Re: Oracle AUTH_PASSWORD string

From: Byron Sonne (blsonne@rogers.com)
Date: Thu Dec 01 2005 - 17:59:29 EST


> I am looking for pointers on information showing me how to decypher
> AUTH_PASSWORD strings, which look like some kind of hash to me. The rest
> of the traffic is clear text however, including the SQL queries and
> answers.

Saw this post and the followup, and if I may ask, what is the platform
you're using? You could check out freshmeat.net and maybe some other
sites that could contain tools to help you in this regard.

You've raised some very interesting questions that I look forward to
seeing the answers to. I've had similar dealings with Japanese data, but
luckily, a dude I work with knows a little Japanese and it got us by.

You'll probably need something with right-to-left written language
support, so maybe a vmware image of Arabic windows or something might
help you interpret the data via whatever tools are already present on
the OS.

Regards,
Byron

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:13 EDT