Posts: 5
Threads: 1
Joined: Apr 2012
I am having trouble loading Oracle 11g hashes (type 112) in to oclhashcat-plus.
They are stored in the SYS.USER$.spare4 column and are of the form of 'S:' followed by 40 characters of hex SHA1 hash followed by 20 characters of hex salt.
I've tried the string as is, removing the 'S:', separating the hash and salt, and other permutations, but I am consistently getting line length exceptions.
Does anyone know what the proper format is for Oracle 11g hashes?
Posts: 5,185
Threads: 230
Joined: Apr 2010
The format is hash:username
Posts: 5
Threads: 1
Joined: Apr 2012
Hmm. Let's say we have a user named foo with a hash "S:123456789A123456789B123456789C123456789D123456789E123456789F".
The proper format would be oclHashcat-plus -m 112 123456789A123456789B123456789C123456789D123456789E123456789F:foo wordlist.txt?
I'm still getting line length exceptions with and without the 'S:' or username. The old DES format was salted with the username but the new one has a random salt.
When you are referring to Oracle 11g hashes, I'm assuming that you are referring to the SHA format and not the old DES format with case sensitivity.
Thanks,
flipit
Posts: 5,185
Threads: 230
Joined: Apr 2010
I see. In this case you have to export the random salt. The random salt must be an hex encoded string which replaces the username. It is exactly of length 10. Example:
4b4787ac26bcf94f2aec734af8326ad2efa7e42a:8588127014
Password for this is 874
Posts: 5
Threads: 1
Joined: Apr 2012
Awesome, that explains why I was getting the line length exceptions.
However, there seems to be one small problem. Oracle uses 10 bytes of hex salt, yet oclHashcat seems hard-coded to accept up to 5 bytes.
Thanks for the explanation.
Posts: 2,301
Threads: 11
Joined: Jul 2010
i guess you have to use the --hex-salt option
Posts: 5
Threads: 1
Joined: Apr 2012
Undeath, that wouldn't work, as --hex-salt is already implied by the hash type (-m 112).
Atom, is it possible to expand the max length for the salt or is it a remnant from optimizing for a different hash type?
Thanks,
flipit
Posts: 5,185
Threads: 230
Joined: Apr 2010
Why do you need it expanded. Your 5 byte binary data encoded in hex is exactly 10.
Posts: 5
Threads: 1
Joined: Apr 2012
04-09-2012, 01:50 PM
(This post was last modified: 04-09-2012, 01:52 PM by flipit.)
Atom, the Oracle 11g format is 160 bits / 40 hex characters of SHA1 and 80 bits / 20 hex characters of salt. 40 bits / 10 hex characters of salt is insufficient.
Please see
http://www.petefinnigan.com/weblog/archi...001097.htm or
http://packages.python.org/passlib/lib/p...cle11.html for details.
Thanks,
flipit
Posts: 5,185
Threads: 230
Joined: Apr 2010
04-09-2012, 06:36 PM
(This post was last modified: 04-09-2012, 06:49 PM by atom.)
You were right. I fixed it. If you need access to a beta version send me a PM.
Quote:root@sf:~/oclHashcat-lite-0.10# ./oclHashcat-lite64.bin -m 112 61CE616647A4F7980AFD7C7245261AF25E0AFE9C:9763FCF0D54DA667D4E6
oclHashcat-lite v0.10 by atom starting...
** Valid keyfile for beta usage: atom (expires 26.03.2013)
GPU-Loops: 128
GPU-Accel: 160
Password lengths range: 1 - 55
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: Tahiti, 2931MB, 0Mhz, 32MCU
61ce616647a4f7980afd7c7245261af25e0afe9c:9763fcf0d54da667d4e6:11g
Status.......: Cracked
Hash.Target..: 61ce616647a4f7980afd7c7245261af25e0afe9c:9763fcf0d54da667d4e6
Hash.Type....: Oracle 11g
Time.Running.: 0 secs
Time.Left....: 0 secs
Plain.Mask...: ?1?2?2
Plain.Text...: ***
Plain.Length.: 3
Progress.....: 60416/80352 (75.19%)
Speed.GPU.#1.: 66926/s
HWMon.GPU.#1.: 0% GPU, 43c Temp
Started: Mon Apr 9 18:48:25 2012
Stopped: Mon Apr 9 18:48:26 2012