Pete Finnigan's Oracle Security Forum (http://www.petefinnigan.com/forum/yabb/YaBB.cgi)
Oracle Security >> Oracle Security tools >> Can the orabf tool only used on windows oracle?
(Message started by: Pete Finnigan on May 9th, 2006, 4:28pm)

Title: Can the orabf tool only used on windows oracle?
Post by Pete Finnigan on May 9th, 2006, 4:28pm
Hello,

I recently attended Pete's 'Many ways to become a DBA' lecture in Manchester. I've been investigating how secure our oracle databases are, but could only get the orabf to work on a local windows database.
Is this the case?

Regards
Steve

Title: Re: Can the orabf tool only used on windows oracle
Post by Pete Finnigan on May 10th, 2006, 12:30pm
Hi Steve,

orabf is a windows program but it does not connect to the database so the passwords can be checked for any database. Simply download the username and hash using sqlplus to the PC where orabf is running and run orabfscript against the file: as follows:

Run the following sql script in sqlplus:

set head off
set feed off
set verify off
set trimspool on
set lines 80
set pages 0
spool use.lis
select password||':'||username
from dba_users
/
spool off
exit

The output will be like:

D4C5016086B2DC6A:SYS
D4DF7931AB130E37:SYSTEM
E066D214D5421CCC:DBSNMP
F0F618353AB0DC1F:ROBH
6493620470348CF2:SCOTT
2E3EA470A4CA2D94:ORAPROBE
31CD64AA64620E8E:B
2A6EC3E5F234DF52:T1
AFCC9478DFBF9029:A
6093FBFF054AE8C2:T2
D51B77DC60C29C66:XX
9165C8DFE7B99E6E:CCC
4040619819A9C76E:PETE
4A3BA55E08595C81:OUTLN
7C9BA362F8314299:WMSYS
7EFA02EC7EA6B86F:ORDSYS
88A2B2C183431F00:ORDPLUGINS
72979A94BAD2AF80:MDSYS
71E687F036AD56E5:CTXSYS
E6A6FA4BB042E3C2:QS_ES
24ACF617DD7D8F2F:QS_WS
8B09C6075BDF2DC4:QS
991CDDAD5C5C32CA:QS_ADM
9793B3777CD3BD1A:SH
72E382A52E89575A:PM
9C30855E7E0CB02D:OE
6399F3B38EDF3288:HR
E7B5D92911C831E1:RMAN
91A00922D8C0F146:QS_CS
CF9CFACF5AE24964:QS_CB
7C632AFB71F8D305:QS_CBADM
FF09F3EB14AE5C26:QS_OS
88D8364765FCE6AF:XDB
69ED49EE1851900D:WKSYS
B97545C4DD2ABE54:WKPROXY
C252E8FA117AF049:ODM
A7A32CD03D3CE8D5:ODM_MTR
3FB8EF9DB538647C:OLAPSYS

I spooled this to a list file called use.lis

the run orabfscript against this as follows:

D:\Peter.Finnigan\oracle_audit\demos>orabfscript use.lis default.txt

orabfscript v0.12, (C)2004 orm@toolcrypt.org
--------------------------------------------
SYS:CHANGE_ON_INSTALL
SYSTEM:MANAGER
DBSNMP:DBSNMP
ROBH:ROBH
ORAPROBE:ORAPROBE
T1:T1
A:A
T2:T2
XX:XX
PETE:PETE
OUTLN:OUTLN
WMSYS:WMSYS
ORDSYS:ORDSYS
ORDPLUGINS:ORDPLUGINS
MDSYS:MDSYS
CTXSYS:CHANGE_ON_INSTALL
QS_ES:CHANGE_ON_INSTALL
QS_WS:CHANGE_ON_INSTALL
QS:CHANGE_ON_INSTALL
QS_ADM:CHANGE_ON_INSTALL
SH:CHANGE_ON_INSTALL
PM:CHANGE_ON_INSTALL
OE:CHANGE_ON_INSTALL
HR:CHANGE_ON_INSTALL
RMAN:RMAN
QS_CS:CHANGE_ON_INSTALL
QS_CB:CHANGE_ON_INSTALL
QS_CBADM:CHANGE_ON_INSTALL
QS_OS:CHANGE_ON_INSTALL
XDB:CHANGE_ON_INSTALL
WKSYS:CHANGE_ON_INSTALL
WKPROXY:CHANGE_ON_INSTALL
ODM:ODM
ODM_MTR:MTRPW
OLAPSYS:MANAGER

D:\Peter.Finnigan\oracle_audit\demos>

This is with 0.7.4, the latest version works the same.

hth

cheers

Pete

Title: Re: Can the orabf tool only used on windows oracle
Post by Pete Finnigan on May 11th, 2006, 11:39am
Thanks Pete.

I'm using V0.7.5 and the
orabfscript use.lis default.txt
comes back immediately with nothing.
Any ideas on why this might be the case?

I'm now trying a
orabf 03E781783C158211:GOLF -c 3
(Changed  for security)
to crack an application user password that my predecessor didn't pass on to me. This seems to be working, but taking forever - probably down in some part to lack of horsepower in my PC

Title: Re: Can the orabf tool only used on windows oracle
Post by Pete Finnigan on May 11th, 2006, 4:54pm
Hi Steve,

in version 0.7.5 you need -c [file] as follows:

<code>
D:\Peter.Finnigan\oracle_audit\orabf>orabfscript use.lis -c default.txt

orabfscript v0.2 (for orabf v0.7.5+), (C)2006 orm@toolcrypt.org
---------------------------------------------------------------
SYS:CHANGE_ON_INSTALL
SYSTEM:MANAGER
DBSNMP:DBSNMP
ROBH:ROBH
ORAPROBE:ORAPROBE
T1:T1
A:A
T2:T2
XX:XX
PETE:PETE
OUTLN:OUTLN
WMSYS:WMSYS
ORDSYS:ORDSYS
ORDPLUGINS:ORDPLUGINS
MDSYS:MDSYS
CTXSYS:CHANGE_ON_INSTALL
QS_ES:CHANGE_ON_INSTALL
QS_WS:CHANGE_ON_INSTALL
QS:CHANGE_ON_INSTALL
QS_ADM:CHANGE_ON_INSTALL
SH:CHANGE_ON_INSTALL
PM:CHANGE_ON_INSTALL
OE:CHANGE_ON_INSTALL
HR:CHANGE_ON_INSTALL
RMAN:RMAN
QS_CS:CHANGE_ON_INSTALL
QS_CB:CHANGE_ON_INSTALL
QS_CBADM:CHANGE_ON_INSTALL
QS_OS:CHANGE_ON_INSTALL
XDB:CHANGE_ON_INSTALL
WKSYS:CHANGE_ON_INSTALL
WKPROXY:CHANGE_ON_INSTALL
ODM:ODM
ODM_MTR:MTRPW
OLAPSYS:MANAGER

D:\Peter.Finnigan\oracle_audit\orabf>
</code>

Your brute force attack is probably taking a long time because the password is long. Try using -m [max pwd len] as well

cheers

Pete



Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright 2000-2004 Yet another Bulletin Board