Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 28 Feb 2013 23:15:20 +0100
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: Oracle Application Express / Password hashes

On 21 Feb, 2013, at 13:23 , Dhiru Kholia <dhiru.kholia@...il.com> wrote:
> I was able to figure out the details of APEX 4.2.1 "default" hashing algorithm.
> 
> In short, stored hash = hashlib.md5(password + sgid + username).hexdigest()
> 
> I am posting a set of scripts to help in dumping APEX hashes from an
> Oracle database and then subsequently cracking them using JtR-jumbo.
> 
> For step-by-step instructions, please see attached
> README-apex-cracking.txt file.

Things like this are good to have documented. I suppose you could commit this to bleeding (and even to unstable btw) - the README in doc/ and apex2john.py in run/. The dump-apex-hashes.sql I'm not sure... maybe that too in doc? Or unused? Maybe we need another directory?

If nothing else you could inline dump-apex-hashes.sql after a scissors line in the readme.

magnum

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.