Call: +44 (0)1904 557620 Call
Forum

Welcome, Guest. Please Login.
May 25th, 2024, 11:48pm
News: If you would like to register contact the forum admin
Home | Help | Search | Members | Login
   Pete Finnigan's Oracle Security Forum
   Oracle Security
   Oracle Security tools
(Moderator: Pete Finnigan)
   Can the orabf tool only used on windows oracle?
« Previous topic | Next topic »
Pages: 1  Reply | Notify of replies | Send Topic | Print
   Author  Topic: Can the orabf tool only used on windows oracle?  (Read 10745 times)
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Can the orabf tool only used on windows oracle?
« on: May 9th, 2006, 4:28pm »
Quote | Modify

Hello,
 
I recently attended Pete's 'Many ways to become a DBA' lecture in Manchester. I've been investigating how secure our oracle databases are, but could only get the orabf to work on a local windows database.
Is this the case?
 
Regards
Steve
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Can the orabf tool only used on windows oracle
« Reply #1 on: May 10th, 2006, 12:30pm »
Quote | Modify

Hi Steve,
 
orabf is a windows program but it does not connect to the database so the passwords can be checked for any database. Simply download the username and hash using sqlplus to the PC where orabf is running and run orabfscript against the file: as follows:
 
Run the following sql script in sqlplus:
 
set head off
set feed off
set verify off
set trimspool on
set lines 80
set pages 0
spool use.lis
select password||':'||username
from dba_users
/
spool off
exit
 
The output will be like:
 
D4C5016086B2DC6A:SYS
D4DF7931AB130E37:SYSTEM
E066D214D5421CCCCheesyBSNMP
F0F618353AB0DC1F:ROBH
6493620470348CF2:SCOTT
2E3EA470A4CA2D94ShockedRAPROBE
31CD64AA64620E8E:B
2A6EC3E5F234DF52:T1
AFCC9478DFBF9029:A
6093FBFF054AE8C2:T2
D51B77DC60C29C66:XX
9165C8DFE7B99E6E:CCC
4040619819A9C76ETongueETE
4A3BA55E08595C81ShockedUTLN
7C9BA362F8314299:WMSYS
7EFA02EC7EA6B86FShockedRDSYS
88A2B2C183431F00ShockedRDPLUGINS
72979A94BAD2AF80:MDSYS
71E687F036AD56E5:CTXSYS
E6A6FA4BB042E3C2:QS_ES
24ACF617DD7D8F2F:QS_WS
8B09C6075BDF2DC4:QS
991CDDAD5C5C32CA:QS_ADM
9793B3777CD3BD1A:SH
72E382A52E89575ATongueM
9C30855E7E0CB02DShockedE
6399F3B38EDF3288:HR
E7B5D92911C831E1:RMAN
91A00922D8C0F146:QS_CS
CF9CFACF5AE24964:QS_CB
7C632AFB71F8D305:QS_CBADM
FF09F3EB14AE5C26:QS_OS
88D8364765FCE6AF:XDB
69ED49EE1851900D:WKSYS
B97545C4DD2ABE54:WKPROXY
C252E8FA117AF049ShockedDM
A7A32CD03D3CE8D5ShockedDM_MTR
3FB8EF9DB538647CShockedLAPSYS
 
I spooled this to a list file called use.lis
 
the run orabfscript against this as follows:
 
D:\Peter.Finnigan\oracle_audit\demos>orabfscript use.lis default.txt
 
orabfscript v0.12, (C)2004 orm@toolcrypt.org
--------------------------------------------
SYS:CHANGE_ON_INSTALL
SYSTEM:MANAGER
DBSNMPCheesyBSNMP
ROBH:ROBH
ORAPROBEShockedRAPROBE
T1:T1
A:A
T2:T2
XX:XX
PETETongueETE
OUTLNShockedUTLN
WMSYS:WMSYS
ORDSYSShockedRDSYS
ORDPLUGINSShockedRDPLUGINS
MDSYS:MDSYS
CTXSYS:CHANGE_ON_INSTALL
QS_ES:CHANGE_ON_INSTALL
QS_WS:CHANGE_ON_INSTALL
QS:CHANGE_ON_INSTALL
QS_ADM:CHANGE_ON_INSTALL
SH:CHANGE_ON_INSTALL
PM:CHANGE_ON_INSTALL
OE:CHANGE_ON_INSTALL
HR:CHANGE_ON_INSTALL
RMAN:RMAN
QS_CS:CHANGE_ON_INSTALL
QS_CB:CHANGE_ON_INSTALL
QS_CBADM:CHANGE_ON_INSTALL
QS_OS:CHANGE_ON_INSTALL
XDB:CHANGE_ON_INSTALL
WKSYS:CHANGE_ON_INSTALL
WKPROXY:CHANGE_ON_INSTALL
ODMShockedDM
ODM_MTR:MTRPW
OLAPSYS:MANAGER
 
D:\Peter.Finnigan\oracle_audit\demos>
 
This is with 0.7.4, the latest version works the same.
 
hth
 
cheers
 
Pete
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Can the orabf tool only used on windows oracle
« Reply #2 on: May 11th, 2006, 11:39am »
Quote | Modify

Thanks Pete.
 
I'm using V0.7.5 and the  
orabfscript use.lis default.txt  
comes back immediately with nothing.
Any ideas on why this might be the case?
 
I'm now trying a  
orabf 03E781783C158211:GOLF -c 3
(Changed  for security)
to crack an application user password that my predecessor didn't pass on to me. This seems to be working, but taking forever - probably down in some part to lack of horsepower in my PC
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Can the orabf tool only used on windows oracle
« Reply #3 on: May 11th, 2006, 4:54pm »
Quote | Modify

Hi Steve,
 
in version 0.7.5 you need -c [file] as follows:
 
<code>
D:\Peter.Finnigan\oracle_audit\orabf>orabfscript use.lis -c default.txt
 
orabfscript v0.2 (for orabf v0.7.5+), (C)2006 orm@toolcrypt.org
---------------------------------------------------------------
SYS:CHANGE_ON_INSTALL
SYSTEM:MANAGER
DBSNMPCheesyBSNMP
ROBH:ROBH
ORAPROBEShockedRAPROBE
T1:T1
A:A
T2:T2
XX:XX
PETETongueETE
OUTLNShockedUTLN
WMSYS:WMSYS
ORDSYSShockedRDSYS
ORDPLUGINSShockedRDPLUGINS
MDSYS:MDSYS
CTXSYS:CHANGE_ON_INSTALL
QS_ES:CHANGE_ON_INSTALL
QS_WS:CHANGE_ON_INSTALL
QS:CHANGE_ON_INSTALL
QS_ADM:CHANGE_ON_INSTALL
SH:CHANGE_ON_INSTALL
PM:CHANGE_ON_INSTALL
OE:CHANGE_ON_INSTALL
HR:CHANGE_ON_INSTALL
RMAN:RMAN
QS_CS:CHANGE_ON_INSTALL
QS_CB:CHANGE_ON_INSTALL
QS_CBADM:CHANGE_ON_INSTALL
QS_OS:CHANGE_ON_INSTALL
XDB:CHANGE_ON_INSTALL
WKSYS:CHANGE_ON_INSTALL
WKPROXY:CHANGE_ON_INSTALL
ODMShockedDM
ODM_MTR:MTRPW
OLAPSYS:MANAGER
 
D:\Peter.Finnigan\oracle_audit\orabf>
</code>
 
Your brute force attack is probably taking a long time because the password is long. Try using -m [max pwd len] as well
 
cheers
 
Pete
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pages: 1  Reply | Notify of replies | Send Topic | Print

« Previous topic | Next topic »

Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright 2000-2004 Yet another Bulletin Board
  • PFCLScan PFCLScan

    Simply connect PFCLScan to your Oracle database and it will automatically discover the security issues that could make your Oracle database vulnerable to attack and to the potential loss of your data.

  • PFCL Obfuscate PFCLObfuscate

    PFCLObfuscate is the only tool available that can automatically add license controls to your PL/SQL code. PFCLObfuscate protects your Intellectual Property invested in your PL/SQL database code.

  • PFCLCode PFCLCode

    PFCLCode is a tool to allow you to analyse your PL/SQL code for many different types of security issues. PFCLCode gives you a detailed review and reports and includes a powerful colour syntax highlighting code editor

  • PFCLForensics PFCLForensics

    PFCLForensics is the only tool available to allow you to do a detailed live response of a breached Oracle database and to then go on and do a detailed forensic analysis of the data gathered.

  • Products We resell PFCLReselling

    PeteFinnigan.com Limited has partnered with a small number of relevant companies to resell their products where they enhance or compliment what we do

  • PFCLATK PFCLATK

    PFCLATK is a toolkit that allows detailed pre-defined policy driven audit trails for your Oracle database. The toolkit also provides for a centralised audit trail and centralised activity reporting

  • PFCLCookie PFCLCookie

    PFCLCookie is a useful tool to use to audit your websites for tracking cookies. Scan websites in a natural way using powerful browser driven scanner

  • PFCL Training PFCLTraining

    PFCLTraining is a set of expert training classes for you, aimed at teaching how to audit your own Oracle database, design audit trails, secure code in PL/SQL and secure and lock down your Oracle database.

  • PFCL Services PFCLServices

    Choose PFCLServices to add PeteFinnigan.com Ltd to your team for your Oracle Security needs. We are experts in performing detailed security audits, data security design work and policy creation

  • PFCLConsulting PFCLConsulting

    Choose PFCLConsulting to ask PeteFinnigan.com Limited to set up and use our products on your behalf

  • PFCLCustom PFCLCustom

    All of our software products can be customised at a number of levels. Choose this to see how our products can be part of your products and services

  • PFCLCloud PFCLCloud

    Private cloud, public cloud, hybrid cloud or no cloud. Learn how all of our services, trainings and products will work in the cloud

  • PFCLUserRights PFCLUserRights

    PFCLUserRights allows you to create a very detailed view of database users rights. The focus of the reports is to allow you to decide what privileges and accounts to keep and which to remove.

  • PFCLSTK PFCLSTK

    PFCLSTK is a toolkit application that allows you to provide database security easily to an existing database. PFCLSTK is a policy driven toolkit of PL/SQL that creates your security

  • PFCLSFTK PFCLSFTK

    PFCLSFTK is a toolkit that solves the problem of securing third party applications written in PL/SQL. It does this by creating a thin layer between the application and database and this traps SQL Injection attempts. This is a static firewall.

  • PFCLSEO PFCLSEO

    PFCLSEO is a web scanner based on the PFCLScan technology so that a user can easily scan a website for technical SEO issues