[Previous entry: "Accessing Data Outside the data model"] [Next entry: "A new version of woraauthbf is available (The Oracle password cracker)"]
Writing a password cracker in Perl
February 11th, 2009 by Pete
Post to del.icio.us
Post to Furl
I got an e-mail from Tim a few weeks ago asking whether I knew of a resource that showed how to write a password cracker for Oracle in Perl. The only source I knew of was the Perl script written by Ian Redfern referenced on his original TNS paper which is also a published as the elephant protocol on the UK cert website. I replied to Tim and suggested the source but unfortunately I already knew the Perl script was no longer available. Tim quite helpfully replied that he had found a different source for a Perl script that implements the Oracle password algorithm.
This is written by Alun Jones. The Perl script can be found here and is simple to run. Here is an example of running the script with the sample test code provided in the script. Basically the script provides a function called Oracle_hash that performs the hash algorithm. Script also provides a simple loop with for sample users and password hashes that test the function. Here is a sample run:
|
you can of course modify this quite easily to passing a list of users from the database and also to passing default passwords, dictionary words or to perform brute forcing of the passwords. I don't have any idea of the performance of the code as compared with tools such as worauthbf. Of course my PL/SQL based script is very simple to run in the database directly.
I thought it was worth sharing the link to the PERL based cracker.
