Pete Finnigan's Oracle Security Weblog

Red Database Security has just let me know that they have released a stand alone Oracle password cracker using Eric Youngs DES Encryption library. There are two downloads available. The first is oracle_checkpwd.zip (704KB) which includes the libraries and also a default password list. The second is checkpwd_big.zip (4.7MB) which again includes the libraries and binary and a 1.5 million word dictionary. The tool can be used as follows:


C:\petefinnigan.com\alex\password cracker>checkpwd
Checkpwd 1.00 - (c) 2005 by Red Database-Security GmbH

usage: checkpwd <-quiet>
for example: checkpwd -quiet system/manager@mydbserver default_passwords.txt
or: checkpwd SCOTT:F894844C34402B67 default_passwords.txt


you can connect to the database and get the password hash from there or supply it on the command line. Here is a sample run:


SQL> alter user scott identified by zztop;

User altered.

SQL> select username,password from dba_users
2 where username='SCOTT';

USERNAME PASSWORD
------------------------------ ------------------------
SCOTT C602545F6676B420

SQL>


The password hash can be then be used as input to the tool:


C:\petefinnigan.com\alex\big_password_check>checkpwd SCOTT:C602545F6676B420 pass
word_list.txt
Checkpwd 1.00 - (c) 2005 by Red Database-Security GmbH

opening weak password list file
reading weak passwords list
checking passwords
SCOTT has weak password zztop

Done. Summary:
Passwords checked : 1543885
Weak passwords found : 1
Elapsed time (min:sec) : 0:11
Passwords / second : 140353



It is quite fast at 140,000 passwords per second but not as fast as those crackers in commercially tools available but is leagues better than using PL/SQL based tools to audit passwords with. I will add links to these tools on my Oracle Security Tools page.