#!/bin/bash

#
# $Id: oracrack,v 1.1 2006/11/22 22:58:15 raptor Exp $
#
# oracrack v0.1 - Oracle database password cracking helper
# Copyright (c) 2006 Marco Ivaldi <raptor@0xdeadbeef.info>
#
# ORACRACK is a basic and easily customizable helper script for Oracle 
# database password cracking. It requires Red Database Security's checkpwd 
# cracker (http://www.red-database-security.com/software/checkpwd.html).
#
# Usage example: ./oracrack passdump.txt dictionary.txt
#

# Some vars
log=oracrack.log
checkpwd=./checkpwd_static

# Command line
pass="$1"
dict="$2"

function usage() {
	echo "oracrack v0.1 - Oracle database password cracking helper"
	echo "Copyright (c) 2006 Marco Ivaldi <raptor@0xdeadbeef.info>"
	echo ""
	echo "usage  : ./oracrack <passdump> <dictionary>"
	echo "example: ./oracrack passdump.txt dictionary.txt"
	echo ""
	exit 1
}

# Input control
if [ -z "$2" ]; then
	usage
fi

if [ "`cat $pass 2>/dev/null`" = "" ]; then
	echo "err: corrupted pass file?"
	exit 1
fi

if [ "`cat $dict 2>/dev/null`" = "" ]; then
	echo "err: corrupted dict file?"
	exit 1
fi

# Perform crack and print results
for current in `cat $pass`
do
        $checkpwd $current $dict 1>$log 2>/dev/null
	grep "has weak pass" $log | sed 's/ has weak password /:/'
done

# Cleanup
rm $log

exit 0