Reference(s): https://www.evilfingers.com/tools/GSAuditor.php http://www.notesbit.com/index.php/scripts-oracle/oracle-11g-new-password-algorithm-is-revealed-by-seclistsorg/ http://seclists.org/bugtraq/2007/Sep/304 >>> oracle_passwd(password='SHAlala', salt='1B7B5F82
(password, salt, uppercase=True)
| 199 | return "0x%s" % (retVal.upper() if uppercase else retVal.lower()) |
| 200 | |
| 201 | def oracle_passwd(password, salt, uppercase=True): |
| 202 | """ |
| 203 | Reference(s): |
| 204 | https://www.evilfingers.com/tools/GSAuditor.php |
| 205 | http://www.notesbit.com/index.php/scripts-oracle/oracle-11g-new-password-algorithm-is-revealed-by-seclistsorg/ |
| 206 | http://seclists.org/bugtraq/2007/Sep/304 |
| 207 | |
| 208 | >>> oracle_passwd(password='SHAlala', salt='1B7B5F82B7235E9E182C', uppercase=True) |
| 209 | 'S:2BFCFDF5895014EE9BB2B9BA067B01E0389BB5711B7B5F82B7235E9E182C' |
| 210 | """ |
| 211 | |
| 212 | binsalt = decodeHex(salt) |
| 213 | password = getBytes(password) |
| 214 | |
| 215 | retVal = "s:%s%s" % (sha1(password + binsalt).hexdigest(), salt) |
| 216 | |
| 217 | return retVal.upper() if uppercase else retVal.lower() |
| 218 | |
| 219 | def oracle_old_passwd(password, username, uppercase=True): # prior to version '11g' |
| 220 | """ |