Re: Oracle AUTH_PASSWORD string



The Oracle Security Handbook by Oracle Press has a good section on the
TNS protocol, including a step-by-step overview of the logon process.

Basically, to answer your question, AUTH_PASSWORD is DES encrypted
using a random number that is sent by the database to the client in
the AUTH_SESSKEY string. AUTH_SESSKEY is also DES encrypted with the
user's password hash. What this means is that you won't be able to
determine the password simply by sniffing the traffic.

Here's a basic dataflow:

User passes a username to the database
Database response by sending a challenge created by DES encrypting a
random number with the user's password hash.
(Decrypt the challenge with the password hash to determine the random
number...)
The client then sends the password, which has been DES encrypted using
the random number as the key.

dpc

On 12/1/05, P. Entester <pentest__@xxxxxxxxxxx> wrote:
>
> Hello gentlemen,
>
> I am looking for pointers on information showing me how to decypher
> AUTH_PASSWORD strings, which look like some kind of hash to me. The rest of
> the traffic is clear text however, including the SQL queries and answers.
>
> I captured a few megs of Oracle traffic and want to be able to show the
> customer the importance of encrypting Oracle traffic on their network.
>
> Since i am new to pentesting Oracle databases and analyzing Oracle traffic,
> i guess some basic guide on Oracle dialog interpretatino would best fit the
> purpose.
>
> Thanks in advance,
>
> Peter.
>
> _________________________________________________________________
> FREE pop-up blocking with the new MSN Toolbar - get it now!
> http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
>
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
> futile against web application hacking. Check your website for vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>
>

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



Relevant Pages

  • RE: oracle VA/PT
    ... I have never known for Nessus not to find that Issue with Oracle. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, ...
    (Pen-Test)
  • Re: oracle VA/PT
    ... You can get OAT (oracle auditing tool) at cqure.net ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... > Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping ...
    (Pen-Test)
  • RE: oracle VA/PT
    ... OAT is another good one for Oracle checks ... Absinthe is for SQL injection- ... >Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, ...
    (Pen-Test)
  • RE: oracle VA/PT
    ... Absinthe is for SQL injection- ... MetaCoretex will do the Oracle checks. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, ...
    (Pen-Test)
  • Re: Resourceful Link for Oracle
    ... Galen Boyer wrote: ... Directing a poster to a helpful website in response to a question is ... I have been teaching Oracle at the University of Washington for 6 years ...
    (comp.databases.oracle.misc)