|Date||February 21st, 2009|
Orapass-DES implements Oracle's older DES-based password hashing algorithm.
Let's trace through the algorithm with the username "tiger" and the password "scott":
Concatenate the username and the password to produce a plaintext string
Convert the plaintext string to uppercase characters
Convert the plaintext string to multi-byte storage format; ASCII characters have the high byte set to 0x00
Encrypt the plaintext string (padded with 0s if necessary to the next even block length) using the DES algorithm in cipher block chaining (CBC) mode with a fixed key value of 0x0123456789ABCDEF;
* Initialize DES with IV: 0000000000000000 * Initialize DES with KEY: 0123456789ABCDEF * Padded plaintext: 0054004900470045005200530043004f0054005400000000 * DES(plaintext) = 527acbc01a49c057e854df3104789ce7801be7920d69f719
Encrypt the plaintext string again with DES-CBC, but using the last block of the output of the previous step (ignoring parity bits) as the encryption key.
* Initialize DES with IV: 0000000000000000 * Initialize DES with KEY: 801be7920d69f719 * Padded plaintext: 0054004900470045005200530043004f0054005400000000 * DES(plaintext) = 293c787182d03d85fa6cee1db032e2c69d45cd92d876e247
The last block of the output is converted into a printable string to produce the password hash value.
Usage of the script is very straightforward simply provide username and password as parameters to get an 8-byte hash output.
./orapass-des.py tiger scott 9d45cd92d876e247
|Date||August 17th, 2011|
Orapass SHA1 implements Oracle's newer SHA1-based password hashing algorithm. This script can be used for password strength audit and recovery. Uses Python Hashlib library. Read more.
Oracle's proprietary TNS (Transparent Network Substrate) protocol is used to interact with Oracle's RDBMS. In this article you will learn about different TNS packet types and their structure. Read more.
Oracle Database or RDBMS (Object-Relational Database Management System) is a complex system for storage and retrieval of relational data. In this article you will learn the basic architecture of the Oracle Databases as well as common attacks against it. Read more.
All original content on this site is copyright protected and licensed under Creative Commons - Attribution, NonCommercial, ShareAlike 4.0 International.