Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 29 Sep 2012 15:35:39 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: [PoC] Cryptographic flaws in Oracle Database authentication protocol

On Sat, Sep 29, 2012 at 12:12 AM, Dhiru Kholia <dhiru.kholia@...il.com> wrote:
> Marcel has written "o5logoncrack" program to crack the password given
> AUTH_SESSKEY and AUTH_VFR_DATA. However Marcel hasn't released any
> algorithm details or source code. I will write a JtR format soon for this.

Code is now committed to unstable-jumbo
(https://github.com/magnumripper/JohnTheRipper)

✗ ../run/john -fo:o5logon -t
Benchmarking: Oracle O5LOGON protocol [32/64]... DONE
Raw:	748982 c/s real, 754370 c/s virtual

Ettercap plug-in to sniff AUTH_SESSKEY and AUTH_VFR_DATA is committed
to https://github.com/halfie/ettercap/tree/O5LOGON

-- 
Cheers,
Dhiru

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.