Penetration Testing mailing list archives
Re: Oracle hash rainbowtables
From: "Carl-Johan Bostorp" <carl-johan.bostorp () hps se>
Date: Fri, 3 Feb 2006 13:23:04 +0100
Hi, Yes, I realize it depends on the login name, which is why I asked for SYS/SYSTEM :) Even though your patch may be slow, it's of interest to me. Do you mind posting it? (either directly to me or publicly) /C-J P.s. I'm still interested in breaking a couple of hashes right away so if anybody already has the tables setup...? -----Ursprungligt meddelande----- Från: Fabien Kraemer [mailto:kraemer () darwin2 dyndns org] Skickat: den 3 februari 2006 11:16 Till: Carl-Johan Bostorp Kopia: pen-test () securityfocus com Ämne: Re: Oracle hash rainbowtables Hello, The problem is that Oracle hash depend on the login name. So you have to generate rainbow table for each login. A good idea is to create rainbow table for the defaults system account like : sys, system etc... I made a patch for rainbowcrack but i did not have time to optimize it so it s pretty slow: 300 000 C/s on a pentium M 1.6 ghz compared to more than 600 000 c/s for orabf. Good luck ;) Carl-Johan Bostorp wrote:
Hello peeps, Does anybody have the patch to rainbowcrack to build Oracle rainbowtables? Or does anybody know of any service that does what rainbowcrack-online does but with a SYS/SYSTEM Oracle-hash? /C-J ---------------------------------------------------------------------- -------- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------- ---------
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Oracle hash rainbowtables Carl-Johan Bostorp (Feb 02)
- Re: Oracle hash rainbowtables Fabien Kraemer (Feb 03)
- Re: Oracle hash rainbowtables jdurick (Feb 07)
- <Possible follow-ups>
- RE: Oracle hash rainbowtables Sulaiman, Wilmar (Feb 05)
- Re: Oracle hash rainbowtables Carl-Johan Bostorp (Feb 05)