THC-Orakel : Cracking Oracle Password within seconds

6 June 2007

THC further releases practical tools to sniff and crack the
password of an oracle database within seconds.

One of the network authentication modes used by Oracle databases uses a weak key exchange mechanism. This mechanism is still used on the newest database versions using Oracle’s JAVA drivers.

Also, for native Oracle drivers an attack is known to downgrade the authentication mode to the vulnerable version. The orakelsniffert article documents the mechanism used by the weak authentication mode, the complexity and impact of the attack and an example of an attack in the field.

A Windows based cracker and a simple JAVA based
client application are included to verify the results. Also, a supporting
crypto utility is released.

Post scriptum

Download THC-Cracker
Download PDF OrakelSniffer

Password Cracking	26 April 2010 : Bruter v1.0 - parallel network login brute-forcer 25 April 2010 : Aircrack-ng v1.1 released 3 April 2010 : CUPP Common User Passwords Profiler v3 released 25 March 2010 : PenTBox v1.3.2 FINAL released 27 February 2010 : John the Ripper updated to v1.7.5
THC-Orakel	6 June 2007 : THC-Orakel : Cracking Oracle Password within seconds