暴力破解Oracle数据库密码
2024-05-02 03:26:12
一、验证不能通过修改用户的password实现登录不知道密码的用户
[oracle@node1 ~]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.3.0 Production on Mon Nov 7 12:22:46 2011
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to :
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining,
Oracle Database Vault and Real Application Testing options
SQL> grant create session to xff identified by xifenfei;
Grant succeeded.
SQL> conn xff/xifenfei
Connected.
SQL> conn / as sysdba
Connected.
SQL> grant create session to chf identified by xifenfei;
Grant succeeded.
SQL> conn chf/xifenfei
Connected.
SQL> conn / as sysdba
Connected.
SQL> desc user $
Name Null ? Type
----------------------------------------- -------- ----------------------------
USER # NOT NULL NUMBER
NAME NOT NULL VARCHAR2(30)
TYPE# NOT NULL NUMBER
PASSWORD VARCHAR2(30)
DATATS# NOT NULL NUMBER
TEMPTS# NOT NULL NUMBER
CTIME NOT NULL DATE
PTIME DATE
EXPTIME DATE
LTIME DATE
RESOURCE$ NOT NULL NUMBER
AUDIT$ VARCHAR2(38)
DEFROLE NOT NULL NUMBER
DEFGRP# NUMBER
DEFGRP_SEQ# NUMBER
ASTATUS NOT NULL NUMBER
LCOUNT NOT NULL NUMBER
DEFSCHCLASS VARCHAR2(30)
EXT_USERNAME VARCHAR2(4000)
SPARE1 NUMBER
SPARE2 NUMBER
SPARE3 NUMBER
SPARE4 VARCHAR2(1000)
SPARE5 VARCHAR2(1000)
SPARE6 DATE
SQL> select name , password from user $ where name in ( 'XFF' , 'CHF' );
NAME PASSWORD
------------------------------ ------------------------------
CHF F3CF2F0CB35CB6CA
XFF 1B60F4BFF1DAB500
SQL> alter user xff identified by values 'F3CF2F0CB35CB6CA' ;
User altered.
SQL> select name , password from user $ where name in ( 'XFF' , 'CHF' );
NAME PASSWORD
------------------------------ ------------------------------
CHF F3CF2F0CB35CB6CA
XFF F3CF2F0CB35CB6CA
SQL> conn xff/xifenfei
ERROR:
ORA-01017: 用户名/口令无效; 登录被拒绝
Warning: You are no longer connected to ORACLE.
SQL> conn chf/xifenfei
Connected.
SQL> conn / as sysdba
Connected.
SQL> alter user xff identified by values '1B60F4BFF1DAB500' ;
User altered.
SQL> conn xff/xifenfei
Connected.
|
注:这个实验使用11g证明,其实10g也是同样的结果;在oracle 9i中可以通过修改password的values值实现登录
二、使用orabf破解数据库密码
1、修改数据库密码
SQL> conn / as sysdba
Connected.
SQL> alter user xff identified by xff01;
User altered.
SQL> alter user chf identified by chf00;
User altered.
SQL> select name , password from user $ where name in ( 'XFF' , 'CHF' );
NAME PASSWORD
------------------------------ ------------------------------
CHF 05BD6F8AB28BD8CA
XFF A51B3879056B3DDD
|
2、orabf使用
C:\Users\XIFENFEI\Downloads\orabf-v0.7.6>orabf
orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------
usage: orabf [ hash ]:[username] [options]
options:
-c [num] complexity: a number in [1..6] or a filename
- read words from stdin
[ file ] read words from file
1 numbers
2 alpha
3 alphanum
4 standard oracle (alpha)(alpha,num,_, #,$)... (default)
5 entire keyspace ( ' ' .. '~' )
6 custom (charset read from first line of file : charset.orabf)
-m [num] max pwd len: must be in the interval [1..14] (default: 14)
-n [num] min pwd len: must be in the interval [1..14] (default: 1)
-r resume: tries to resume a previous session
C:\Users\XIFENFEI\Downloads\orabf-v0.7.6>orabf A51B3879056B3DDD:XFF
orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------
Trying default passwords... done
Starting brute force session using charset:
#$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_
press 'q' to quit. any other key to see status
current password: D9X50
9229361 passwords tried. elapsed time 00:00:13. t /s :697938
current password: HI0QJ
18967617 passwords tried. elapsed time 00:00:27. t /s :698403
current password: OB #QD
34743632 passwords tried. elapsed time 00:00:49. t /s :698844
password found: XFF:XFF01
55826385 passwords tried. elapsed time 00:01:19. t /s :704047
C:\Users\XIFENFEI\Downloads\orabf-v0.7.6>orabf 05BD6F8AB28BD8CA:CHF -c 3 -n 4 -m 6
orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------
Trying default passwords... done
Starting brute force session using charset:
0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ
press 'q' to quit. any other key to see status
password found: CHF:CHF00
22647601 passwords tried. elapsed time 00:00:31. t /s :719113
|
说明:-c 6不能正常运行,不清楚是不是因为我的win 7系统原因导致
三、使用ops_sse2破解数据库密码
1、sys用户的password
SQL> select password from user $ where name = 'SYS' ;
PASSWORD
------------------------------
18698BFD1A045BCC
|
2、ops_sse2使用
C:\Users\XIFENFEI\Downloads\ops_SIMD_win32>ops_sse2
Oracle passwords (DES) solver 0.3 (SSE2) -- Dennis Yurichev <dennis@conus.info>
Compiled @ Apr 5 2011 12:13:15
Demo version, supporting only SYS usernames.
Usage:
ops_sse2.exe --hashlist=filename.txt
[--min=min_password_length] [--max=max_password_length]
[--first_symbol_charset=characters] [--charset=characters]
[--results=filename.txt]
hashlist file format :
username: hash :comment_or_SID
By default, results are dumped to stdout.
This can be changed by setting --results option
Default values:
min_password_length=1
max_password_length=8
first_symbol_charset=ABCDEFGHIJKLMNOPQRSTUVWXYZ
charset=ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 #$_
#ops_file.txt内容
SYS:18698BFD1A045BCC:xff
C:\Users\XIFENFEI\Downloads\ops_SIMD_win32>ops_sse2 --hashlist=ops_file.txt --min=6 --charset=CDEFNHITX
Oracle passwords (DES) solver 0.3 (SSE2) -- Dennis Yurichev <dennis@conus.info>
Compiled @ Apr 5 2011 12:13:15
Demo version, supporting only SYS usernames.
username=SYS: 1 unsolved hash (es) left
Checking 6-symbol passwords for username SYS
overall progress= 0%
username=SYS: 1 unsolved hash (es) left
Checking 7-symbol passwords for username SYS
overall progress= 98% / time remaining:
time elapsed: 12s, ~ 1160449 passwords /hashes per second
username=SYS: 1 unsolved hash (es) left
Checking 8-symbol passwords for username SYS
overall progress= 91% / time remaining: 8s
time elapsed: 1m31s, ~ 1248875 passwords /hashes per second
SYS /xff : Found password: XIFENFEI
SYS:XIFENFEI:xff
|
说明:Demo version只能使用于破解sys用户的密码,而且秘密长度不能超过8.
综合说明的试验,虽然都有缺陷,但是相对而已还是orabf破解更加的给力点
orabf-v0.7.6下载
ops_SIMD_win32
ops_SIMD_linux86
暴力破解Oracle数据库密码相关推荐
- 口令暴力破解--Telnet协议暴力破解、数据库暴力破解与远程桌面暴力破解
Telnet协议暴力破解 Telnet Telnet协议是TCP/IP协议族中的一员,是Internet远程登陆服务的标准协议和主要方式.它为用户提供了在本地计算机上完成远程主机工作的能力.要开始一个 ...
- 不知道密码导出oracle数据库,Oracle数据库密码重置、导入导出库命令示例应用
重置办法如下:打开CMD命令提示符,然后输入下面命令进行重置: 输入sqlplus /nolog,回车 SQL> conn /as sysdba 已连接: SQL>alter user s ...
- Python 暴力破解zip文件密码(相对简单的密码)
Python 暴力破解zip文件密码(相对简单的密码) 密码的使用范围很广,首先,我们要明确密码的作用,其次要明白密码的类型. 密码的作用是进行权限的限制,判断用户的合法性,(不 ...
- Python黑科技:暴力破解你的密码
Python黑科技:暴力破解你的密码 今天呢,给大家带来一个Python的暴力破解加密的压缩文件的方法~ (是不是压缩文件不重要). 另外你会不会Python也不重要 首先,我们得说一下,如何打开一个 ...
- Oracle数据库密码有效期改无限期
Oracle数据库密码有效期改无限期 错误提示 解决方法 第一步:查看用户密码的配置情况 将密码有效期修改成无限制. 检查"RESOURCE_LIMIT"是否配置为"FL ...
- oracle 密码文件在哪里看,Oracle数据库密码文件的使用
Oracle数据库密码文件的使用 日期:2010年5月21日 作者: 在Oracle数据库系统中,用户假设要以特权用户身份(INTERNAL/SYSDBA/SYSOPER)登录Oracle 数据库能够 ...
- 设置Oracle数据库密码不会过期
设置Oracle数据库密码不会过期 –查看用户的proifle是哪个,一般是default: SELECT username,PROFILE FROM dba_users; –查看指定概要文件(如de ...
- 设置oracle数据库密码永不过期(ORA-28002)
设置oracle数据库密码永不过期(ORA-28002) 现象描述: 登陆oracle11g 提示ERROR:ORA-28002: the password will expire within ...
- mysql 暴力破解 root账号密码
测试数据库的root账号密码大家都忘记了,好吧,那我们就暴力破解吧 1.找到my.cnf vi /etc/my.cnf 在[mysqld]的段中加上一句:skip-grant-tables 例如: [ ...
最新文章
- 2022-2028年全球与中国氢碘化物市场智研瞻分析报告
- mysql自定义序号_MySQL数据库之在mysql中给查询的结果添加序号列
- 驰骋工作流引擎设置消息收听
- 数学理论—— 蒙特卡洛近似
- 底部检测的do...while循环
- 《JavaScript 高级程序设计》精读笔记
- 今天 ,给大家变个魔术!!!
- 第八期:实操:两台路由器,如何分别通过WAN和LAN口连接?
- axios获取图片显示_Vue.js+axios图片预览以及上传显示进度
- 《RECURRENT BATCH NORMALIZATION》
- python实现图灵机器人帮你回复微信好友消息
- Vue终端取消vue、prettier警告warn
- 程序员坐牢了,会被安排去写代码吗?
- 服装制图软件测试初学者,服装行业版软件测试文案.ppt
- 自行车停放c语言,蓝桥杯算法训练 自行车停放(JAVA)
- Diffusion Models和GANs结合
- 服务自省,Dubbo面向了应用级
- 蓝桥杯省赛 砝码称重(B组)
- js判断数据是否为空值的方法
- pymol配体平移与旋转