[+] Wayc0de's Blog[+]


Oracle Password Auditor

About OraclePasswordAuditor

Oracle Password Auditor is the FREE Oracle database password recovery and auditing software. Oracle is one of the popular and powerful database software used by most of the web based and server side applications.

If you have ever lost or forgotten your Oracle database password then OraclePasswordAuditor can help in recovering it easily. It can also help you to audit Oracle database server setup in an corporate environment by discovering the weak password configurations. This makes it one of the must have tool for IT administrators & Penetration Testers.

During auditing operation, it detects special cases such as account lockout, invalid Oracle SID etc and then terminates the operation rather than blindly continuing with the errors. Penetration testers can use this feature to detect any account lockout issues and further verify if it is susceptible to such DDOS attacks.

It is very easy to use with the simple dictionary based password recovery method. By default it includes password dictionary file which contains popular list of default Oracle passwords. However you can find more password dictionary files at OpenWall collection. You can also use tools like Crunch, Cupp to generate custom password list files on your own and then use it with OraclePasswordAuditor.

OraclePasswordAuditor works on wide range of platforms starting from Windows XP to latest operating system Windows 7.
Features of OraclePasswordAuditor

Here are some of the special features of OraclePasswordAuditor
  • Free and easy to use software to quickly Recover/Audit Oracle Password.
  • Very useful for IT administrators & Penetration Testers
  • Dictionary based Password Recovery method
  • Includes dictionary file having popular list of default Oracle passwords
  • Automatically detects Account Lockout, Invalid SID etc and terminates the operation.
  • Detailed statistics such as  tested passwords, elapsed time, progress bar is displayed during Audit operation.
  • Integrated Installer for local Installation & Uninstallation.
Installing OraclePasswordAuditor

OraclePasswordAuditor comes with Installer which can help you in local installation & un-installation. It has intuitive setup wizard (as shown in the screenshot below) which guides you through series of steps in completion of installation. At any point of time you can use Uninstaller to remove the software from the system.
OraclePasswordAuditor  Installer

OraclePasswordAuditor depends on 'Oracle Instant Client' which must be installed prior to launching it. Else you will get error such as failing to load library oraocci11.dll or oci.dll etc

You can install it from official  download page of 'Oracle Instant Client'
Using OraclePasswordAuditor

MyOraclePasswordAuditor presnets cool GUI interface making it very simple and easy to use.

Here are simple steps
  • Before you launch make sure you have downloaded  'Oracle Instant Client' from the above location.
  • After the downloading extract it to the same folder as OraclePasswordAuditor.exe so that all those Oracle DLLs fall in the same folder.
  • Now launch OraclePasswordAuditor on your system from installed location.
  • Enter your Oracle server IP address, port number, sid and username for which to recover the password.
  • Next select or drag & drop the password list file (you can find one in the installed location)
  • Finally click on 'Start Audit' button to start the Oracle Password recovery operation.
  • You will see detailed statistics during password audit operation.
  • On success, it will display the recovered password as shown in the screenshot 1 below.
  • If the invalid SID is specified, account is locked out then you will see relevant error message.
Screenshots of OraclePasswordAuditor

Here are the screenshots of OraclePasswordAuditor
Screenshot 1:OraclePasswordAuditor is showing the recovered Oracle Password
Screenshot 2:OraclePasswordAuditor is detecting the locked out account and stopping the operation.

NB : securityxploded


Tidak ada komentar:

Posting Komentar