Auditing an Oracle database for security issues is very important. PeteFinnigan.com provides all of the information and tools that you will need Click here for details of PeteFinnigan.com Limited's detailed Oracle database security audit service Click here for details of PeteFinnigan.com Limited's Oracle Security Training Courses
There are 46 visitors online    
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Pete Finnigan's Oracle security weblog


Home » Archives » November 2008 » Permissions required to run my PL/SQL Oracle password cracker

[Previous entry: "A new exploit to bypass Oracle Database Vault has been released"] [Next entry: "Oracle forensics paper - part 7 and an Oracle datablock dump tool"]

Permissions required to run my PL/SQL Oracle password cracker

November 26th, 2008 by Pete


There was a question posted to my Oracle Security forum a week or so ago but i only got round to posting an answer the other day due to travelling a lot recently. The poster had an issue running my Oracle database password cracker that is written in PL/SQL. The issue was easy to solve and was related to privileges of the user in the database being used to run the cracker.

As I want this tool be used by DBA's and security people alike to get as many databases passwords strengthened across the globe we need to make it as transparent ti run as possible. This is why its written in PL/SQL so that it can simply be run as a script in SQL*Plus, no excuses.

I thought its worthwhile posting here the minimum privileges necessary to run the cracker. These are simple:


  • CREATE SESSION

  • SELECT ON SYS.USER$



Here is an example session creating a user called CRACKER and granting these privileges and then running the cracker:




SQL> connect sys/oracle1 as sysdba
Connected.
SQL> create user cracker identified by cracker;

User created.

SQL> grant create session to cracker;

Grant succeeded.

SQL> grant select on sys.user$ to cracker;

Grant succeeded.

SQL> connect cracker/cracker
Connected.
SQL> set serveroutput on size 1000000
SQL> @cracker-v2.0.sql
cracker: Release 1.0.4.0.0 - Beta on Wed Nov 26 14:00:41 2008
Copyright (c) 2008 PeteFinnigan.com Limited. All rights reserved.

T Username Password CR FL STA
=======================================================

U "SYS" [ORACLE1 ] DI CR OP
U "SYSTEM" [ORACLE1 ] DI CR OP
U "OUTLN" [OUTLN ] DE CR EL
U "DIP" [DIP ] DE CR EL
U "TSMSYS" [TSMSYS ] PU CR EL
U "ORACLE_OCM" [ORACLE_OCM ] PU CR EL
U "XDB" [CHANGE_ON_INSTALL ] DE CR EL
R "GLOBAL_AQ_USER_ROLE [GL-EX {GLOBAL} ] GE CR OP
U "DBSNMP" [ORACLE1 ] DI CR OP
U "WMSYS" [WMSYS ] DE CR EL
U "EXFSYS" [EXFSYS ] DE CR EL
U "CTXSYS" [CHANGE_ON_INSTALL ] DE CR EL
U "XS$NULL" [ ] -- -- EL
U "ANONYMOUS" [IMP {anonymous} ] IM CR EL
R "SPATIAL_WFS_ADMIN" [SPATIAL_WFS_ADMIN ] PU CR OP
U "ORDSYS" [ORDSYS ] DE CR EL
U "ORDPLUGINS" [ORDPLUGINS ] DE CR EL
U "SI_INFORMTN_SCHEMA" [SI_INFORMTN_SCHEMA ] DE CR EL
U "MDSYS" [MDSYS ] DE CR EL
U "OLAPSYS" [ ] -- -- EL
U "MDDATA" [MDDATA ] DE CR EL
U "HR" [CHANGE_ON_INSTALL ] DE CR EL
U "SPATIAL_WFS_ADMIN_U [SPATIAL_WFS_ADMIN_US] PU CR EL
R "WFS_USR_ROLE" [WFS_USR_ROLE ] PU CR OP
R "SPATIAL_CSW_ADMIN" [SPATIAL_CSW_ADMIN ] PU CR OP
U "SPATIAL_CSW_ADMIN_U [SPATIAL_CSW_ADMIN_US] PU CR EL
R "CSW_USR_ROLE" [CSW_USR_ROLE ] PU CR OP
U "WKSYS" [CHANGE_ON_INSTALL ] DE CR EL
U "WKPROXY" [CHANGE_ON_INSTALL ] DE CR EL
U "WK_TEST" [WK_TEST ] DE CR EL
U "SYSMAN" [ORACLE1 ] DI CR OP
U "MGMT_VIEW" [ ] -- -- OP
U "FLOWS_FILES" [ ] -- -- EL
U "APEX_PUBLIC_USER" [ ] -- -- EL
U "FLOWS_030000" [ ] -- -- EL
U "OWBSYS" [OWBSYS ] PU CR EL
R "OWB$CLIENT" [S ] BF CR OP
R "OWB_DESIGNCENTER_VI [S ] BF CR OP
U "SCOTT" [TIGER ] DE CR EG
U "AB" [AB ] PU CR OP
U "OE" [CHANGE_ON_INSTALL ] DE CR EL
U "IX" [CHANGE_ON_INSTALL ] DE CR EL
U "SH" [CHANGE_ON_INSTALL ] DE CR EL
U "PM" [CHANGE_ON_INSTALL ] DE CR EL
U "BI" [CHANGE_ON_INSTALL ] DE CR EL
U "PETE" [PETE ] DE CR OP
U "BILL" [BILL ] PU CR OP
U "A" [A ] PU CR OP
U "B" [B ] PU CR OP
U "C" [C ] PU CR OP
U "RES_TEST" [RES_TEST ] PU CR OP
U "XX" [123456 ] DI CR OP
U "ORASCAN" [ORASCAN ] PU CR OP
U "IMPOSS" [IMP {imposs123456789] IM CR OP
U "D" [ ] -- -- OP
U "P1" [P1 ] PU CR OP
U "P2" [P2 ] PU CR OP
U "CRACKER" [CRACKER ] PU CR OP
U "B1" [B1 ] PU CR OP
U "LT_EXP" [LT_EXP ] PU CR OP


INFO: Number of crack attempts = [61791]
INFO: Elapsed time = [4.31 Seconds]
INFO: Cracks per second = [14330]

PL/SQL procedure successfully completed.

SQL>




Note: That if you have done any hardening and revoke for instance the PUBLIC EXECUTE privilege on DBMS_OBFUSCATION_TOOLKIT you would need to also grant this execute privilege for your user.

Hope this helps get people fixing weak passwords!

November 2008
SMTWTFS
      1
2345678
9101112131415
16171819202122
23242526272829
30      

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Weblog Home
Weblog Archives


Home
Oracle Security Tools page
Oracle security papers
Oracle Security alerts

Web Development
SQL Server Security

RSS 1.0 FEED
RSS 2.0 FEED
Atom 0.3 FEED
Powered by gm-rss 2.0.0


Valid XHTML 1.0!