[dbsec] Extracting password hashes from raw oracle DB files

• From: Hamid Kashfi <hamid@xxxxxxxxx>
• To: dbsec@xxxxxxxxxxxxx
• Date: Sat, 20 Jun 2009 01:44:08 +0430

Hi silent list readers :)

I`m looking for possible ways to extract/modify password hashes of oracle
users directly from database binary files.  Any comment about this topic is
highly appreciated .

This would be useful in cases where we have access to oracle server on
file-system
but we do not have any privileged OS access , nor password of any of
oracle users.
having access to a linux shell with 'oracle' user is a real-world
example of this.

Of course there are many tricks to obtain some passwords by checking
random local
files, logs , backups , etc ...  but I`d like to hear about direct
extraction of hashes from database files.


Sincerely
Hamid K

• Follow-Ups:
  • [dbsec] Re: Extracting password hashes from raw oracle DB files
    • From: Hamid Kashfi

• References:
  • [dbsec] Re: NASTEC 2008 (Mc Gill University, Montreal, Canada)CfP-Extended
    • From: JN Contact
  • [dbsec] Re: NASTEC 2008 (Mc Gill University, Montreal, Canada)CfP-Extended
    • From: Jonathan Leffler

Other related posts:

• » [dbsec] Extracting password hashes from raw oracle DB files - Hamid Kashfi
• » [dbsec] Re: Extracting password hashes from raw oracle DB files - Hamid Kashfi
• » [dbsec] Re: Extracting password hashes from raw oracle DB files - David Litchfield

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription