Security Dashboard
Oracle password cracker woraauthbf updated to 0.22
Sunday 13 July 2008
The Oracle password cracker woraauthbf with the following features :
Oracle password hash attack
Oracle password hash attack for 11g. It tries to crack the old hash and checks the case sensitivity with the new algorithm.
8i authentication attack without oracle dlls
9i and 10g authentication attack with oracle dlls
Dictionary attack
Incremental brute force attack
MultithreadedThe 0.22 has some speed advancement because of the prehash implementation and has some usefull changes:
Prehash implementation in the brute-force mode of the password hash.
Prehash implementation in the dicitonary mode of the password hash (if the username len > 4)
It saves the list of the index of the found passwords, so you can use —prev paramter to leave out the already cracked passwords from a previous session. In the session continue mode (-s), it loads the results automaticly.
The order in the permutation engine was changed to follow a more logical way (thanks for Pete Finnigan suggesting it).
The permutation engine has more parameters that controls which permutation should be included.
It is strongly recommended to use this new release. The list of some repaired bugs can be found here (thanks Michael Donnerer for reporting them). This is still an early release, so it needs massive bug hunting and code cleaning.
POSTSCRIPTUM
RELATED ARTICLES
Bruteforcers, Password Cracking, woraauthbf, 13 July 2008 : Oracle password cracker woraauthbf updated to 0.222 April 2008 : Oracle password cracker woraauthbf updated to 0.21R2
