Download this tool http://www.toolcrypt.org/tools/orabf/index.html and extract it in a folder C:\xman
The contents of C:\xman should be as shown.
orabf.exe
oraclehash.exe
orabfscript.cmd
permute.exe
default.txt
charset.orabf
CHANGES.TXT
README.TXT
Generate the hashes to crack.
SQL> select username,password from dba_users where username='HR';
USERNAME PASSWORD
------------------------------ ------------------------------
HR 4C6D73C3E8B0F0DA
SQL>
Fire up dos and cd to xman
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>cd \
C:\>cd xman
C:\xman>
C:\xman>orabf 4C6D73C3E8B0F0DA:hr
orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------
Trying default passwords...
password found: HR:HR
C:\xman>
Let us give it a stronger hash for sys
SQL> select username,password from dba_users where username='SYS';
USERNAME PASSWORD
------------------------------ ------------------------------
SYS 8A8F025737A9097A
SQL>
C:\xman>orabf 8A8F025737A9097A:sys
orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------
Trying default passwords...
password found: SYS:ORACLE
C:\xman>
The lazy dba used oracle as his sys password! It is always a good security measure to test your passwords with this tool to be sure they cannot be easily broken with brute force.
Subscribe to:
Post Comments (Atom)
3 comments:
Checkpwd for Oracle is doing the same and is much more convenient. With one command you can check ALL database passwords against a dictionary file.
http://www.red-database-security.com/software/checkpwd.html
Thanks Alexk. Did not know of this one.
Please. Yo got it program? Y need It please, please, please.
Post a Comment