Date: Fri, 5 Oct 2012 19:24:16 +0530 From: Dhiru Kholia <dhiru.kholia@...il.com> To: john-users@...ts.openwall.com Subject: Re: [PoC] Cryptographic flaws in Oracle Database authentication protocol On Sat, Sep 29, 2012 at 3:35 PM, Dhiru Kholia <dhiru.kholia@...il.com> wrote: > On Sat, Sep 29, 2012 at 12:12 AM, Dhiru Kholia <dhiru.kholia@...il.com> wrote: >> Marcel has written "o5logoncrack" program to crack the password given >> AUTH_SESSKEY and AUTH_VFR_DATA. However Marcel hasn't released any >> algorithm details or source code. I will write a JtR format soon for this. > > Code is now committed to unstable-jumbo > (https://github.com/magnumripper/JohnTheRipper) > > ✗ ../run/john -fo:o5logon -t > Benchmarking: Oracle O5LOGON protocol [32/64]... DONE > Raw: 748982 c/s real, 754370 c/s virtual Made some tweaks, ✗ ../run/john -fo:o5logon -t Benchmarking: Oracle O5LOGON protocol [32/64]... DONE Raw: 948317 c/s real, 948317 c/s virtual This should match "official" cracker's speed. > Ettercap plug-in to sniff AUTH_SESSKEY and AUTH_VFR_DATA is committed > to https://github.com/halfie/ettercap/tree/O5LOGON This work has been merged into official Ettercap tree. See https://github.com/Ettercap/ettercap/tree/ettercap_rc -- Cheers, Dhiru
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.