Pete Finnigan's Oracle Security Forum (http://www.petefinnigan.com/forum/yabb/YaBB.cgi)
Database Security >> Database Security >> Database Security issue
(Message started by: Pete Finnigan on Jun 7th, 2007, 8:12pm)

Title: Database Security issue
Post by Pete Finnigan on Jun 7th, 2007, 8:12pm
Hi

We need to find a Unix command which will scan all unix files and let us

know which file is holding Database system password in encrypted format.


Title: Re: Database Security issue
Post by Pete Finnigan on Jun 8th, 2007, 10:04am
hi Helana,

You would need to know in advance which encrypted format you are searching for. if we assume that you know this then its possible. If you dont know then the problem is not possible to solve as you dont know what you are looking for.

if you know you are searching for the SYSTEM users password as a database hash then you can do the following:

Assume SYSTEM password is MANAGER and hash is


Code:
SQL> select username,password
 2  from dba_users
 3  where username='SYSTEM';

USERNAME                       PASSWORD
------------------------------ ------------------------
SYSTEM                         D4DF7931AB130E37

SQL>


Then use


Code:
# find / -name "*" -print | while read x
>do
> echo "file is $x";
> egrep -i  D4DF7931AB130E37 $x >>/tmp/pass.lis 2>/dev/null
>done


this should search all files and grep for the system password hash. If you want to search for the clear text password then substitute  D4DF7931AB130E37 with MANAGER. If you want to search for another encrypted format then substitute that known string.

I have not tested this, its from memory as I dont have a Unix system here to try it on, but i am sure its correct.

cheers

Pete
>

Title: Re: Database Security issue
Post by Pete Finnigan on Jun 8th, 2007, 10:29am
Helena, Pete,

The same as Pete but simplier (I hope):



find / -type f -print|xargs -i grep -il D4DF7931AB130E37 {} >>/tmp/pass.lis 2>/dev/null


regards,

Ivan

Title: Re: Database Security issue
Post by Pete Finnigan on Jun 8th, 2007, 1:33pm
Thanks for your reply Ivan. I know this solution also but decided on the loop approach as it is simpler to understand.

cheers

Pete

Title: Re: Database Security issue
Post by Pete Finnigan on Jun 11th, 2007, 4:19pm
Hi

What if we need to search for a text string in files?


Title: Re: Database Security issue
Post by Pete Finnigan on Jun 11th, 2007, 5:02pm
Hi Helena,

you mean "some string i want to search for"?

if so simply add the string enclosed in double quotes where i showed the hash

cheers

Pete



Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright © 2000-2004 Yet another Bulletin Board