THE

SPRAWL

  •  
  •  
  •  
  • projectsOrapass DES

    Download orapass-des.py
    Size 1.6 KB
    DateFebruary 21st, 2009
    Version0.1

    Orapass-DES implements Oracle's older DES-based password hashing algorithm.

    Algorithm

    Let's trace through the algorithm with the username "tiger" and the password "scott":

    1. Concatenate the username and the password to produce a plaintext string

       tigerscott
      
    2. Convert the plaintext string to uppercase characters

       TIGERSCOTT
      
    3. Convert the plaintext string to multi-byte storage format; ASCII characters have the high byte set to 0x00

       0054004900470045005200530043004f00540054
      
    4. Encrypt the plaintext string (padded with 0s if necessary to the next even block length) using the DES algorithm in cipher block chaining (CBC) mode with a fixed key value of 0x0123456789ABCDEF;

       * Initialize DES with IV:  0000000000000000
       * Initialize DES with KEY: 0123456789ABCDEF
       * Padded plaintext: 0054004900470045005200530043004f0054005400000000
       * DES(plaintext) = 527acbc01a49c057e854df3104789ce7801be7920d69f719
      
    5. Encrypt the plaintext string again with DES-CBC, but using the last block of the output of the previous step (ignoring parity bits) as the encryption key.

       * Initialize DES with IV:  0000000000000000
       * Initialize DES with KEY: 801be7920d69f719
       * Padded plaintext: 0054004900470045005200530043004f0054005400000000
       * DES(plaintext) = 293c787182d03d85fa6cee1db032e2c69d45cd92d876e247
      
    6. The last block of the output is converted into a printable string to produce the password hash value.

       9d45cd92d876e247
      

    Usage

    Usage of the script is very straightforward simply provide username and password as parameters to get an 8-byte hash output.

    ./orapass-des.py tiger scott
    9d45cd92d876e247
    

    sprawlsimilar

    orapass sha1

    Download orapass-sha1.py
    Size 605 bytes
    DateAugust 17th, 2011
    Version0.1

    Orapass SHA1 implements Oracle's newer SHA1-based password hashing algorithm. This script can be used for password strength audit and recovery. Uses Python Hashlib library. Read more.

    john the ripper

    John the Ripper is a multi-platform password cracking tool. Read more.

    oracle tns protocol

    Oracle's proprietary TNS (Transparent Network Substrate) protocol is used to interact with Oracle's RDBMS. In this article you will learn about different TNS packet types and their structure. Read more.

    oracle rdbms

    Oracle Database or RDBMS (Object-Relational Database Management System) is a complex system for storage and retrieval of relational data. In this article you will learn the basic architecture of the Oracle Databases as well as common attacks against it. Read more.


    sprawlcomments

    All original content on this site is copyright protected and licensed under Creative Commons - Attribution, NonCommercial, ShareAlike 4.0 International.

    π
    ///\oo/\\\