[Previous entry: "David Litchfield announces Open Software Database forensics toolkit"] [Next entry: "Valid node checking as a simple free firewall for the database"]
Another new paper on Oracle password cracking
June 4th, 2007 by Pete
Post to del.icio.us
Post to Furl
Alex has posted today about a new tool from THC in a post titled "Oracle password sniffer THC Orakel". As Alex points out there are a few mistakes in the paper. The most glaring is that the SANS paper by Josh Wright and Carlos Cid did not reveal the Oracle password algorithm first. The first release was in 1993 in a paper by Bob Baldwin the original author. The proper algorithm was released on August 11th by a poster to comp.databases.oracle.server and then a whole swath of C based tools appeared. In terms of sniffing AUTH_SESSION and AUTH_PASSWORD and attacking the password this has also been shown a number of times by Laszlo Toth, David Litchfield and more. The papers by Laszlo are the most interesting as he doesnt stop at release 8i and Java drivers. Also Laszlo and David show how to downgrade a session in their papers. The first person (probably) was Ian Redfern to document the authentication protocol in a long since disapeared paper. There is a copy on Paul Wrights site though.
There are also some great tools with the paper - OrakleCrypt and OrakleSniffert and a Java Oracle client. Download the zip and you get the paper as well. Have a look!
