[<prev] [next>] [day] [month] [year] [list]
Message-ID: <48E3611A.7070803@petefinnigan.com>
Date: Wed, 01 Oct 2008 12:38:02 +0100
From: Pete Finnigan <pete@...efinnigan.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Oracle password cracker written in PL/SQL
Hi Guys,
I have just released a free Oracle password cracker written completely
in PL/SQL on my website. The reason for doing this is to try and
encourage people to "test" passwords for strength in their own
databases. I am not seeing any real improvements in password strength
generally across the industry over the last 8 years.
It is not the intention to replace the fast C based crackers such as
woraauthbf but instead to suppliment it. In my experience I find that
people have not covered the bases yet, that is they still have passwords
set to usernames, passwords set to defaults and also extremely weak
passwords.
I often suggest to people to download binary based crackers but there is
often a reticence to do this. Hence I decided to create a PL/SQL based
one. This way there is no excuse, its a SQL script that can be run in
SQL*Plus and also its going to find the core issues anyway before you
need a faster cracker.
Some details on how it works and what it does are included in the page
http://www.petefinnigan.com/oracle_password_cracker.htm for the cracker.
You can also download it from the same page.
hope its useful
cheers
Pete
--
Pete Finnigan
Principal Consultant
PeteFinnigan.com Limited
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists