Call: +44 (0)7759 277220 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Accessing Data Outside the data model"] [Next entry: "A new version of woraauthbf is available (The Oracle password cracker)"]

Writing a password cracker in Perl



I got an e-mail from Tim a few weeks ago asking whether I knew of a resource that showed how to write a password cracker for Oracle in Perl. The only source I knew of was the Perl script written by Ian Redfern referenced on his original TNS paper which is also a published as the elephant protocol on the UK cert website. I replied to Tim and suggested the source but unfortunately I already knew the Perl script was no longer available. Tim quite helpfully replied that he had found a different source for a Perl script that implements the Oracle password algorithm.

This is written by Alun Jones. The Perl script can be found here and is simple to run. Here is an example of running the script with the sample test code provided in the script. Basically the script provides a function called Oracle_hash that performs the hash algorithm. Script also provides a simple loop with for sample users and password hashes that test the function. Here is a sample run:




Admin@oracle_hack_box /cygdrive/c/pete_finnigan_com_ltd/scanner-MASTER/perl_crac
ker
$ perl perl_cracker.pl
scott F894844C34402B67 F894844C34402B67 OK
sys D4C5016086B2DC6A D4C5016086B2DC6A OK
sys 5638228DAF52805F 5638228DAF52805F OK
SYSADMIN DC86E8DEAA619C1A DC86E8DEAA619C1A OK




you can of course modify this quite easily to passing a list of users from the database and also to passing default passwords, dictionary words or to perform brute forcing of the passwords. I don't have any idea of the performance of the code as compared with tools such as worauthbf. Of course my PL/SQL based script is very simple to run in the database directly.

I thought it was worth sharing the link to the PERL based cracker.