adding items from John the Ripper's word list to the dictionary for Oracle cracking

lib/core/common.py

@@ -1117,7 +1117,7 @@ def setPaths():
     paths.COMMON_TABLES = os.path.join(paths.SQLMAP_TXT_PATH, "common-tables.txt")
     paths.COMMON_OUTPUTS = os.path.join(paths.SQLMAP_TXT_PATH, 'common-outputs.txt')
     paths.SQL_KEYWORDS = os.path.join(paths.SQLMAP_TXT_PATH, "keywords.txt")
-    paths.ORACLE_DEFAULT_PASSWD = os.path.join(paths.SQLMAP_TXT_PATH, "oracle-default-passwords.txt")
+    paths.SMALL_DICT = os.path.join(paths.SQLMAP_TXT_PATH, "smalldict.txt")
     paths.USER_AGENTS = os.path.join(paths.SQLMAP_TXT_PATH, "user-agents.txt")
     paths.WORDLIST = os.path.join(paths.SQLMAP_TXT_PATH, "wordlist.txt")
     paths.PHPIDS_RULES_XML = os.path.join(paths.SQLMAP_XML_PATH, "phpids_rules.xml")

lib/utils/hash.py

@@ -546,7 +546,7 @@ def dictionaryAttack(attack_dict):
                     else:
                         # It is the slowest of all methods hence smaller default dict
                         if hash_regex == HASH.ORACLE_OLD:
-                            dictPaths = [paths.ORACLE_DEFAULT_PASSWD]
+                            dictPaths = [paths.SMALL_DICT]
                         else:
                             dictPaths = [paths.WORDLIST]
 

txt/oracle-default-passwords.txt

@@ -1,487 +0,0 @@
-06071992
-0racl3
-0racl38
-0racl38i
-0racl39
-0racl39i
-0racle
-0racle8
-0racle8i
-0racle9
-0racle9i
-199220706
-abm
-adgangskode
-adldemo
-admin
-administrator
-ahl
-ahm
-airoplane
-ak
-akf7d98s2
-alr
-ams
-amv
-anonymous
-ap
-applmgr
-applsys
-applsyspub
-apppassword
-apps
-aq
-aqdemo
-aqjava
-aquser
-ar
-asf
-asg
-asl
-aso
-asp
-ast
-audiouser
-ax
-az
-bar
-bc4j
-ben
-bic
-bil
-bim
-bis
-biv
-bix
-blewis
-bom
-brio_admin
-bsc
-bug_reports
-catalog
-cct
-cdemo82
-cdemo83
-cdemocor
-cdemorid
-cdemoucb
-cdouglas
-ce
-centra
-central
-change_on_install
-cids
-cis
-cisinfo
-clave
-clerk
-cloth
-cn
-company
-compiere
-crp
-cs
-csc
-csd
-cse
-csf
-csi
-csl
-csmig
-csp
-csr
-css
-ctxdemo
-ctxsys
-cua
-cue
-cuf
-cug
-cui
-cun
-cup
-cus
-cz
-d_syspw
-d_systpw
-dbsnmp
-dbvision
-demo
-demo8
-demo9
-des
-des2k
-dev2000_demos
-dip
-discoverer_admin
-dmsys
-dpfpass
-dsgateway
-dssys
-dtsp
-eaa
-eam
-east
-ec
-ecx
-ejb
-ejsadmin
-ejsadmin_password
-emp
-eng
-eni
-estore
-event
-evm
-example
-exfsys
-extdemo
-extdemo2
-fa
-fem
-fii
-finance
-finprod
-flm
-fnd
-fndpub
-fpt
-frm
-fte
-fv
-gl
-gma
-gmd
-gme
-gmf
-gmi
-gml
-gmp
-gms
-gpfd
-gpld
-gr
-hades
-hcpark
-hlw
-hobbes
-hr
-hri
-hvst
-hxc
-hxt
-iba
-ibe
-ibp
-ibu
-iby
-icdbown
-icx
-idemo_user
-ieb
-iec
-iem
-ieo
-ies
-ieu
-iex
-ifssys
-igc
-igf
-igi
-igs
-igw
-imageuser
-imc
-imedia
-imt
-instance
-inv
-invalid
-invalid password
-ipa
-ipd
-iplanet
-isc
-itg
-ja
-je
-jetspeed
-jg
-jl
-jmuser
-john
-jtf
-jtm
-jts
-kwalker
-l2ldemo
-laskjdf098ksdaf09
-lbacsys
-manag3r
-manager
-manprod
-mddata
-mddemo
-mddemo_mgr
-mdsys
-me
-mfg
-mgr
-mgwuser
-migrate
-miller
-mmo2
-mmo3
-moreau
-mot_de_passe
-mrp
-msc
-msd
-mso
-msr
-mt6ch5
-mtrpw
-mts_password
-mtssys
-mumblefratz
-mwa
-mxagent
-names
-neotix_sys
-nneulpass
-oas_public
-ocitest
-ocm_db_admin
-odm
-ods
-ods_server
-odscommon
-oe
-oem_temp
-oemadm
-oemrep
-okb
-okc
-oke
-oki
-oko
-okr
-oks
-okx
-olapdba
-olapsvr
-olapsys
-ont
-oo
-openspirit
-opi
-oracache
-oracl3
-oracle
-oracle8
-oracle8i
-oracle9
-oracle9i
-oradbapass
-oraprobe
-oraregsys
-orasso
-orasso_ds
-orasso_pa
-orasso_ps
-orasso_public
-orastat
-ordcommon
-ordplugins
-ordsys
-osm
-osp22
-ota
-outln
-owa
-owa_public
-owf_mgr
-owner
-ozf
-ozp
-ozs
-pa
-panama
-paper
-parol
-passwd
-passwo1
-passwo2
-passwo3
-passwo4
-password
-patrol
-paul
-perfstat
-perstat
-pjm
-planning
-plex
-pm
-pmi
-pn
-po
-po7
-po8
-poa
-pom
-portal30
-portal30_admin
-portal30_demo
-portal30_ps
-portal30_public
-portal30_sso
-portal30_sso_admin
-portal30_sso_ps
-portal30_sso_public
-portal31
-portal_demo
-portal_sso_ps
-pos
-powercartuser
-primary
-psa
-psb
-psp
-pub
-pubsub
-pubsub1
-pv
-qa
-qdba
-qp
-qs
-qs_adm
-qs_cb
-qs_cbadm
-qs_cs
-qs_es
-qs_os
-qs_ws
-re
-rep_owner
-repadmin
-reports
-rg
-rhx
-rla
-rlm
-rmail
-rman
-rrs
-sample
-sampleatm
-sap
-sapr3
-sdos_icsap
-secdemo
-senha
-serviceconsumer1
-sh
-shelves
-si_informtn_schema
-siteminder
-slidepw
-snowman
-spierson
-ssp
-starter
-steel
-strat_passwd
-supersecret
-support
-swordfish
-swpro
-swuser
-sympa
-sys
-sys_stnt
-sysadm
-sysadmin
-sysman
-syspass
-system
-systempass
-tahiti
-tdos_icsap
-tectec
-test
-test_user
-testpilot
-thinsamplepw
-tibco
-tiger
-tigger
-tip37
-trace
-travel
-tsdev
-tsuser
-turbine
-ultimate
-um_admin
-um_client
-unknown
-user
-user0
-user1
-user2
-user3
-user4
-user5
-user6
-user7
-user8
-user9
-utility
-utlestat
-vea
-veh
-vertex_login
-videouser
-vif_dev_pwd
-viruser
-vrr1
-vrr2
-webcal01
-webdb
-webread
-welcome
-west
-wfadmin
-wh
-wip
-wk_test
-wkadmin
-wkproxy
-wksys
-wkuser
-wms
-wmsys
-wob
-wood
-wps
-wsh
-wsm
-www
-wwwuser
-xademo
-xdp
-xla
-xnc
-xni
-xnm
-xnp
-xns
-xprt
-xtr
-xxx
-yes
-your_pass
-zwerg