Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "A second thread on c.d.o.s. about the Oracle password algorithm"] [Next entry: "A perl script to brute force database connections"]

Alex Kornbrust has released a Linux version of his Oracle password cracker

Alex has just told me that he has released a Linux version of his dictionary based Oracle password cracker. The Linux version only currently supports the standalone mode. The mode where you can connect to the database and audit multiple passwords at once is not available in this version. The stand alone version does not require an Oracle client installation. The standalone version can be used to test one user database account at a time against a supplied default password list and also a 1.5 Million word wordlist. You can of course supply your own word list or do as Alex suggests in the question and answers section at the end of the "Oracle Password Checker (Cracker) page and use John The Ripper to create a much bigger word list by using permutations of an existing list.

The Linux checkpwd v1.0 standalone for Linux Plus default passwords plus big word list is available.

Alex has also added the OpenSSL licence in the checkpwd.txt file that is part of the download.

I have of course added details of this tool to my Oracle Security Tools page.