The Web Local
 

 

 

woraauthbf
 
woraauthbf is an oracle password brute-forcer.  It has the following features:

 

  • Oracle password hash attack
  • Oracle password hash attack for 11g. It tries to crack the old hash and checks the case sensitivity with the new algorithm.
  • 8i authentication attack without oracle dlls
  • 9i and 10g authentication attack with oracle dlls
  • Dictionary attack
  • Incremental brute force attack
  • Multithreaded
  • Resume mode

 

It is available from here

 

Execution:
 

Usage: woraauthbf.exe -p pwdfile [-d dictfile] -t type -m maxpwdlength -c charset

-p    Password file
-d    Dictionary file
-t    There are four possible values. "hash" and "11g10g" is for oracle password hash. "8i",  "9i", "10g" are for the given authentication method. The default value is "hash".
-m  The maximum length of the password in brute-force mode. The maximum value  is 10. The default value is 6.
-c This is the charset in brute-force mode. There are three possible values:  "alpha" [A-Z], "alphanum" [A-Z0-9], and all [A-Z0-9!@#$%^&*()-_+=~`[]{}|\:;"'<>,.?/].  The default value is "alpha".
-s    The session file contains the resume information. The programs generates two session files with name oraauth.sess.0 and oraauth.sess.1. Use the earlier one according the file access date.
-o      This is the path of the oran10.dll.
--perm  The 0 value switches off the permutation of the user names.
--noarr  It switches off the user names and default password checking.
 


Password files have the following formats:

 

password hash:
 
The file format is: username:password hash:sid:server:
Example: SCOTT:F894844C34402B66:test:testdb:
 
The following SQL can be used:
select username||':'||password||':'||name||':'||host_name||':' from sys.dba_users, sys.V_$DATABASE, sys.v_$instance;
 
8i authentication
The file format is:
username:srvsesskey::authpasswd:clip:clp:srvip:srvp:
 
Example:
test:B18356B94CE0B21A:96D2C390490DE8BBB3A73C31077E9D79:192.168.81.3:4604:192.168.81.1:4552
 
9i authentication:
The file format is:
username:srvsesskey::autpasswd:clip:clp:srvip:srvp:
 
Example:
test1:E6873C6A656BB5C...:B850849AF89C9E3A78C6DD441...:192.168.168.2:1432:192.168.254.254:13245:
 
10g authentication:

 

The file format is:
username:srvsesskey:clsesskey:autpasswd:clip:clp:srvip:srvp:
 

Example:

test1:BF6325AB2B8A87638...:8D85098300E120985...:50176E4913E82EA8F...: 192.168.1.1:3332:192.168.1.2:1521:

 

11g password hash:
 
The file format is:
username:password hash:11g password hash:sid:server:
 
Example:
AAAA:C2977AC2A123F7BA:79FFBB4C2CC9633C5...:ORCL:ora11g:
 
The following SQL can be used:
 
select u.name||':'||u.password||':'||substr(u.spare4,3,63)||':'||d.name||':'|| sys_context('USERENV','SERVER_HOST')||':' from sys.user$ u, sys.V_$DATABASE d where u.type#=1;

 

Example output:

 

C:\woraauthbf_0.21R2>woraauthbf.exe -p has.txt -d default_passwords.txt
Usernames will be permuted!
The number of processors: 2
Number of pwds to check: 693
Number of pwds to check by thread: 346
Password file: hash.txt, dictionary file: default_passwords.txt, type: hash
Start: 1 End: 346
Password found: SYSTEM:MANAGER2:test:testdb
Start: 347 End: 693
Start array thread with 490 number of passwords!
Elpased time: 0s
Checked passwords: 11807

 
 

 

 

 

 

IT Security News:

 

Pen Testing Framework:

 

Latest Tool Reviews:

 

 

 

  
 

© VulnerabilityAssessment.co.uk 02 April 2008