Date: Thu, 21 Feb 2013 17:53:19 +0530 From: Dhiru Kholia <dhiru.kholia@...il.com> To: Guillaume Lopes <isec.gls@...il.com> Cc: john-users@...ts.openwall.com, pen-test@...urityfocus.com Subject: Re: Oracle Application Express / Password hashes On Wed, Feb 20, 2013 at 6:31 PM, Dhiru Kholia <dhiru.kholia@...il.com> wrote: > On Wed, Feb 20, 2013 at 5:04 PM, Guillaume Lopes <isec.gls@...il.com> wrote: >> I have to crack password hashes from an Oracle application (APEX). The >> version is APEX 4.0. >> >> Do you know a tool or another way to retrieve clear passwords from hashes ? > > Please bring this topic to "john-users" mailing list. JtR folks might > be able to help you. I was able to figure out the details of APEX 4.2.1 "default" hashing algorithm. In short, stored hash = hashlib.md5(password + sgid + username).hexdigest() I am posting a set of scripts to help in dumping APEX hashes from an Oracle database and then subsequently cracking them using JtR-jumbo. For step-by-step instructions, please see attached README-apex-cracking.txt file. ✗ ../run/john -fo:dynamic_1 -t Benchmarking: dynamic_1: md5($p.$s) (joomla) [128/128 SSE2 intrinsics 10x4x3]... DONE Many salts: 14166K c/s real, 14166K c/s virtual Only one salt: 10305K c/s real, 10305K c/s virtual AFAIK commercial cracking tools (for APEX hashes) don't even come close to JtR's speed ;) -- Dhiru View attachment "apex-hashes.txt" of type "text/plain" (376 bytes) Download attachment "apex-hashes-JtR" of type "application/octet-stream" (52 bytes) Download attachment "dump-apex-hashes.sql" of type "application/octet-stream" (298 bytes) View attachment "README-apex-cracking.txt" of type "text/plain" (1325 bytes) Download attachment "apex2john.py" of type "application/octet-stream" (718 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.