many other variants of SHA-1). GSAuditor is really fast and with more than 6 million password hashes per second (Core2Quad Q6600 2.4 GHz, Vista 64) it’s currently the fastest Oracle 11g password cracker I know. At the moment GSAuditor is not supporting multiple threads but Danny boy is working on it. The number will increase by 4 (=more than 20 mill hashes/second).
To extract the password hashes from Oracle 11g you can use the following SQL query to retrieve the Oracle password hash + salt from the table sys.user$:
SQL> set linesize 120
SQL> select ‘gsauditor -binary -set:?d -append -salt:’||substr(u.spare4,43,20)||”||substr(u.spare4,3,40)||’ ‘ from sys.user$ u where u.type#>0 and length(spare4) =62;
Dieser Artikel wurde ausgedruckt ab Alexander Kornbrust Oracle Security Blog: http://blog.red-database-security.com
URL zum Artikel: http://blog.red-database-security.com/2008/12/07/gsauditor-fastest-oracle-11g-password-cracker-afaik/
URLs in this post:
[1] evilfingers.com: http://www.evilfingers.com
[2] gsauditor: http://www.evilfingers.com/tools/GSAuditor.php
Klicken hier zum Drucken.