Call: +44 (0)7759 277220 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "A new exploit to bypass Oracle Database Vault has been released"] [Next entry: "Oracle forensics paper - part 7 and an Oracle datablock dump tool"]

Permissions required to run my PL/SQL Oracle password cracker



There was a question posted to my Oracle Security forum a week or so ago but i only got round to posting an answer the other day due to travelling a lot recently. The poster had an issue running my Oracle database password cracker that is written in PL/SQL. The issue was easy to solve and was related to privileges of the user in the database being used to run the cracker.

As I want this tool be used by DBA's and security people alike to get as many databases passwords strengthened across the globe we need to make it as transparent ti run as possible. This is why its written in PL/SQL so that it can simply be run as a script in SQL*Plus, no excuses.

I thought its worthwhile posting here the minimum privileges necessary to run the cracker. These are simple:


  • CREATE SESSION

  • SELECT ON SYS.USER$



Here is an example session creating a user called CRACKER and granting these privileges and then running the cracker:




SQL> connect sys/oracle1 as sysdba
Connected.
SQL> create user cracker identified by cracker;

User created.

SQL> grant create session to cracker;

Grant succeeded.

SQL> grant select on sys.user$ to cracker;

Grant succeeded.

SQL> connect cracker/cracker
Connected.
SQL> set serveroutput on size 1000000
SQL> @cracker-v2.0.sql
cracker: Release 1.0.4.0.0 - Beta on Wed Nov 26 14:00:41 2008
Copyright (c) 2008 PeteFinnigan.com Limited. All rights reserved.

T Username Password CR FL STA
=======================================================

U "SYS" [ORACLE1 ] DI CR OP
U "SYSTEM" [ORACLE1 ] DI CR OP
U "OUTLN" [OUTLN ] DE CR EL
U "DIP" [DIP ] DE CR EL
U "TSMSYS" [TSMSYS ] PU CR EL
U "ORACLE_OCM" [ORACLE_OCM ] PU CR EL
U "XDB" [CHANGE_ON_INSTALL ] DE CR EL
R "GLOBAL_AQ_USER_ROLE [GL-EX {GLOBAL} ] GE CR OP
U "DBSNMP" [ORACLE1 ] DI CR OP
U "WMSYS" [WMSYS ] DE CR EL
U "EXFSYS" [EXFSYS ] DE CR EL
U "CTXSYS" [CHANGE_ON_INSTALL ] DE CR EL
U "XS$NULL" [ ] -- -- EL
U "ANONYMOUS" [IMP {anonymous} ] IM CR EL
R "SPATIAL_WFS_ADMIN" [SPATIAL_WFS_ADMIN ] PU CR OP
U "ORDSYS" [ORDSYS ] DE CR EL
U "ORDPLUGINS" [ORDPLUGINS ] DE CR EL
U "SI_INFORMTN_SCHEMA" [SI_INFORMTN_SCHEMA ] DE CR EL
U "MDSYS" [MDSYS ] DE CR EL
U "OLAPSYS" [ ] -- -- EL
U "MDDATA" [MDDATA ] DE CR EL
U "HR" [CHANGE_ON_INSTALL ] DE CR EL
U "SPATIAL_WFS_ADMIN_U [SPATIAL_WFS_ADMIN_US] PU CR EL
R "WFS_USR_ROLE" [WFS_USR_ROLE ] PU CR OP
R "SPATIAL_CSW_ADMIN" [SPATIAL_CSW_ADMIN ] PU CR OP
U "SPATIAL_CSW_ADMIN_U [SPATIAL_CSW_ADMIN_US] PU CR EL
R "CSW_USR_ROLE" [CSW_USR_ROLE ] PU CR OP
U "WKSYS" [CHANGE_ON_INSTALL ] DE CR EL
U "WKPROXY" [CHANGE_ON_INSTALL ] DE CR EL
U "WK_TEST" [WK_TEST ] DE CR EL
U "SYSMAN" [ORACLE1 ] DI CR OP
U "MGMT_VIEW" [ ] -- -- OP
U "FLOWS_FILES" [ ] -- -- EL
U "APEX_PUBLIC_USER" [ ] -- -- EL
U "FLOWS_030000" [ ] -- -- EL
U "OWBSYS" [OWBSYS ] PU CR EL
R "OWB$CLIENT" [S ] BF CR OP
R "OWB_DESIGNCENTER_VI [S ] BF CR OP
U "SCOTT" [TIGER ] DE CR EG
U "AB" [AB ] PU CR OP
U "OE" [CHANGE_ON_INSTALL ] DE CR EL
U "IX" [CHANGE_ON_INSTALL ] DE CR EL
U "SH" [CHANGE_ON_INSTALL ] DE CR EL
U "PM" [CHANGE_ON_INSTALL ] DE CR EL
U "BI" [CHANGE_ON_INSTALL ] DE CR EL
U "PETE" [PETE ] DE CR OP
U "BILL" [BILL ] PU CR OP
U "A" [A ] PU CR OP
U "B" [B ] PU CR OP
U "C" [C ] PU CR OP
U "RES_TEST" [RES_TEST ] PU CR OP
U "XX" [123456 ] DI CR OP
U "ORASCAN" [ORASCAN ] PU CR OP
U "IMPOSS" [IMP {imposs123456789] IM CR OP
U "D" [ ] -- -- OP
U "P1" [P1 ] PU CR OP
U "P2" [P2 ] PU CR OP
U "CRACKER" [CRACKER ] PU CR OP
U "B1" [B1 ] PU CR OP
U "LT_EXP" [LT_EXP ] PU CR OP


INFO: Number of crack attempts = [61791]
INFO: Elapsed time = [4.31 Seconds]
INFO: Cracks per second = [14330]

PL/SQL procedure successfully completed.

SQL>




Note: That if you have done any hardening and revoke for instance the PUBLIC EXECUTE privilege on DBMS_OBFUSCATION_TOOLKIT you would need to also grant this execute privilege for your user.

Hope this helps get people fixing weak passwords!