Pete Finnigan's Oracle Security Weblog

I got an e-mail from Tim a few weeks ago asking whether I knew of a resource that showed how to write a password cracker for Oracle in Perl. The only source I knew of was the Perl script written by Ian Redfern referenced on his original TNS paper which is also a published as the elephant protocol on the UK cert website. I replied to Tim and suggested the source but unfortunately I already knew the Perl script was no longer available. Tim quite helpfully replied that he had found a different source for a Perl script that implements the Oracle password algorithm.

This is written by Alun Jones. The Perl script can be found http://users.aber.ac.uk/auj/freestuff/orapass.pl.txt - (broken link) here and is simple to run. Here is an example of running the script with the sample test code provided in the script. Basically the script provides a function called Oracle_hash that performs the hash algorithm. Script also provides a simple loop with for sample users and password hashes that test the function. Here is a sample run:

Admin@oracle_hack_box /cygdrive/c/pete_finnigan_com_ltd/scanner-MASTER/perl_crac ker $ perl perl_cracker.pl scott F894844C34402B67 F894844C34402B67 OK sys D4C5016086B2DC6A D4C5016086B2DC6A OK sys 5638228DAF52805F 5638228DAF52805F OK SYSADMIN DC86E8DEAA619C1A DC86E8DEAA619C1A OK

you can of course modify this quite easily to passing a list of users from the database and also to passing default passwords, dictionary words or to perform brute forcing of the passwords. I don't have any idea of the performance of the code as compared with tools such as worauthbf. Of course my PL/SQL based script is very simple to run in the database directly.

I thought it was worth sharing the link to the PERL based cracker.