[Previous entry: "Two new blogs on Oracle internals"] [Next entry: "October Critical Patch Update 2008 is out"]
October 13th, 2008 by Pete
Post to del.icio.us
Post to Furl
I have ammended the PL/SQL Oracle password cracker to provide the option to only print out "WEAK" instead of the actual cracked password. The cracker is now version 1.4 and can be downloaded from the same page. The switch to turn on WEAK output is near the top of the code. Locate the line (near the top of the code):
And edit it to show:
When run after the change the cracker is now safe for situations where the passwords should not be revealed, e.g. Sox and German environments. A sample run with this turned on is shown here:
SQL> @cracker-v2.0.sql
cracker: Release 1.0.4.0.0 - Beta on Mon Oct 13 17:53:08 2008
Copyright (c) 2008 PeteFinnigan.com Limited. All rights reserved.
T Username Password CR FL STA
=======================================================
U "SYS" [WEAK ] DI CR OP
U "SYSTEM" [WEAK ] DI CR OP
U "OUTLN" [WEAK ] DE CR EL
U "DIP" [WEAK ] DE CR EL
U "TSMSYS" [WEAK ] PU CR EL
U "ORACLE_OCM" [WEAK ] PU CR EL
U "XDB" [WEAK ] DE CR EL
R "GLOBAL_AQ_USER_ROLE [GL-EX {GLOBAL} ] GE CR OP
U "DBSNMP" [WEAK ] DI CR OP
U "WMSYS" [WEAK ] DE CR EL
U "EXFSYS" [WEAK ] DE CR EL
U "CTXSYS" [WEAK ] DE CR EL
U "XS$NULL" [ ] -- -- EL
U "ANONYMOUS" [IMP {anonymous} ] IM CR EL
R "SPATIAL_WFS_ADMIN" [WEAK ] PU CR OP
U "ORDSYS" [WEAK ] DE CR EL
U "ORDPLUGINS" [WEAK ] DE CR EL
U "SI_INFORMTN_SCHEMA" [WEAK ] DE CR EL
U "MDSYS" [WEAK ] DE CR EL
U "OLAPSYS" [ ] -- -- EL
U "MDDATA" [WEAK ] DE CR EL
U "HR" [WEAK ] DE CR EL
U "SPATIAL_WFS_ADMIN_U [WEAK ] PU CR EL
R "WFS_USR_ROLE" [WEAK ] PU CR OP
R "SPATIAL_CSW_ADMIN" [WEAK ] PU CR OP
U "SPATIAL_CSW_ADMIN_U [WEAK ] PU CR EL
R "CSW_USR_ROLE" [WEAK ] PU CR OP
U "WKSYS" [WEAK ] DE CR EL
U "WKPROXY" [WEAK ] DE CR EL
U "WK_TEST" [WEAK ] DE CR EL
U "SYSMAN" [WEAK ] DI CR OP
U "MGMT_VIEW" [ ] -- -- OP
U "FLOWS_FILES" [ ] -- -- EL
U "APEX_PUBLIC_USER" [ ] -- -- EL
U "FLOWS_030000" [ ] -- -- EL
U "OWBSYS" [WEAK ] PU CR EL
R "OWB$CLIENT" [WEAK ] BF CR OP
R "OWB_DESIGNCENTER_VI [WEAK ] BF CR OP
U "SCOTT" [WEAK ] DE CR EG
U "AB" [WEAK ] PU CR OP
U "OE" [WEAK ] DE CR EL
U "IX" [WEAK ] DE CR EL
U "SH" [WEAK ] DE CR EL
U "PM" [WEAK ] DE CR EL
U "BI" [WEAK ] DE CR EL
U "PETE" [WEAK ] DE CR OP
U "BILL" [WEAK ] PU CR OP
U "A" [WEAK ] PU CR OP
U "B" [WEAK ] PU CR OP
U "C" [WEAK ] PU CR OP
U "RES_TEST" [WEAK ] PU CR OP
U "XX" [WEAK ] DI CR OP
U "ORASCAN" [WEAK ] PU CR OP
U "IMPOSS" [IMP {imposs123456789] IM CR OP
U "D" [ ] -- -- OP
U "P1" [WEAK ] PU CR OP
U "P2" [WEAK ] PU CR OP
INFO: Number of crack attempts = [4330017]
INFO: Elapsed time = [332.47 Seconds]
INFO: Cracks per second = [13020]
PL/SQL procedure successfully completed.
SQL>
|
The default is for the cracker to reveal passwords, so if you would like to run it in an environment where passwords should not be revealed then make the simple change above and run it.
I have quite a few more changes planned for the cracker, watch the
Oracle database cracker download page for updates and new features to be added soon.
