| Version | 0.1 |
|---|---|
| Size | 1.6 KB |
| Download | orapass-des.py |
Orapass-DES implements Oracle's older DES-based password hashing algorithm.
Algorithm
Let's trace through the algorithm with the username "tiger" and the password "scott":
-
Concatenate the username and the password to produce a plaintext string
tigerscott -
Convert the plaintext string to uppercase characters
TIGERSCOTT -
Convert the plaintext string to multi-byte storage format; ASCII characters have the high byte set to 0x00
0054004900470045005200530043004f00540054 -
Encrypt the plaintext string (padded with 0s if necessary to the next even block length) using the DES algorithm in cipher block chaining (CBC) mode with a fixed key value of 0x0123456789ABCDEF;
* Initialize DES with IV: 0000000000000000 * Initialize DES with KEY: 0123456789ABCDEF * Padded plaintext: 0054004900470045005200530043004f0054005400000000 * DES(plaintext) = 527acbc01a49c057e854df3104789ce7801be7920d69f719
-
Encrypt the plaintext string again with DES-CBC, but using the last block of the output of the previous step (ignoring parity bits) as the encryption key.
* Initialize DES with IV: 0000000000000000 * Initialize DES with KEY: 801be7920d69f719 * Padded plaintext: 0054004900470045005200530043004f0054005400000000 * DES(plaintext) = 293c787182d03d85fa6cee1db032e2c69d45cd92d876e247
-
The last block of the output is converted into a printable string to produce the password hash value.
9d45cd92d876e247
Usage
Usage of the script is very straightforward simply provide username and password as parameters to get an 8-byte hash output.
./orapass-des.py tiger scott 9d45cd92d876e247
sprawlcomments
sprawlsimilar
john the ripper
John the Ripper is a multi-platform password cracking tool. Read more.
orapass sha1
| Version | 0.1 |
|---|---|
| Size | 605 bytes |
| Download | orapass-sha1.py |
Orapass SHA1 implements Oracle's newer SHA1-based password hashing algorithm. This script can be used for password strength audit and recovery. Uses Python Hashlib library. Read more.
password analysis and cracking kit
| Version | 0.2 |
|---|---|
| Size | 11.8 KB |
| Download | PACK-0.0.2.tar.bz2 |
PACK (Password Analysis and Cracking Toolkit) is a collection of utilities developed to aid in analysis of password lists and enhancing cracking of passwords using smart rule generation. The toolkit itself is not able to crack password, but instead concentrates on making operation of other tools more efficient. Read more.
oracle tns protocol
Oracle's proprietary TNS (Transparent Network Substrate) protocol is used to interact with Oracle's RDBMS. In this article you will learn about different TNS packet types and their structure. Read more.
oracle database commands
Useful Oracle PL/SQL commands: Read more.
oracle authentication
Oracle Authentication process requires users to provide correct username, password, database hostname, and instance name (SID). Read more.
I had an opportunity to participate in the "Crack me if you can" password cracking competition during this year's Defcon. It was a fun and educational experience. Using a couple of video cards, decent processors as well as some research into password generation I was able to place 4th in the contest. In this post you can learn more about hardware, software and strategy used to crack about 25k passwords in two days. Read more.
oracle default ports
Oracle Database is a complex system requiring a large number of services running on a single system. This article attempts to enumerate common Oracle services and associated network ports found on live systems. Read more.
oracle rdbms
Oracle Database or RDBMS (Object-Relational Database Management System) is a complex system for storage and retrieval of relational data. In this article you will learn the basic architecture of the Oracle Databases as well as common attacks against it. Read more.
the dutch hacker video
| Released | 09/01/1991 | A video recording produced by the 2600 Magazine showing an attack on a US Army computer during the summer of 1991. Read more. |
|---|---|---|
| Size | 344.5 MB | |
| Download | hacker_video.avi | |
 |
||
oracle tns listener
Oracle Listener serves as a main communication point for the database. It provides necessary abstraction to host's transport protocols in order to allow Oracle's higher level session protocols to function across multiple platforms. This article covers different commands used to interact with the TNS Listener as well as common attacks against it. Read more.
