03-17-2017, 09:13 PM
Hi, everybody!
Please help me solve something misunderstood about Oracle hash.
You most knowing that the Oracle O5Logon protocol contains the
vulnerability that allows for the password to be cracked offline
by bruteforcing the session key.
With help nmap and some script oracle-brute-stealth i have got out
session keys and salts for SYS user.
--------------------------------
This format of ouput file:
sys:$o5logon$hex digits of 96 (0x60) in length*hex digits of 20 (0x14) in length (salt)
sys:$o5logon$another hex digits of 96 (0x60) in length*hex digits of 20 (0x14) in length (salt)
...
ten times
---------------------------------
I have The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux with Hashcat intagrated package, but it doesn't
understand this kind of hash and reject with error line length exception.
I think that shall convert it to hashcat format from john the ripper, but can't find any script or info about it.
(sorry for my bad english)
With best regards and hope, machgun.
Please help me solve something misunderstood about Oracle hash.
You most knowing that the Oracle O5Logon protocol contains the
vulnerability that allows for the password to be cracked offline
by bruteforcing the session key.
With help nmap and some script oracle-brute-stealth i have got out
session keys and salts for SYS user.
--------------------------------
This format of ouput file:
sys:$o5logon$hex digits of 96 (0x60) in length*hex digits of 20 (0x14) in length (salt)
sys:$o5logon$another hex digits of 96 (0x60) in length*hex digits of 20 (0x14) in length (salt)
...
ten times
---------------------------------
I have The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux with Hashcat intagrated package, but it doesn't
understand this kind of hash and reject with error line length exception.
I think that shall convert it to hashcat format from john the ripper, but can't find any script or info about it.
(sorry for my bad english)
With best regards and hope, machgun.