數據庫中oracle 密碼破解之工具篇

數據庫中oracle 密碼破解之工具篇

忘記了oracle密碼，可以使用orapwd 初始化sys密碼；然后再修改其他帳戶(hù)密碼，還有就是破解。

工具下載和破解速度對比見(jiàn)下面的連接：多數還是基于字典的破解，復雜些的密碼還是比較難以破解的。推薦兩個(gè)破解工具 checkpwd.exe 和 orabf.exe

http://www.red-database-security.com/whitepaper/oracle_password_cracker.html

1、checkpwd.exe

D:oracle_checkpwd>checkpwd.exe sysman/oracle default_passwords.txt
Checkpwd 1.23 [Win] - (c) 2005-2007 by Red-Database-Security GmbH
Oracle Security Consulting, Security Audits & Security Trainings
http://www.red-database-security.com

initializing Oracle client library
connecting to the database
retrieving users and password hash values
disconnecting from the database
opening weak password list file
reading weak passwords list
checking passwords
Starting 4 threads
TEST2 has weak password ORACLE [OPEN]
ORACLEDBA has weak password ORACLE [OPEN]
SCOTT has weak password ORACLE [OPEN]
ORACLE has weak password ORACLE [OPEN]
TSMSYS has weak password TSMSYS [EXPIRED & LOCKED]
PM has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
MDDATA has weak password MDDATA [EXPIRED & LOCKED]
BI has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
IX has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
DIP has weak password DIP [EXPIRED & LOCKED]
OE has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
SH has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
HR has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
SYSMAN has weak password ORACLE [OPEN]
MDSYS has weak password MDSYS [EXPIRED & LOCKED]
DBSNMP has weak password ORACLE [OPEN]
ORDSYS has weak password ORDSYS [EXPIRED & LOCKED]
DMSYS has weak password DMSYS [EXPIRED & LOCKED]
WMSYS has weak password WMSYS [EXPIRED & LOCKED]
EXFSYS has weak password EXFSYS [EXPIRED & LOCKED]
CTXSYS has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
XDB has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
ORDPLUGINS has weak password ORDPLUGINS [EXPIRED & LOCKED]
ANONYMOUS OK [EXPIRED & LOCKED]
SI_INFORMTN_SCHEMA OK [EXPIRED & LOCKED]
SYS has weak password ORACLE [OPEN]
OLAPSYS has weak password MANAGER [EXPIRED & LOCKED]
MGMT_VIEW OK [OPEN]
SYSTEM has weak password ORACLE [OPEN]
OUTLN has weak password OUTLN [EXPIRED & LOCKED]

Done. Summary:
Passwords checked : 3574
Weak passwords found : 27
Elapsed time (min:sec) : 0:02
Passwords / second : 1787

D:oracle_checkpwd>

2、ORABAF.EXE

首先找到用戶(hù)oracle的密碼的hash值38E38619A12E0257，dba_users

SQL> alter user oracle identified by oracle;

用戶(hù)已更改。

SQL> select password from dba_users where username='ORACLE';

PASSWORD
------------------------------
38E38619A12E0257

SQL>

D:orabf-v0.7.6>orabf.exe

orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------

usage: orabf [hash]:[username] [options]

options:
-c [num] complexity: a number in [1..6] or a filename
- read words from stdin
[file] read words from file
1 numbers
2 alpha
3 alphanum
4 standard oracle (alpha)(alpha,num,_,#,$)... (default)
5 entire keyspace (' '..'~')
6 custom (charset read from first line of file: charset.orabf)
-m [num] max pwd len: must be in the interval [1..14] (default: 14)
-n [num] min pwd len: must be in the interval [1..14] (default: 1)
-r resume: tries to resume a previous session

D:orabf-v0.7.6>orabf.exe 38E38619A12E0257:oracle -c 6

orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------
Trying default passwords...
password found: ORACLE:ORACLE

D:orabf-v0.7.6>

修改密碼后再測試

SQL> alter user oracle identified by oracle123;

用戶(hù)已更改。

SQL>
SQL> select password from dba_users where username='ORACLE';

PASSWORD
------------------------------
B1BA9ED1B2B824CC

SQL>

D:orabf-v0.7.6>orabf.exe B1BA9ED1B2B824CC:oracle -c 6

orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------
Trying default passwords...
password found: ORACLE:ORACLE123

D:orabf-v0.7.6>orabf.exe B1BA9ED1B2B824CC:oracle -c 3

orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------
Trying default passwords...
password found: ORACLE:ORACLE123

D:orabf-v0.7.6>
 

文章來(lái)源于領(lǐng)測軟件測試網(wǎng) http://kjueaiud.com/

TAG: oracle Oracle ORACLE 工具 密碼 破解 數據庫