Yes, the hash is the same.
That's what is listed at the pentest URL.
Jared
"Jesse, Rich" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
12/17/2002 01:30 PM
Please respond to ORACLE-L
To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
cc:
Subject: RE: password
Well, that's the default password. Is the *hash* the same, though?
Someone had mentioned that they thought it was DB-dependant. That can't
be,
since I can copy a DB, change the name, and fire it up without changing
the
password.
Rich
Rich Jesse System/Database Administrator
[EMAIL PROTECTED] Quad/Tech International, Sussex, WI
USA
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, December 17, 2002 3:01 PM
> To: [EMAIL PROTECTED]
> Cc: Jesse, Rich
> Subject: RE: password
>
>
> > Does "CHANGE_ON_INSTALL" have the same hash value for every
> > version and every instance?
>
> Yes, it does.
>
> Check: http://www.pentest-limited.com/default-user.htm
>
> This is a pentest list of default Oracle passwords.
>
> I've used this to create a perl script that checks for
> default passwords.
>
> It doesn't matter which version of Oracle.
>
> Jared
>
>
>
>
>
>
>
> "Jesse, Rich" <[EMAIL PROTECTED]>
> Sent by: [EMAIL PROTECTED]
> 12/17/2002 11:03 AM
> Please respond to ORACLE-L
>
>
> To: Multiple recipients of list ORACLE-L
> <[EMAIL PROTECTED]>
> cc:
> Subject: RE: password
>
>
> Interesting. Does "CHANGE_ON_INSTALL" have the same hash
> value for every
> version and every instance?
>
> Not being much of a hacker (anymore) I would think that with only one
> algorithm and several known passwords (you can generate them
> yourself),
> this
> wouldn't be much of a challenge to real hackers. Hell, the client
> encrypts
> it to send to the server, right? That code could be reverse
> engineered,
> too. BTW, VMS has many algorithms in play to help prevent
> such an attack
> on
> it's passwords. <plug plug>
>
> Oh to have the spare time of a 15-year old again... :)
>
> Rich
>
>
> Rich Jesse System/Database Administrator
> [EMAIL PROTECTED] Quad/Tech International,
> Sussex, WI
> USA
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Jesse, Rich
INET: [EMAIL PROTECTED]
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author:
INET: [EMAIL PROTECTED]
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
