New version of cain with support for 11g passwords
Dieser Eintrag stammt von Alexander Kornbrust Am 14 Dez 2008 @ 13:20 In passwords, 11g, Oracle Security | Keine Kommentare
2 weeks ago, Massimiliano Montoro aka Mao, released a new version of Cain & Abel.
Here some of the new features of [1] Cain & Abel v4.9.25:
- Oracle 11g (case sensitive) Password Extractor via ODBC.
- Added Oracle 11g Password Cracker (Dictionary and Brute-Force Attacks).
- Added support for Oracle TNS 11g (AES-192) in Oracle TNS Hashes Password Cracker.
- Added support for Oracle TNS 11g (AES-192) in Oracle TNS sniffer filter.
- Experimental SQL Query tool via ODBC.
The AES implementation of Cain is slower than the implementation of [2] GSAuditor (6,172,839 vs 2,654,719 on a 2.4 GHz C2D E4600) but 2.6 Million passwords per second (via brute force) is still quite fast.
Massimilano wrote also 3 interesting whitepapers about the TNS authentication based on [3] László Tóth work. Instead of using the oran10.dll/oran11.dll Mao is using the OpenSSL library:
[4] Oracle 9i TNS 3DES authentication details
[5] Oracle 10g TNS AES-128 authentication details
[6] Oracle 11g TNS AES-192 authentication details
Dieser Artikel wurde ausgedruckt ab Alexander Kornbrust Oracle Security Blog: http://blog.red-database-security.com
URL zum Artikel: http://blog.red-database-security.com/2008/12/14/new-version-of-cain-with-support-for-11g-passwords/
URLs in this post:
[1] Cain & Abel v4.9.25: http://www.oxid.it/downloads/ca_setup.exe
[2] GSAuditor: http://blog.red-database-security.com/2008/12/07/gsauditor-fastest-oracle-11g-pa
ssword-cracker-afaik/
[3] László Tóth work: http://soonerorlater.hu/index.khtml?article_id=511
[4] Oracle 9i TNS 3DES authentication details : http://www.oxid.it/downloads/oracle_tns_3des_check.txt
[5] Oracle 10g TNS AES-128 authentication details: http://www.oxid.it/downloads/oracle_tns_aes128_check.txt
[6] Oracle 11g TNS AES-192 authentication details: http://www.oxid.it/downloads/oracle_tns_aes192_check.txt
Klicken hier zum Drucken.