Re: Oracle AUTH_PASSWORD string

[Byron Sonne <blsonne () rogers com>]

> I am looking for pointers on information showing me how to decypher 
> AUTH_PASSWORD strings, which look like some kind of hash to me. The rest 
> of the traffic is clear text however, including the SQL queries and 
> answers.

Saw this post and the followup, and if I may ask, what is the platform 
you're using? You could check out freshmeat.net and maybe some other 
sites that could contain tools to help you in this regard.

You've raised some very interesting questions that I look forward to 
seeing the answers to. I've had similar dealings with Japanese data, but 
luckily, a dude I work with knows a little Japanese and it got us by.

You'll probably need something with right-to-left written language 
support, so maybe a vmware image of Arabic windows or something might 
help you interpret the data via whatever tools are already present on 
the OS.

Regards,
Byron


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------