[Previous entry: "PeteFinnigan.com Limited Advisory for the Oracle Jan 2008 CPU"] [Next entry: "Oracle database exploits available for January 2008 CPU fixes"]
A new version of woraauthbf - The Oracle password cracker is released
February 1st, 2008 by Pete
Post to del.icio.us
Post to Furl
Today Laszlo has released a new version of his Oracle password cracker woraauthbf. The latest version includes a number of new features and also some bug fixes. The version 0.21 features and fixes taken straight from the release.txt file are:
Main errors
-----------
* It calculated the possible number of password in the bf mode as
26^6 instead of 26+26^2+26^3 ... etc. It checked less than the
possible number of passwords.
* There was a problem in the bin to hex conversation function. It
caused problems with certain hashes and affected the authentication
functions. It did not affect the hash function.
* There were some problems in the concurrent data access in the
authentication functions. It was found when more than three threads
were running.
Features
--------
* Test the user names and permutations of the user names as password
* If there is a default.txt it loads and checks it as the list of default
passwords. The included default.txt was generated from the site
www.petefinnigan.com.
The binary version of woraauthbf is available here for Windows and the source code of woraauthbf is available here.
