Auditing an Oracle database for security issues is very important. PeteFinnigan.com provides all of the information and tools that you will need Click here for details of PeteFinnigan.com Limited's detailed Oracle database security audit service Click here for details of PeteFinnigan.com Limited's Oracle Security Training Courses
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Welcome, Guest. Please Login.
Nov 19th, 2017, 4:29am
News: If you would like to register contact the forum admin
Home | Help | Search | Members | Login
   Pete Finnigan's Oracle Security Forum
   Oracle Security
   Oracle Security tools
(Moderator: Pete Finnigan)
   Can the orabf tool only used on windows oracle?
« Previous topic | Next topic »
Pages: 1  Reply | Notify of replies | Send Topic | Print
   Author  Topic: Can the orabf tool only used on windows oracle?  (Read 6838 times)
StephenGiles
PeteFinnigan.com Newbie
*



I love YaBB 1G - SP1!

   
View Profile | WWW |

Gender: male
Posts: 2
Can the orabf tool only used on windows oracle?
« on: May 9th, 2006, 4:28pm »
Quote | Modify

Hello,
 
I recently attended Pete's 'Many ways to become a DBA' lecture in Manchester. I've been investigating how secure our oracle databases are, but could only get the orabf to work on a local windows database.
Is this the case?
 
Regards
Steve
IP Logged
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Can the orabf tool only used on windows oracle
« Reply #1 on: May 10th, 2006, 12:30pm »
Quote | Modify

Hi Steve,
 
orabf is a windows program but it does not connect to the database so the passwords can be checked for any database. Simply download the username and hash using sqlplus to the PC where orabf is running and run orabfscript against the file: as follows:
 
Run the following sql script in sqlplus:
 
set head off
set feed off
set verify off
set trimspool on
set lines 80
set pages 0
spool use.lis
select password||':'||username
from dba_users
/
spool off
exit
 
The output will be like:
 
D4C5016086B2DC6A:SYS
D4DF7931AB130E37:SYSTEM
E066D214D5421CCCCheesyBSNMP
F0F618353AB0DC1F:ROBH
6493620470348CF2:SCOTT
2E3EA470A4CA2D94ShockedRAPROBE
31CD64AA64620E8E:B
2A6EC3E5F234DF52:T1
AFCC9478DFBF9029:A
6093FBFF054AE8C2:T2
D51B77DC60C29C66:XX
9165C8DFE7B99E6E:CCC
4040619819A9C76ETongueETE
4A3BA55E08595C81ShockedUTLN
7C9BA362F8314299:WMSYS
7EFA02EC7EA6B86FShockedRDSYS
88A2B2C183431F00ShockedRDPLUGINS
72979A94BAD2AF80:MDSYS
71E687F036AD56E5:CTXSYS
E6A6FA4BB042E3C2:QS_ES
24ACF617DD7D8F2F:QS_WS
8B09C6075BDF2DC4:QS
991CDDAD5C5C32CA:QS_ADM
9793B3777CD3BD1A:SH
72E382A52E89575ATongueM
9C30855E7E0CB02DShockedE
6399F3B38EDF3288:HR
E7B5D92911C831E1:RMAN
91A00922D8C0F146:QS_CS
CF9CFACF5AE24964:QS_CB
7C632AFB71F8D305:QS_CBADM
FF09F3EB14AE5C26:QS_OS
88D8364765FCE6AF:XDB
69ED49EE1851900D:WKSYS
B97545C4DD2ABE54:WKPROXY
C252E8FA117AF049ShockedDM
A7A32CD03D3CE8D5ShockedDM_MTR
3FB8EF9DB538647CShockedLAPSYS
 
I spooled this to a list file called use.lis
 
the run orabfscript against this as follows:
 
D:\Peter.Finnigan\oracle_audit\demos>orabfscript use.lis default.txt
 
orabfscript v0.12, (C)2004 orm@toolcrypt.org
--------------------------------------------
SYS:CHANGE_ON_INSTALL
SYSTEM:MANAGER
DBSNMPCheesyBSNMP
ROBH:ROBH
ORAPROBEShockedRAPROBE
T1:T1
A:A
T2:T2
XX:XX
PETETongueETE
OUTLNShockedUTLN
WMSYS:WMSYS
ORDSYSShockedRDSYS
ORDPLUGINSShockedRDPLUGINS
MDSYS:MDSYS
CTXSYS:CHANGE_ON_INSTALL
QS_ES:CHANGE_ON_INSTALL
QS_WS:CHANGE_ON_INSTALL
QS:CHANGE_ON_INSTALL
QS_ADM:CHANGE_ON_INSTALL
SH:CHANGE_ON_INSTALL
PM:CHANGE_ON_INSTALL
OE:CHANGE_ON_INSTALL
HR:CHANGE_ON_INSTALL
RMAN:RMAN
QS_CS:CHANGE_ON_INSTALL
QS_CB:CHANGE_ON_INSTALL
QS_CBADM:CHANGE_ON_INSTALL
QS_OS:CHANGE_ON_INSTALL
XDB:CHANGE_ON_INSTALL
WKSYS:CHANGE_ON_INSTALL
WKPROXY:CHANGE_ON_INSTALL
ODMShockedDM
ODM_MTR:MTRPW
OLAPSYS:MANAGER
 
D:\Peter.Finnigan\oracle_audit\demos>
 
This is with 0.7.4, the latest version works the same.
 
hth
 
cheers
 
Pete
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
StephenGiles
PeteFinnigan.com Newbie
*



I love YaBB 1G - SP1!

   
View Profile | WWW |

Gender: male
Posts: 2
Re: Can the orabf tool only used on windows oracle
« Reply #2 on: May 11th, 2006, 11:39am »
Quote | Modify

Thanks Pete.
 
I'm using V0.7.5 and the  
orabfscript use.lis default.txt  
comes back immediately with nothing.
Any ideas on why this might be the case?
 
I'm now trying a  
orabf 03E781783C158211:GOLF -c 3
(Changed  for security)
to crack an application user password that my predecessor didn't pass on to me. This seems to be working, but taking forever - probably down in some part to lack of horsepower in my PC
IP Logged
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Can the orabf tool only used on windows oracle
« Reply #3 on: May 11th, 2006, 4:54pm »
Quote | Modify

Hi Steve,
 
in version 0.7.5 you need -c [file] as follows:
 
<code>
D:\Peter.Finnigan\oracle_audit\orabf>orabfscript use.lis -c default.txt
 
orabfscript v0.2 (for orabf v0.7.5+), (C)2006 orm@toolcrypt.org
---------------------------------------------------------------
SYS:CHANGE_ON_INSTALL
SYSTEM:MANAGER
DBSNMPCheesyBSNMP
ROBH:ROBH
ORAPROBEShockedRAPROBE
T1:T1
A:A
T2:T2
XX:XX
PETETongueETE
OUTLNShockedUTLN
WMSYS:WMSYS
ORDSYSShockedRDSYS
ORDPLUGINSShockedRDPLUGINS
MDSYS:MDSYS
CTXSYS:CHANGE_ON_INSTALL
QS_ES:CHANGE_ON_INSTALL
QS_WS:CHANGE_ON_INSTALL
QS:CHANGE_ON_INSTALL
QS_ADM:CHANGE_ON_INSTALL
SH:CHANGE_ON_INSTALL
PM:CHANGE_ON_INSTALL
OE:CHANGE_ON_INSTALL
HR:CHANGE_ON_INSTALL
RMAN:RMAN
QS_CS:CHANGE_ON_INSTALL
QS_CB:CHANGE_ON_INSTALL
QS_CBADM:CHANGE_ON_INSTALL
QS_OS:CHANGE_ON_INSTALL
XDB:CHANGE_ON_INSTALL
WKSYS:CHANGE_ON_INSTALL
WKPROXY:CHANGE_ON_INSTALL
ODMShockedDM
ODM_MTR:MTRPW
OLAPSYS:MANAGER
 
D:\Peter.Finnigan\oracle_audit\orabf>
</code>
 
Your brute force attack is probably taking a long time because the password is long. Try using -m [max pwd len] as well
 
cheers
 
Pete
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pages: 1  Reply | Notify of replies | Send Topic | Print

« Previous topic | Next topic »

Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright 2000-2004 Yet another Bulletin Board