本文共 6003 字,大约阅读时间需要 20 分钟。
一、验证不能通过修改用户的password实现登录不知道密码的用户
[oracle@node1 ~]$ sqlplus / as sysdba SQL*Plus: Release 11.2.0.3.0 Production on Mon Nov 7 12:22:46 2011 Copyright (c) 1982, 2011, Oracle. All rights reserved. Connected to : Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production With the Partitioning, Oracle Label Security, OLAP, Data Mining, Oracle Database Vault and Real Application Testing options SQL> grant create session to xff identified by xifenfei; Grant succeeded. SQL> conn xff/xifenfei Connected. SQL> conn / as sysdba Connected. SQL> grant create session to chf identified by xifenfei; Grant succeeded. SQL> conn chf/xifenfei Connected. SQL> conn / as sysdba Connected. SQL> desc user $ Name Null ? Type ----------------------------------------- -------- ---------------------------- USER # NOT NULL NUMBER NAME NOT NULL VARCHAR2(30) TYPE# NOT NULL NUMBER PASSWORD VARCHAR2(30) DATATS# NOT NULL NUMBER TEMPTS# NOT NULL NUMBER CTIME NOT NULL DATE PTIME DATE EXPTIME DATE LTIME DATE RESOURCE$ NOT NULL NUMBER AUDIT$ VARCHAR2(38) DEFROLE NOT NULL NUMBER DEFGRP# NUMBER DEFGRP_SEQ# NUMBER ASTATUS NOT NULL NUMBER LCOUNT NOT NULL NUMBER DEFSCHCLASS VARCHAR2(30) EXT_USERNAME VARCHAR2(4000) SPARE1 NUMBER SPARE2 NUMBER SPARE3 NUMBER SPARE4 VARCHAR2(1000) SPARE5 VARCHAR2(1000) SPARE6 DATE SQL> select name , password from user $ where name in ( 'XFF' , 'CHF' ); NAME PASSWORD ------------------------------ ------------------------------ CHF F3CF2F0CB35CB6CA XFF 1B60F4BFF1DAB500 SQL> alter user xff identified by values 'F3CF2F0CB35CB6CA' ; User altered. SQL> select name , password from user $ where name in ( 'XFF' , 'CHF' ); NAME PASSWORD ------------------------------ ------------------------------ CHF F3CF2F0CB35CB6CA XFF F3CF2F0CB35CB6CA SQL> conn xff/xifenfei ERROR: ORA-01017: 用户名/口令无效; 登录被拒绝 Warning: You are no longer connected to ORACLE. SQL> conn chf/xifenfei Connected. SQL> conn / as sysdba Connected. SQL> alter user xff identified by values '1B60F4BFF1DAB500' ; User altered. SQL> conn xff/xifenfei Connected. |
注:这个实验使用11g证明,其实10g也是同样的结果;在oracle 9i中可以通过修改password的values值实现登录
二、使用orabf破解数据库密码
1、修改数据库密码 SQL> conn / as sysdba Connected. SQL> alter user xff identified by xff01; User altered. SQL> alter user chf identified by chf00; User altered. SQL> select name , password from user $ where name in ( 'XFF' , 'CHF' ); NAME PASSWORD ------------------------------ ------------------------------ CHF 05BD6F8AB28BD8CA XFF A51B3879056B3DDD |
2、orabf使用
C:\Users\XIFENFEI\Downloads\orabf-v0.7.6>orabf orabf v0.7.6, (C)2005 orm@toolcrypt.org --------------------------------------- usage: orabf [ hash ]:[username] [options] options: -c [num] complexity: a number in [1..6] or a filename - read words from stdin [ file ] read words from file 1 numbers 2 alpha 3 alphanum 4 standard oracle (alpha)(alpha,num,_, #,$)... (default) 5 entire keyspace ( ' ' .. '~' ) 6 custom (charset read from first line of file : charset.orabf) -m [num] max pwd len: must be in the interval [1..14] (default: 14) -n [num] min pwd len: must be in the interval [1..14] (default: 1) -r resume: tries to resume a previous session C:\Users\XIFENFEI\Downloads\orabf-v0.7.6>orabf A51B3879056B3DDD:XFF orabf v0.7.6, (C)2005 orm@toolcrypt.org --------------------------------------- Trying default passwords... done Starting brute force session using charset: #$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_ press 'q' to quit. any other key to see status current password: D9X50 9229361 passwords tried. elapsed time 00:00:13. t /s :697938 current password: HI0QJ 18967617 passwords tried. elapsed time 00:00:27. t /s :698403 current password: OB #QD 34743632 passwords tried. elapsed time 00:00:49. t /s :698844 password found: XFF:XFF01 55826385 passwords tried. elapsed time 00:01:19. t /s :704047 C:\Users\XIFENFEI\Downloads\orabf-v0.7.6>orabf 05BD6F8AB28BD8CA:CHF -c 3 -n 4 -m 6 orabf v0.7.6, (C)2005 orm@toolcrypt.org --------------------------------------- Trying default passwords... done Starting brute force session using charset: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ press 'q' to quit. any other key to see status password found: CHF:CHF00 22647601 passwords tried. elapsed time 00:00:31. t /s :719113 |
说明:-c 6不能正常运行,不清楚是不是因为我的win 7系统原因导致
三、使用ops_sse2破解数据库密码
1、sys用户的password SQL> select password from user $ where name = 'SYS' ; PASSWORD ------------------------------ 18698BFD1A045BCC |
2、ops_sse2使用
C:\Users\XIFENFEI\Downloads\ops_SIMD_win32>ops_sse2 Oracle passwords (DES) solver 0.3 (SSE2) -- Dennis Yurichev <dennis@conus.info> Compiled @ Apr 5 2011 12:13:15 Demo version, supporting only SYS usernames. Usage: ops_sse2.exe --hashlist=filename.txt [--min=min_password_length] [--max=max_password_length] [--first_symbol_charset=characters] [--charset=characters] [--results=filename.txt] hashlist file format : username: hash :comment_or_SID By default, results are dumped to stdout. This can be changed by setting --results option Default values: min_password_length=1 max_password_length=8 first_symbol_charset=ABCDEFGHIJKLMNOPQRSTUVWXYZ charset=ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 #$_ #ops_file.txt内容 SYS:18698BFD1A045BCC:xff C:\Users\XIFENFEI\Downloads\ops_SIMD_win32>ops_sse2 --hashlist=ops_file.txt --min=6 --charset=CDEFNHITX Oracle passwords (DES) solver 0.3 (SSE2) -- Dennis Yurichev <dennis@conus.info> Compiled @ Apr 5 2011 12:13:15 Demo version, supporting only SYS usernames. username=SYS: 1 unsolved hash (es) left Checking 6-symbol passwords for username SYS overall progress= 0% username=SYS: 1 unsolved hash (es) left Checking 7-symbol passwords for username SYS overall progress= 98% / time remaining: time elapsed: 12s, ~ 1160449 passwords /hashes per second username=SYS: 1 unsolved hash (es) left Checking 8-symbol passwords for username SYS overall progress= 91% / time remaining: 8s time elapsed: 1m31s, ~ 1248875 passwords /hashes per second SYS /xff : Found password: XIFENFEI SYS:XIFENFEI:xff |
说明:Demo version只能使用于破解sys用户的密码,而且秘密长度不能超过8.
综合说明的试验,虽然都有缺陷,但是相对而已还是orabf破解更加的给力点转载地址:http://kwmmb.baihongyu.com/