Re: Pete Finnigan's Oracle database password checker

From: Pete Finnigan <pete_at_petefinnigan.com>
Date: Mon, 13 Oct 2008 10:25:30 +0100
Message-ID: <48F3140A.3030004@petefinnigan.com>

openwall has the best lists, also if you download orabf (there is a link on my tools page http://www.petefinnigan.com/tools.htm sorry i cannot remember actual the link at moment) it includes a tool called permute that alters dictionary words into l33t speak.

cheers

Pete

Rich Jesse wrote:
> If English, the word lists and links here should be a good start:
>
> http://icon.shef.ac.uk/Moby/
>
> Of course it won't work for crackable dialects like l33t (or "1337", which
> at least one prominent Oracle pass hacker can check) and the wordlist is
> undoubtedly out-of-date, but as I said, it's a good start.
>
> Enjoy!
>
> Rich
>
> Disclaimer: teh n00bz r pwnzorz!!!!!
>
> Disdisclaimer: At my age, typing the above made me physically ill.
>
>

>> I ran it in two of my development environments.  My question is how do I
>> extend the dictionary that Pete included in the routine.  His Web page
>> states that it can be extended.  Anybody have any ideas about how to get a
>> dictionary loaded into an Oracle database?
>>
>> -----Original Message-----
>> From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org]
>> On Behalf Of John.Hallas_at_morrisonsplc.co.uk
>> Sent: Wednesday, October 08, 2008 3:06 AM
>> To: guillermo.bort_at_eds.com
>> Cc: oracle-l_at_freelists.org
>> Subject: RE: Pete Finnigan's Oracle database password checker
>>
>> This is a neat PL/SQL routine which is very easy to customise to your
>> requirements
>>
>> http://www.pentest.co.uk/cgi-bin/viewcat.cgi?cat=downloads
>>
>> I downloaded the  tool yesterday but I am stil looking for a suitable
>> sandpit environment  to test it on

>
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>

-- 

Pete Finnigan
Principal Consultant
PeteFinnigan.com Limited

Registered in England and Wales
Company No: 4664901

Specialists in database security.

If you need help to audit or secure an Oracle database, please ask for
details of our courses and consulting services

Phone: 0044 (0)1904 791188
Fax  : 0044 (0)1904 791188
Mob  : 0044 (0)7742 114223
email: pete_at_petefinnigan.com
site : http://www.petefinnigan.com

Please note that this email communication is intended only for the
addressee and may contain confidential or privileged information. The
contents of this email may be circulated internally within your
organisation only and may not be communicated to third parties without
the prior written permission of PeteFinnigan.com Limited.  This email is
not intended nor should it be taken to create any legal relations,
contractual or otherwise.

--
http://www.freelists.org/webpage/oracle-l

Received on Mon Oct 13 2008 - 04:25:30 CDT

This message: [ Message body ]
Next message: Pete Finnigan: "Re: Pete Finnigan's Oracle database password checker"
Previous message: Stephane Faroult: "oraperf replacement"
In reply to: Rich Jesse: "RE: Pete Finnigan's Oracle database password checker"
Next in thread: Pete Finnigan: "Re: Pete Finnigan's Oracle database password checker"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message