Using an offline Oracle password cracker
As we have mentioned and emphasized before you should perform security assessments against your databases regularly. Password crackers are the best tools to check your real passwords strength. These tools are used also by attackers to crack passwords. If you can crack a password then there is 100 percent probability that an attacker can do the same. In recent years, some very fast Oracle password crackers were developed. In this recipe we will use one of the fastest, an Oracle password-cracker tool developed by Laszlo Toth called woraauthbf.
This tool can be downloaded from Laszlo's personal page http://soonerorlater.hu (For a description of the tool and its download link, go to http://soonerorlater.hu/index.khtml?article_id=513); it has the capability of cracking passwords based on hash, dictionary, and brute force methods.
In this recipe we will connect to the HACKDB database, and we will collect the password hashes in a file that will be used as...
