Penetration Testing mailing list archives

Re: Oracle hash rainbowtables

From: "Carl-Johan Bostorp" <carl-johan.bostorp () hps se>
Date: Fri, 3 Feb 2006 13:23:04 +0100

Hi,

Yes, I realize it depends on the login name, which is why I asked for SYS/SYSTEM :)

Even though your patch may be slow, it's of interest to me. Do you mind posting it? (either directly to me or publicly)

/C-J

P.s. I'm still interested in breaking a couple of hashes right away so if anybody already has the tables setup...?

-----Ursprungligt meddelande-----
Från: Fabien Kraemer [mailto:kraemer () darwin2 dyndns org] 
Skickat: den 3 februari 2006 11:16
Till: Carl-Johan Bostorp
Kopia: pen-test () securityfocus com
Ämne: Re: Oracle hash rainbowtables

Hello,

The problem is that Oracle hash depend on the login name. So you have to
  generate rainbow table for each login. A good idea is to create rainbow table for the defaults system account like : 
sys, system etc...

I made a patch for rainbowcrack but i did not have time to optimize it so it s pretty slow: 300 000 C/s on a pentium M 
1.6 ghz compared to more than 600 000 c/s for orabf.

Good luck ;)


Carl-Johan Bostorp wrote:

Hello peeps,

Does anybody have the patch to rainbowcrack to build Oracle 
rainbowtables? Or does anybody know of any service that does what 
rainbowcrack-online does but with a SYS/SYSTEM Oracle-hash?

/C-J

----------------------------------------------------------------------
-------- Audit your website security with Acunetix Web Vulnerability 
Scanner:

Hackers are concentrating their efforts on attacking applications on 
your website. Up to 75% of cyber attacks are launched on shopping 
carts, forms, login pages, dynamic content etc. Firewalls, SSL and 
locked-down servers are futile against web application hacking. Check 
your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------
---------



------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

Oracle hash rainbowtables Carl-Johan Bostorp (Feb 02)
- Re: Oracle hash rainbowtables Fabien Kraemer (Feb 03)
- Re: Oracle hash rainbowtables jdurick (Feb 07)
- <Possible follow-ups>
- RE: Oracle hash rainbowtables Sulaiman, Wilmar (Feb 05)
- Re: Oracle hash rainbowtables Carl-Johan Bostorp (Feb 05)