- 11g (8)
- Allgemein (27)
- checkpwd (4)
- CPUApril2009 (2)
- CPUJan2009 (3)
- CPUJul2009 (2)
- CPUOct2009 (3)
- David Litchfield (7)
- Exploit (20)
- Forensics (4)
- Oracle Security (79)
- passwords (7)
- SAP (1)
- Security (18)
- Sentrigo (5)
- software (8)
- source code audit (5)
- SQL Injection (23)
- Tools (19)
- Trainings (2)
- Tutorial (2)
- 25 Feb 2010: 2 new ways to create error messages
- 24 Feb 2010: How to Prevent a User Granted the ALTER USER Privilege From Changing SYS/SYSTEM password and how to bypass it
- 23 Feb 2010: New Repscan 3.0 is available
- 22 Feb 2010: Really good whitepaper about "Hacking Oracle from the Web"
- 15 Feb 2010: Interesting Article about SQL Injection in Oracle by Mike Smithers
- 5 Feb 2010: Oracle Blackhat video removed from Website
- 4 Feb 2010: Oracle 11g 0day exploit published
- 30 Jan 2010: Selling stolen bank data to the government for 2.5 Million EUR?
- 6 Dez 2009: Dennis Yurichev wrote an article about his FPGA Oracle password cracker
- 29 Nov 2009: IGHASHGPU - Cracking Oracle Passwords with 790 Million Passwords/second
Oracle Security
Other Blogs
SQL Injection
Trainings
- Februar 2010
- Januar 2010
- Dezember 2009
- November 2009
- Oktober 2009
- September 2009
- August 2009
- Juli 2009
- Mai 2009
- April 2009
- März 2009
- Februar 2009
- Januar 2009
- Dezember 2008
- November 2008
- Oktober 2008
- August 2008
- Juli 2008
- Mai 2008
- April 2008
- März 2008
- Februar 2008
- Januar 2008
- Dezember 2007
- November 2007
- Oktober 2007
- September 2007
- August 2007
- Juli 2007
- Juni 2007
- Mai 2007
New version of cain with support for 11g passwords
2 weeks ago, Massimiliano Montoro aka Mao, released a new version of Cain & Abel.
Here some of the new features of Cain & Abel v4.9.25:
- Oracle 11g (case sensitive) Password Extractor via ODBC.
- Added Oracle 11g Password Cracker (Dictionary and Brute-Force Attacks).
- Added support for Oracle TNS 11g (AES-192) in Oracle TNS Hashes Password Cracker.
- Added support for Oracle TNS 11g (AES-192) in Oracle TNS sniffer filter.
- Experimental SQL Query tool via ODBC.
The AES implementation of Cain is slower than the implementation of GSAuditor (6,172,839 vs 2,654,719 on a 2.4 GHz C2D E4600) but 2.6 Million passwords per second (via brute force) is still quite fast.
Massimilano wrote also 3 interesting whitepapers about the TNS authentication based on László Tóth work. Instead of using the oran10.dll/oran11.dll Mao is using the OpenSSL library:
Oracle 9i TNS 3DES authentication details
Oracle 10g TNS AES-128 authentication details
Oracle 11g TNS AES-192 authentication details
Antwort schreiben
Sie müssen als angemeldet sein, um einen Kommentar schreiben zu können.