Call: +44 (0)7759 277220 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "English Football Fans Data Allegedly Sold to the BlackMarket"] [Next entry: "Webinar: The right way to secure Oracle by Pete Finnigan - Wednesday 29 September 2010"]

Oracle Post Exploitation and Password cracking

I have been busy on a number of database security audits over the last few weeks as well as working on PFCLScan demos so I have not had much time to blog or tweet.

The Hactivity conference in Hungary took place last weekend and Laszlo Toth emailed me to let me know that he has posted his slides from the conference to his website. Laszlo did a nice talk covering descrypting OEM.Grid control passwords by extracting the keys from the emkey.ora file; this means that the newer method to encrypt passwords in OEM is broken and like the old method of simply calling the decrypt function its now possible to decrypt OEM passwords. The OEM repository should be protected in terms of architecture and security to prevent access to the encrypted data. This is of course an issue as blocking all access is not possible. This is an inherent issue of encryption in the database; that its virtually impossible to secure the keys used.

Laszlo also looked at the TDE wallet and master key and remote job scheduling and decrypting the scheduler credentials. This is an interesting area of weak encryption and shows Oracle allegiance to DES. Also Laszlo showed how to "hook" the encryption functions in the Oracle kernel on Linux and Windows to capture calls to the functions and to log the parameters. Very nice paper Laszlo.

Laszlo's paper is called "Oracle Post Exploitation Techniques" and he has also posted a flash demo for the injection part of the paper and promises more to come.

I also checked out Laszlo's friends site Marcell Major and he has also released the slides from his talk. Marcell's talk is titled "Writing your own password cracker" and is an excellent talk of how to go about reverse engineering password algorithms so that password crackers can be created to test the strength of users passwords. Marcell talks about the Apache Derby algorithm, the Sybase SHA-256 and SYB-PROP algorithms. Marcell has published details of the Sybase SHA-256 algorithm and a sybase password cracker based on Laszlo's woraauthbf. he promises to also release the SYB-PROP cracker soon.

Very nice paper Marcell!