[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <430DA9E3.9080301@lab.b-care.net>
Date: Thu Aug 25 12:49:48 2005
From: simon at lab.b-care.net (Simon Marechal)
Subject: HOWTO: Crack Oracle Security like a peanut?
Jeroen wrote:
> I can reproduce the things mentioned for user/pass-combinations sized 64
> bits. For larger combinations (> 64 bits ---> 2 or more 64 bits DES blocks)
> I can't figure out yet how things work. Have some of you guys 'n girls
> already played around with this description? And are you willing to share
> results?
>
> Thanks,
>
> Jeroen
AFAIK, it works this way:
* usernames and password are concatenated in a string s
* s is converted to unicode
* it is encrypted using des ncbc mode, with key 0x123456789abcdef, and
initialization vector 0
* the same string is encrypted again using the updated initialization
vector as a key, with another null initialization vector
* the updated initialization vector is the hash
Attached is the corresponding john plugin. It is somehow like the mscash
plugin in the sense that it uses usernames, that means it wont work
properly out of the box, manual tweaking is required. Bob the Butcher
will provide this cipher by default when it ships.
At least it is way better than those SQL password checking scripts.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: oracle_fmt.c
Type: text/x-csrc
Size: 5401 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050825/f85ff3df/oracle_fmt.bin
Powered by blists - more mailing lists