EnglishSpanishGermanFrenchPortugueseItalianRussian

FAQ

1. What Oracle Database versions are supported by the program?
2. What are system requirements?
3. What access rights are required for importing data from a database?
4. What formats of rainbow tables are supported by the program?
5. What accounts can be used with rainbow tables?
6. Where to find rainbow tables?
7. What are the limitations of the evaluation version?

1.

What Oracle Database versions are supported by the program?

The program supports data import and recovery of Oracle Database 9i, 10g, 11g, 12c passwords.

2.

What are system requirements?

System requirements:

  • any operating system with Oracle JRE 8 installed;
  • minimum of 1 Gb RAM;
  • free 18 Mb hard disk space (plus the space required for JRE installation);
  • minimum of 800x600 screen resolution.

3.

What access rights are required for importing data from a database?

The source data for password recovery is stored in the scheme of user SYS. To import the data, specify either user SYS or one of the users with access to this data.

For Oracle Database Enterprise Edition, the default set of these users differs from version to version:

9i CTXSYS, MDSYS, OLAPSYS, WKSYS, XDB
10g CTXSYS, OLAPSYS, XDB
11g APEX_030200, CTXSYS, ORACLE_OCM, XDB
12c APEX_040200, CTXSYS, DV_SECANALYST, DVSYS, ORACLE_OCM, XDB

Some of these users may appear in the blocked state i.e. be unavailable.

If you select user SYS, specify the SYSDBA role for him.

4.

What formats of rainbow tables are supported by the program?

The program supports RT, RTI and RTI2 formats.

5.

What accounts can be used with rainbow tables?

The user name is used and the salt is not used in the algorithms for calculating DES and MD5 hashes of the Oracle Database passwords. Use rainbow tables for DES hashes created for SYS user.

Small rainbow tables supplied with the program can recover passwords:

  • for the user called SYS;
  • comprised of Latin characters only;
  • 1 to 4 characters long.

6.

Where to find rainbow tables?

To create rainbow tables for DES hashes, you can use the Winrtgen program. Specify the following to generate files:

  • hash type: oracle;
  • user name: SYS;
  • possible length of the password;
  • character set.

To check the efficiency of rainbow tables, use the oracledb-users5.txt file containing records for user SYS with passwords of various lengths.

7.

What are the limitations of the evaluation version?

The evaluation version has the following functional limitations:

  • only the first character of the recovered password is shown;
  • for hybrid attack, the quantity of added characters is limited;
  • the total size of the rainbow table files is limited;
  • the character set is limited to A-Z characters;
  • for brute force attack, the possible maximum password length is limited.