Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Oracle password cracker

from [Wozny, Scott] Network Security [Permanent Link]
Subject: RE: Oracle password cracker
Date: Mon, 28 Jan 2008 12:39:28 -0500 
I've had to do this before and while there's no import function, I found
knowing your way around notepad and excel can make it significantly easier
than using the GUI to do it one by one.  Here are my cheat sheet notes from
an audit I conducted in a previous life; hope you can get some use out of
them.

- Add 1 hash using the GUI and then shut down Cain.  Then, in the Cain
directory, there is a file called ORACLE.LST you can open with notepad and
use the format of the line added from the GUI as a guide to add additional
hashes.  This can be done in Excel with the CONCATENATE function but I
usually just put on some mindless techno and cut and paste back and forth in
notepad (find and replace works well with inserting the requisite semicolons
as field separators as well).
- Once you've updated the ORACLE.LST file, save and close and then you can
fire up Cain again to run the brute force checker with all caps, numbers and
symbols up to X characters to detect passwords not in compliance.

Also, Pete Finnigan's website has a lot of great Oracle security resources
and should be required reading to audit an Oracle database.  He also has an
extensive collection of well known accounts and their hashes.  Very much
worth reading.

Good luck,

Scott
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of ahgaber_rehan@yahoo.com
Sent: Friday, January 25, 2008 3:26 AM
To: pen-test@securityfocus.com
Subject: Oracle password cracker



Hi All , 

i am auditing Oracle DB , i have requested the DBA to extract all Password
has in text file, i have the list, any body have a tool which can import the
file and verify the hash against my dictionary ?

i have cain , but i couldn't  find the option to import the list of
passwords, it's done 1 by 1 



regards,








------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Problem with NMap Scans, whitehat
Next by Date:  Re: ESX Vmware Physically connected to different segments, Kurt Buff
Previous by Thread:  Re: Oracle password cracker, Marco Ivaldi
Next by Thread:  Re: Oracle password cracker, techlists
Indexes:  [Date] [Thread] [Top] [All Lists]