[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 28 Feb 2013 23:15:20 +0100
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: Oracle Application Express / Password hashes
On 21 Feb, 2013, at 13:23 , Dhiru Kholia <dhiru.kholia@...il.com> wrote:
> I was able to figure out the details of APEX 4.2.1 "default" hashing algorithm.
>
> In short, stored hash = hashlib.md5(password + sgid + username).hexdigest()
>
> I am posting a set of scripts to help in dumping APEX hashes from an
> Oracle database and then subsequently cracking them using JtR-jumbo.
>
> For step-by-step instructions, please see attached
> README-apex-cracking.txt file.
Things like this are good to have documented. I suppose you could commit this to bleeding (and even to unstable btw) - the README in doc/ and apex2john.py in run/. The dump-apex-hashes.sql I'm not sure... maybe that too in doc? Or unused? Maybe we need another directory?
If nothing else you could inline dump-apex-hashes.sql after a scissors line in the readme.
magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
