Re: Pete Finnigan's Oracle database password checker

Bort, Guillermo wrote:
> I assumed that was obvious, I just printed a cound of 'found' passwords.
> I should tweak it to show me the usernames at least, so I can alert the
> users.


Hi Bort,

I have updated the cracker to output "WEAK" if a password is found. This
is set at the top of the code with a define statement.

The password cracker has been uploaded to its page on my site as a new
version to include this change - you can find it at:

http://www.petefinnigan.com/oracle_password_cracker.htm - the new
version is 1.4 and its at the bottom of that page.

To turn off display of the passwords locate the line:

define weak = 'OFF'

and turn on WEAK by changing to

define weak = 'ON'

then the output looks like:

SQL> @cracker-v2.0.sql
cracker: Release 1.0.4.0.0 - Beta on Mon Oct 13 17:53:08 2008
Copyright (c) 2008 PeteFinnigan.com Limited. All rights reserved.

T Username             Password               CR FL STA
=======================================================

U "SYS"                [WEAK                ] DI CR OP
U "SYSTEM"             [WEAK                ] DI CR OP
U "OUTLN"              [WEAK                ] DE CR EL
U "DIP"                [WEAK                ] DE CR EL
U "TSMSYS"             [WEAK                ] PU CR EL
U "ORACLE_OCM"         [WEAK                ] PU CR EL
U "XDB"                [WEAK                ] DE CR EL
R "GLOBAL_AQ_USER_ROLE [GL-EX {GLOBAL}      ] GE CR OP
U "DBSNMP"             [WEAK                ] DI CR OP
U "WMSYS"              [WEAK                ] DE CR EL
U "EXFSYS"             [WEAK                ] DE CR EL
U "CTXSYS"             [WEAK                ] DE CR EL
U "XS$NULL"            [                    ] -- -- EL
U "ANONYMOUS"          [IMP {anonymous}     ] IM CR EL
R "SPATIAL_WFS_ADMIN"  [WEAK                ] PU CR OP
U "ORDSYS"             [WEAK                ] DE CR EL
U "ORDPLUGINS"         [WEAK                ] DE CR EL
U "SI_INFORMTN_SCHEMA" [WEAK                ] DE CR EL
U "MDSYS"              [WEAK                ] DE CR EL
U "OLAPSYS"            [                    ] -- -- EL
U "MDDATA"             [WEAK                ] DE CR EL
U "HR"                 [WEAK                ] DE CR EL
U "SPATIAL_WFS_ADMIN_U [WEAK                ] PU CR EL
R "WFS_USR_ROLE"       [WEAK                ] PU CR OP
R "SPATIAL_CSW_ADMIN"  [WEAK                ] PU CR OP
U "SPATIAL_CSW_ADMIN_U [WEAK                ] PU CR EL
R "CSW_USR_ROLE"       [WEAK                ] PU CR OP
U "WKSYS"              [WEAK                ] DE CR EL
U "WKPROXY"            [WEAK                ] DE CR EL
U "WK_TEST"            [WEAK                ] DE CR EL
U "SYSMAN"             [WEAK                ] DI CR OP
U "MGMT_VIEW"          [                    ] -- -- OP
U "FLOWS_FILES"        [                    ] -- -- EL
U "APEX_PUBLIC_USER"   [                    ] -- -- EL
U "FLOWS_030000"       [                    ] -- -- EL
U "OWBSYS"             [WEAK                ] PU CR EL
R "OWB$CLIENT"         [WEAK                ] BF CR OP
R "OWB_DESIGNCENTER_VI [WEAK                ] BF CR OP
U "SCOTT"              [WEAK                ] DE CR EG
U "AB"                 [WEAK                ] PU CR OP
U "OE"                 [WEAK                ] DE CR EL
U "IX"                 [WEAK                ] DE CR EL
U "SH"                 [WEAK                ] DE CR EL
U "PM"                 [WEAK                ] DE CR EL
U "BI"                 [WEAK                ] DE CR EL
U "PETE"               [WEAK                ] DE CR OP
U "BILL"               [WEAK                ] PU CR OP
U "A"                  [WEAK                ] PU CR OP
U "B"                  [WEAK                ] PU CR OP
U "C"                  [WEAK                ] PU CR OP
U "RES_TEST"           [WEAK                ] PU CR OP
U "XX"                 [WEAK                ] DI CR OP
U "ORASCAN"            [WEAK                ] PU CR OP
U "IMPOSS"             [IMP {imposs123456789] IM CR OP
U "D"                  [                    ] -- -- OP
U "P1"                 [WEAK                ] PU CR OP
U "P2"                 [WEAK                ] PU CR OP


INFO: Number of crack attempts = [4330017]
INFO: Elapsed time = [332.47 Seconds]
INFO: Cracks per second = [13020]

PL/SQL procedure successfully completed.

SQL>

cheers

Pete

-- 

Pete Finnigan
Principal Consultant
PeteFinnigan.com Limited

Registered in England and Wales
Company No: 4664901

Specialists in database security.

If you need help to audit or secure an Oracle database, please ask for
details of our courses and consulting services

Phone: 0044 (0)1904 791188
Fax  : 0044 (0)1904 791188
Mob  : 0044 (0)7742 114223
email: pete@xxxxxxxxxxxxxxxx
site : http://www.petefinnigan.com

Please note that this email communication is intended only for the
addressee and may contain confidential or privileged information. The
contents of this email may be circulated internally within your
organisation only and may not be communicated to third parties without
the prior written permission of PeteFinnigan.com Limited.  This email is
not intended nor should it be taken to create any legal relations,
contractual or otherwise.

--
http://www.freelists.org/webpage/oracle-l

Other related posts: