Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 21 Feb 2013 17:53:19 +0530
From: Dhiru Kholia <>
To: Guillaume Lopes <>
Subject: Re: Oracle Application Express / Password hashes

On Wed, Feb 20, 2013 at 6:31 PM, Dhiru Kholia <> wrote:
> On Wed, Feb 20, 2013 at 5:04 PM, Guillaume Lopes <> wrote:
>> I have to crack password hashes from an Oracle application (APEX). The
>> version is APEX 4.0.
>> Do you know a tool or another way to retrieve clear passwords from hashes ?
> Please bring this topic to "john-users" mailing list. JtR folks might
> be able to help you.

I was able to figure out the details of APEX 4.2.1 "default" hashing algorithm.

In short, stored hash = hashlib.md5(password + sgid + username).hexdigest()

I am posting a set of scripts to help in dumping APEX hashes from an
Oracle database and then subsequently cracking them using JtR-jumbo.

For step-by-step instructions, please see attached
README-apex-cracking.txt file.

✗ ../run/john -fo:dynamic_1 -t
Benchmarking: dynamic_1: md5($p.$s) (joomla) [128/128 SSE2 intrinsics
10x4x3]... DONE
Many salts:	14166K c/s real, 14166K c/s virtual
Only one salt:	10305K c/s real, 10305K c/s virtual

AFAIK commercial cracking tools (for APEX hashes) don't even come
close to JtR's speed ;)


View attachment "apex-hashes.txt" of type "text/plain" (376 bytes)

Download attachment "apex-hashes-JtR" of type "application/octet-stream" (52 bytes)

Download attachment "dump-apex-hashes.sql" of type "application/octet-stream" (298 bytes)

View attachment "README-apex-cracking.txt" of type "text/plain" (1325 bytes)

Download attachment "" of type "application/octet-stream" (718 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.