A Powerfull Inverse Dictionary

Recently I have discovered a powerfull inverse dictionary web-based. A inverse dictionary use the hash (password encryted) to get the password (in readble format). Usually you can get the hash in the next ways;

For Oracle database, versions 8,9,10 (in 11 and 12 it is possible too but you need query another view);

select passsword from dba_user where username =’SYSTEM’

For MySQL;

use mysql

select password from user where username=’root’ — Remember this engine is case sensitive by default
;

The web link to this tool;

crackstations inverse dictionary

It supports a lot of algorithms but not support hash with salt, salt concept in cryptography is similar to create a random number and use “add” to clear password or username with the propourse the create hash specific for one system (machine, database, app).

 
Inverse dictionary is a table with all or many possibles passwords for a specific user (usually system, root…). I have tried a pair the mysql database (root user) and it works fine. In the Oracle case doesn’t because of since version 11 Oracle uses salted hash.

 
HTH – Antonio NAVARRO

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s