Re: Pete Finnigan's Oracle database password checker

From: Pete Finnigan <pete_at_petefinnigan.com>
Date: Mon, 13 Oct 2008 10:17:37 +0100
Message-ID: <48F31231.2070407@petefinnigan.com>

Hi Thomas,

Extending is easy:

Find the end of the dictionary list:

		dicts(45):='ORACLE10GR1';
		dicts(46):='ORACLE10GR2';
		dicts(47):='ORACLE11G';
		--
	end;

and add in new passwords, i.e.:

		dicts(45):='ORACLE10GR1';
		dicts(46):='ORACLE10GR2';
		dicts(47):='ORACLE11G';
		dicts(48):='THOMAS';
		dicts(49):='MERCADANTE'
		.
		--
	end;

just keep adding words and incrementing the index. The code that reads it takes care of the length, its not hard coded

cheers

Pete

Mercadante, Thomas F (LABOR) wrote:
> I ran it in two of my development environments. My question is how do I extend the dictionary that Pete included in the routine. His Web page states that it can be extended. Anybody have any ideas about how to get a dictionary loaded into an Oracle database?
>
> -----Original Message-----
> From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of John.Hallas_at_morrisonsplc.co.uk
> Sent: Wednesday, October 08, 2008 3:06 AM
> To: guillermo.bort_at_eds.com
> Cc: oracle-l_at_freelists.org
> Subject: RE: Pete Finnigan's Oracle database password checker
>
> This is a neat PL/SQL routine which is very easy to customise to your
> requirements
>
> http://www.pentest.co.uk/cgi-bin/viewcat.cgi?cat=downloads
>
> I downloaded the tool yesterday but I am stil looking for a suitable
> sandpit environment to test it on
>
>
> =========================================
> John Hallas
> Oracle DBA
> Wm Morrison Supermarkets PLC
> Mobile: 07876 790540
> E-mail: john.hallas_at_morrisonsplc.co.uk
>
>
>
> -----oracle-l-bounce_at_freelists.org wrote: -----
>
>
> To: "Oracle-L Freelists" <oracle-l_at_freelists.org>
> From: "Bort, Guillermo" <guillermo.bort_at_eds.com>
> Sent by: oracle-l-bounce_at_freelists.org
> Date: 08/10/2008 02:53AM
> Subject: RE: Pete Finnigan's Oracle database password checker
>
> It means the role has a password and that it most likely has a weak
> password.
>
> I run it in a testing environment and got about 15 results, then run it in
> a production database and got about 90 passwords. I am implementing a
> password verification function now... any suggestions?
>
> People REALLY need to start being careful about their passwords...
>
> I will work on extending the dictionary to include spanish words... ��
>
> ==========================================================================================================================
>
> Wm Morrison Supermarkets PLC is registered in England with number 358949. The registered office of the company is situated
> at Gain Lane, Bradford, West Yorkshire BD3 7DL.
>
> This email and any attachments are intended for the addressee(s) only and may be confidential. If you are not the
> intended recipient, please inform the sender by replying to the email that you have received in error and then destroy
> the email. If you are not the intended recipient, you must not use, disclose, copy or rely on the email or its attachments
> in any way.
>
> Wm Morrison Supermarkets PLC accepts no liability or responsibility for anything said in the email or its
> attachments and gives no warranty as to accuracy. It is the policy of Wm Morrison Supermarkets PLC not to enter
> into any contractual or other obligations by email.
>
> Although we have taken steps to ensure the email and its attachments are virus-free, we cannot guarantee this or
> accept any responsibility, and it is the responsibility of recipients to carry out their own virus checks.
>
> ==========================================================================================================================
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>

-- 

Pete Finnigan
Principal Consultant
PeteFinnigan.com Limited

Registered in England and Wales
Company No: 4664901

Specialists in database security.

If you need help to audit or secure an Oracle database, please ask for
details of our courses and consulting services

Phone: 0044 (0)1904 791188
Fax  : 0044 (0)1904 791188
Mob  : 0044 (0)7742 114223
email: pete_at_petefinnigan.com
site : http://www.petefinnigan.com

Please note that this email communication is intended only for the
addressee and may contain confidential or privileged information. The
contents of this email may be circulated internally within your
organisation only and may not be communicated to third parties without
the prior written permission of PeteFinnigan.com Limited.  This email is
not intended nor should it be taken to create any legal relations,
contractual or otherwise.

--
http://www.freelists.org/webpage/oracle-l

Received on Mon Oct 13 2008 - 04:17:37 CDT

This message: [ Message body ]
Next message: Pete Finnigan: "Re: Pete Finnigan's Oracle database password checker"
Previous message: Pete Finnigan: "Re: Pete Finnigan's Oracle database password checker"
In reply to: Mercadante, Thomas F (LABOR): "RE: Pete Finnigan's Oracle database password checker"
Next in thread: Pete Finnigan: "Re: Pete Finnigan's Oracle database password checker"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message