Oracle Password Cracker written in PL/SQL

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Oracle Password Cracker written in PL/SQL
From: pete@xxxxxxxxxxxxxxxx
Date: 1 Oct 2008 11:37:51 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hi Guys, 

I have just released a free Oracle password cracker written completely in 
PL/SQL on my website. The reason for doing this is to try and encourage people 
to "test" passwords for strength in their own databases. I am not seeing any 
real improvements in password strength generally across the industry over the 
last 8 years. 

It is not the intention to replace the fast C based crackers such as woraauthbf 
but instead to suppliment it. In my experience I find that people have not 
covered the bases yet, that is they still have passwords set to usernames, 
passwords set to defaults and also extremely weak passwords. 

I often suggest to people to download binary based crackers but there is often 
a reticence to do this. Hence I decided to create a PL/SQL based one. This way 
there is no excuse, its a SQL script that can be run in SQL*Plus and also its 
going to find the core issues anyway before you need a faster cracker. 

Some details on how it works and what it does are included in the page 
http://www.petefinnigan.com/oracle_password_cracker.htm for the cracker. You 
can also download it from the same page. 

hope its useful 

cheers 

Pete

Prev by Date: Printlog <= 0.4: Remote File Edition Vulnerability
Next by Date: Remote and Local File Inclusion Vulnerability <= 1.1 Rportal
Previous by thread: Printlog <= 0.4: Remote File Edition Vulnerability
Next by thread: Remote and Local File Inclusion Vulnerability <= 1.1 Rportal
Index(es):
- Date
- Thread