Date: Thu, 28 Feb 2013 23:15:20 +0100 From: magnum <john.magnum@...hmail.com> To: john-users@...ts.openwall.com Subject: Re: Oracle Application Express / Password hashes On 21 Feb, 2013, at 13:23 , Dhiru Kholia <dhiru.kholia@...il.com> wrote: > I was able to figure out the details of APEX 4.2.1 "default" hashing algorithm. > > In short, stored hash = hashlib.md5(password + sgid + username).hexdigest() > > I am posting a set of scripts to help in dumping APEX hashes from an > Oracle database and then subsequently cracking them using JtR-jumbo. > > For step-by-step instructions, please see attached > README-apex-cracking.txt file. Things like this are good to have documented. I suppose you could commit this to bleeding (and even to unstable btw) - the README in doc/ and apex2john.py in run/. The dump-apex-hashes.sql I'm not sure... maybe that too in doc? Or unused? Maybe we need another directory? If nothing else you could inline dump-apex-hashes.sql after a scissors line in the readme. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.