I got an e-mail from Tim a few weeks ago asking whether I knew of a resource that showed how to write a password cracker for Oracle in Perl. The only source I knew of was the Perl script written by Ian Redfern referenced on his original TNS paper which is also a published as the elephant protocol on the UK cert website. I replied to Tim and suggested the source but unfortunately I already knew the Perl script was no longer available. Tim quite helpfully replied that he had found a different source for a Perl script that implements the Oracle password algorithm.
This is written by Alun Jones. The Perl script can be found here
and is simple to run. Here is an example of running the script with the sample test code provided in the script. Basically the script provides a function called Oracle_hash that performs the hash algorithm. Script also provides a simple loop with for sample users and password hashes that test the function. Here is a sample run:
$ perl perl_cracker.pl
scott F894844C34402B67 F894844C34402B67 OK
sys D4C5016086B2DC6A D4C5016086B2DC6A OK
sys 5638228DAF52805F 5638228DAF52805F OK
SYSADMIN DC86E8DEAA619C1A DC86E8DEAA619C1A OK
you can of course modify this quite easily to passing a list of users from the database and also to passing default passwords, dictionary words or to perform brute forcing of the passwords. I don't have any idea of the performance of the code as compared with tools such as worauthbf. Of course my PL/SQL based script
is very simple to run in the database directly.
I thought it was worth sharing the link to the PERL based cracker.