Sie befinden sich in den Archiven der Kategorie 11g.
| M | D | M | D | F | S | S |
|---|---|---|---|---|---|---|
| « Mai | ||||||
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 | 31 | |||
- 10.2.0.4 (1)
- 11g (3)
- Allgemein (10)
- checkpwd (4)
- CPUApr2008 (3)
- CPUJan2008 (2)
- CPUJul2007 (3)
- CPUOct2007 (1)
- Database Vault (1)
- David Litchfield (4)
- Exploit (4)
- Forensics (3)
- Inguma (2)
- MacOS (1)
- Mary Ann (1)
- Oracle (2)
- Oracle Security (45)
- passwords (3)
- Podcast (1)
- rootkits (1)
- Security (9)
- Security Book (1)
- Sentrigo (1)
- software (2)
- Source Code Analysis (1)
- source code audit (3)
- SQL Injection (4)
- Trainings (1)
- 8 Mai 2008: Checkpwd 1.23 for MacOS Intel native released
- 16 Apr 2008: Oracle CPU April 2008 - Update
- 15 Apr 2008: Oracle Critical Patch Update April 2008 is out
- 11 Apr 2008: Looking Glass and Oracle 11g
- 11 Apr 2008: Oracle Critical Patch Update Pre-Release Announcement - April 2008
- 4 Mrz 2008: We proudly present: Anna Marie Kornbrust
- 4 Mrz 2008: Corba Exploit for VisiBroker published
- 25 Feb 2008: Oracle Patchset 10.2.0.4 is out
- 31 Jan 2008: First exploits for CPUJan2008 published
- 15 Jan 2008: Oracle Patch CPU January 2008 is out...
Archiv der Kategorie 11g
Looking Glass and Oracle 11g
11 Apr 2008 von Alexander Kornbrust.
Yesterday I read an article about Apple Quicktime and LookingGlass. I downloaded the free tool from the website of errata security.
Here are the results from a test with Oracle 11.1.0.6 on Windows. I have scanned the Oracle Home and the tool found 518 Oracle files with dangerous functions like strcpy, sprintf, sscanf, strcat, …
The Oracle executable (oracle.exe) for example is using wsprintfA, strncpy, sprintf, sscanf, _vsnprintf, _snprintf, vprintf, strncat, strtok, strlen, strcpy, strcat.
Geschrieben in 11g | 1 Kommentar »
Oracle Password Cracker Benchmarks
9 Okt 2007 von Alexander Kornbrust.
Today Laszlo released his password cracker woraauthbf for Oracle, the fastest windows tool for cracking Oracle passwords (supports the new and old password hash format plus cracking the authentication attack).
On his webpage Laszlo has a small benchmark comparing the 3 leading password Oracle crackers checkpwd, orabf and woraauthbf. According to Laszlo’s benchmark checkpwd 1.22 is the slowest cracker (but only out of these 3).
I was surprised that checkpwd was so slow comparing to the benchmarks I did on my systems. The reason for this is bad result was the way how Laszlo performed the tests.
Laszlo was testing only 1 password hash. The implementation of reading of the dictionary file is slow that’s why this affects the entire result of checkpwd. In the real world you are normally testing many password hashes and not only 1 hash
That’s why I run a benchmark how long it takes to crack 40 hashes (instead of 1 hash) with the new checkpwd 2.0 which supports reading passwords hashes from a text file (to get rid of the file reading overhead). I run the tests on my 2 GHz Core2Duo.
woraauthbf 0.2 1.103.773 pw/s (Laszlo: 515114 pw/s)
checkpwd 2.0 637.263 pw/s (Laszlo: 193.168 pw/s)
orabf 0.76 400.000 pw/s (Laszlo: 311.994 pw/s)
Checkpwd 2.0 was nearly 2 times faster in this benchmark (just by cracking 40 instead of 1 password (637.263 vs 309.057)).
In checkpwd 2.0 we will focus on intelligent password cracking instead of pure power but we are still interested to improve the speed of checkpwd.
Here some new features of checkpwd 2 (released next week)
* cracking APEX passwords
* support for Oracle 11g
* support for Oracle Password History
* intelligent password collector
* many new options
* …
Geschrieben in 11g, checkpwd, Security, Oracle Security | Keine Kommentare »
Oracle Password Algorithm 11g - PoC Code
21 Sep 2007 von Alexander Kornbrust.
Oracle 11g is using a new password algorithm based on SHA-1 and finally supports case-sensitive passwords. Our partner, Recurity Labs GmbH (formerly known as S*bre Labs GmbH), did an analysis of the algorithm for us. A really great blog entry about their process of research could be found here.
Thorsten Schröder from Recurity Labs GmbH wrote a small python script as a PoC. The updated version of checkpwd 2.0 with support for Oracle 11g will be released on monday. On monday we will also release some performance numbers with a benchmark 10g vs 11g.
—
#!python
# “PoC” Oracle 11g Database password-hash cracker
# This program uses the password hash value “spare4″ from the internal
# oracle user-database and a list of passwords via stdin to calculate a new
# hash value of the plaintext password. The new generated hash value is subsequently
# compared against the hash-value from sys.user, the internal oracle user-database.
# Author: Thorsten Schroeder <ths “theAthing” recurity-labs.com>
# Berlin, 19. Sep. 2007
# TODO:
# cut passwords at length 30
import hashlib
import binascii
import sys
def main():
if( len(sys.argv[1]) != 60 ):
usage()
sys.exit(1)
try:
oraHash = sys.argv[1]
oraSalt = oraHash[40:60]
oraSha1 = oraHash[:40]
oraSha1 = oraSha1.upper()
print “[+] using salt: 0x%s” % oraSalt
print “[+] using hash: 0x%s” % oraSha1
for passwd in sys.stdin:
passwd = passwd.rstrip()
#print “[*] trying password “%s”” % passwd
s = hashlib.sha1()
s.update(passwd)
s.update(binascii.a2b_hex(oraSalt))
if( s.hexdigest().upper() == oraSha1 ):
print “[*] MATCH! -> %s” % passwd
sys.exit(0)
except Exception, e:
print “[!] Error: “, e
usage()
raise
sys.exit(0)
def usage():
print “[+] usage: ./ora11gPWCrack.py <hex-value> < wordlist.txt”
return
if __name__ == ‘__main__’:
main()
—
Geschrieben in 11g, checkpwd, Oracle Security | Keine Kommentare »