Wednesday, August 20, 2008

Oracle Password Checker (Cracker)

Checkpwd 1.23 (free)

Checkpwd 1.23 is (AFAIK) the fastest (see Benchmark) dictionary based password checker for Oracle databases. This is a useful tool for DBA's to identify Oracle accounts with weak or default passwords.

Version 1.23 contains a version which only shows that a password is weak but not the password itself.

Checkpwd reads the password hashes from the view dba_users and compares the hashkeys with the hashkeys calculated from a dictionary file. Details about Oracle (database) passwords are available here:

Fact Sheet about Oracle database passwords.

Downloads

Checkpwd 1.23 (for Windows) + default passwords + libaries + wordlist with 1.5 Mio words + Oracle Instant Client 10.2
(35 MB, MD5SUM: d41737cca1b07d66bd134c53989fa1b5 *oracle_checkpwd_big.zip)

Checkpwd 1.23 (for Windows) + default passwords + libaries
(1.5 MB, MD5SUM: 17a00e28b9ff0e6bed45554b43f62b06 *oracle_checkpwd.zip)

Checkpwd 1.23 - passwords not displayed - (for Windows) + default passwords + libaries
(1.5 MB, MD5SUM: 6638b0c82dea7685b6e045c9f7136168 *oracle_checkpwd_nopw.zip)

More information can be found here.

No comments: