Auditing an Oracle database for security issues is very important. provides all of the information and tools that you will need Click here for details of Limited's detailed Oracle database security audit service Click here for details of Limited's Oracle Security Training Courses
There are 59 visitors online    
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Pete Finnigan's Oracle security weblog

Home » Archives » September 2010 » Oracle Post Exploitation and Password cracking

[Previous entry: "English Football Fans Data Allegedly Sold to the BlackMarket"] [Next entry: "Webinar: The right way to secure Oracle by Pete Finnigan - Wednesday 29 September 2010"]

Oracle Post Exploitation and Password cracking

September 23rd, 2010 by Pete

I have been busy on a number of database security audits over the last few weeks as well as working on PFCLScan demos so I have not had much time to blog or tweet.

The Hactivity conference in Hungary took place last weekend and Laszlo Toth emailed me to let me know that he has posted his slides from the conference to his website. Laszlo did a nice talk covering descrypting OEM.Grid control passwords by extracting the keys from the emkey.ora file; this means that the newer method to encrypt passwords in OEM is broken and like the old method of simply calling the decrypt function its now possible to decrypt OEM passwords. The OEM repository should be protected in terms of architecture and security to prevent access to the encrypted data. This is of course an issue as blocking all access is not possible. This is an inherent issue of encryption in the database; that its virtually impossible to secure the keys used.

Laszlo also looked at the TDE wallet and master key and remote job scheduling and decrypting the scheduler credentials. This is an interesting area of weak encryption and shows Oracle allegiance to DES. Also Laszlo showed how to "hook" the encryption functions in the Oracle kernel on Linux and Windows to capture calls to the functions and to log the parameters. Very nice paper Laszlo.

Laszlo's paper is called "Oracle Post Exploitation Techniques" and he has also posted a flash demo for the injection part of the paper and promises more to come.

I also checked out Laszlo's friends site Marcell Major and he has also released the slides from his talk. Marcell's talk is titled "Writing your own password cracker" and is an excellent talk of how to go about reverse engineering password algorithms so that password crackers can be created to test the strength of users passwords. Marcell talks about the Apache Derby algorithm, the Sybase SHA-256 and SYB-PROP algorithms. Marcell has published details of the Sybase SHA-256 algorithm and a sybase password cracker based on Laszlo's woraauthbf. he promises to also release the SYB-PROP cracker soon.

Very nice paper Marcell!

September 2010

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Weblog Home
Weblog Archives

Oracle Security Tools page
Oracle security papers
Oracle Security alerts

Web Development
SQL Server Security

Atom 0.3 FEED
Powered by gm-rss 2.0.0

Valid XHTML 1.0!