THC released the password cracker „OrakelCrackert“ for Oracle 11g

Van Hauser from THC told me today that vonjeek/THC from released a password cracker for Oracle 11g on the THC website called OrakelCrackert. OrakelCrackert checks approx. 400.000 passwords/second on my 2 GHz Core2Duo and has a similar speed as checkpwd 2.0 (which will be released next week).

THC Orakelcrackert 1.00

In this blog entry I mentioned that OrakelCrackert comes with the dictionary file from checkpwd. This is not true and I really apologize for this wrong accusation. In the case of OrakelCrackert I was looking for my lastname which is really unusual (not part of a normal dictionary)

But the other sidguessing tools (sidguesser, ora-getsid, coss) took my list of Oracle SIDs. „Taking“ such collections without giving credentials is not unusual. The tools for guessing SIDs (e.g. . sidguesser from Cqure or ora-getsid from NGS Software) for example are taking the SID list I composed via Google Hacking, manual editing, …. without mentioning my work.

As a consequence of this wrong accusation of vonJeek I recreated the dictionary file for checkpwd 2.0 and I will document where I took the passwords from. This will become another blog entry.

Leave a Reply

You must be logged in to post a comment.