联系:手机/微信(+86 17813235971) QQ(107644445)
作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]
一、验证不能通过修改用户的password实现登录不知道密码的用户
[oracle@node1 ~]$ sqlplus / as sysdba SQL*Plus: Release 11.2.0.3.0 Production on Mon Nov 7 12:22:46 2011 Copyright (c) 1982, 2011, Oracle. All rights reserved. Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production With the Partitioning, Oracle Label Security, OLAP, Data Mining, Oracle Database Vault and Real Application Testing options SQL> grant create session to xff identified by xifenfei; Grant succeeded. SQL> conn xff/xifenfei Connected. SQL> conn / as sysdba Connected. SQL> grant create session to chf identified by xifenfei; Grant succeeded. SQL> conn chf/xifenfei Connected. SQL> conn / as sysdba Connected. SQL> desc user$ Name Null? Type ----------------------------------------- -------- ---------------------------- USER# NOT NULL NUMBER NAME NOT NULL VARCHAR2(30) TYPE# NOT NULL NUMBER PASSWORD VARCHAR2(30) DATATS# NOT NULL NUMBER TEMPTS# NOT NULL NUMBER CTIME NOT NULL DATE PTIME DATE EXPTIME DATE LTIME DATE RESOURCE$ NOT NULL NUMBER AUDIT$ VARCHAR2(38) DEFROLE NOT NULL NUMBER DEFGRP# NUMBER DEFGRP_SEQ# NUMBER ASTATUS NOT NULL NUMBER LCOUNT NOT NULL NUMBER DEFSCHCLASS VARCHAR2(30) EXT_USERNAME VARCHAR2(4000) SPARE1 NUMBER SPARE2 NUMBER SPARE3 NUMBER SPARE4 VARCHAR2(1000) SPARE5 VARCHAR2(1000) SPARE6 DATE SQL> select name,password from user$ where name in('XFF','CHF'); NAME PASSWORD ------------------------------ ------------------------------ CHF F3CF2F0CB35CB6CA XFF 1B60F4BFF1DAB500 SQL> alter user xff identified by values 'F3CF2F0CB35CB6CA'; User altered. SQL> select name,password from user$ where name in('XFF','CHF'); NAME PASSWORD ------------------------------ ------------------------------ CHF F3CF2F0CB35CB6CA XFF F3CF2F0CB35CB6CA SQL> conn xff/xifenfei ERROR: ORA-01017: 用户名/口令无效; 登录被拒绝 Warning: You are no longer connected to ORACLE. SQL> conn chf/xifenfei Connected. SQL> conn / as sysdba Connected. SQL> alter user xff identified by values '1B60F4BFF1DAB500'; User altered. SQL> conn xff/xifenfei Connected.
注:这个实验使用11g证明,其实10g也是同样的结果;在oracle 9i中可以通过修改password的values值实现登录
二、使用orabf破解数据库密码
1、修改数据库密码
SQL> conn / as sysdba Connected. SQL> alter user xff identified by xff01; User altered. SQL> alter user chf identified by chf00; User altered. SQL> select name,password from user$ where name in('XFF','CHF'); NAME PASSWORD ------------------------------ ------------------------------ CHF 05BD6F8AB28BD8CA XFF A51B3879056B3DDD
2、orabf使用
C:\Users\XIFENFEI\Downloads\orabf-v0.7.6>orabf orabf v0.7.6, (C)2005 orm@toolcrypt.org --------------------------------------- usage: orabf [hash]:[username] [options] options: -c [num] complexity: a number in [1..6] or a filename - read words from stdin [file] read words from file 1 numbers 2 alpha 3 alphanum 4 standard oracle (alpha)(alpha,num,_,#,$)... (default) 5 entire keyspace (' '..'~') 6 custom (charset read from first line of file: charset.orabf) -m [num] max pwd len: must be in the interval [1..14] (default: 14) -n [num] min pwd len: must be in the interval [1..14] (default: 1) -r resume: tries to resume a previous session C:\Users\XIFENFEI\Downloads\orabf-v0.7.6>orabf A51B3879056B3DDD:XFF orabf v0.7.6, (C)2005 orm@toolcrypt.org --------------------------------------- Trying default passwords...done Starting brute force session using charset: #$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_ press 'q' to quit. any other key to see status current password: D9X50 9229361 passwords tried. elapsed time 00:00:13. t/s:697938 current password: HI0QJ 18967617 passwords tried. elapsed time 00:00:27. t/s:698403 current password: OB#QD 34743632 passwords tried. elapsed time 00:00:49. t/s:698844 password found: XFF:XFF01 55826385 passwords tried. elapsed time 00:01:19. t/s:704047 C:\Users\XIFENFEI\Downloads\orabf-v0.7.6>orabf 05BD6F8AB28BD8CA:CHF -c 3 -n 4 -m 6 orabf v0.7.6, (C)2005 orm@toolcrypt.org --------------------------------------- Trying default passwords...done Starting brute force session using charset: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ press 'q' to quit. any other key to see status password found: CHF:CHF00 22647601 passwords tried. elapsed time 00:00:31. t/s:719113
说明:-c 6不能正常运行,不清楚是不是因为我的win 7系统原因导致
三、使用ops_sse2破解数据库密码
1、sys用户的password
SQL> select password from user$ where name='SYS'; PASSWORD ------------------------------ 18698BFD1A045BCC
2、ops_sse2使用
C:\Users\XIFENFEI\Downloads\ops_SIMD_win32>ops_sse2 Oracle passwords (DES) solver 0.3 (SSE2) -- Dennis Yurichev <dennis@conus.info> Compiled @ Apr 5 2011 12:13:15 Demo version, supporting only SYS usernames. Usage: ops_sse2.exe --hashlist=filename.txt [--min=min_password_length] [--max=max_password_length] [--first_symbol_charset=characters] [--charset=characters] [--results=filename.txt] hashlist file format: username:hash:comment_or_SID By default, results are dumped to stdout. This can be changed by setting --results option Default values: min_password_length=1 max_password_length=8 first_symbol_charset=ABCDEFGHIJKLMNOPQRSTUVWXYZ charset=ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789#$_ #ops_file.txt内容 SYS:18698BFD1A045BCC:xff C:\Users\XIFENFEI\Downloads\ops_SIMD_win32>ops_sse2 --hashlist=ops_file.txt --min=6 --charset=CDEFNHITX Oracle passwords (DES) solver 0.3 (SSE2) -- Dennis Yurichev <dennis@conus.info> Compiled @ Apr 5 2011 12:13:15 Demo version, supporting only SYS usernames. username=SYS: 1 unsolved hash(es) left Checking 6-symbol passwords for username SYS overall progress= 0% username=SYS: 1 unsolved hash(es) left Checking 7-symbol passwords for username SYS overall progress= 98% / time remaining: time elapsed: 12s, ~ 1160449 passwords/hashes per second username=SYS: 1 unsolved hash(es) left Checking 8-symbol passwords for username SYS overall progress= 91% / time remaining: 8s time elapsed: 1m31s, ~ 1248875 passwords/hashes per second SYS/xff: Found password: XIFENFEI SYS:XIFENFEI:xff
说明:Demo version只能使用于破解sys用户的密码,而且秘密长度不能超过8.
综合说明的试验,虽然都有缺陷,但是相对而已还是orabf破解更加的给力点
orabf-v0.7.6下载
ops_SIMD_win32
ops_SIMD_linux86
《暴力破解Oracle数据库密码》有 1 条评论