数据库中oracle 密码破解之工具篇
2012-10-24 10:28
363 查看
数据库中oracle 密码破解之工具篇
忘记了oracle密码,可以使用orapwd 初始化sys密码;然后再修改其他帐户密码,还有就是破解。
工具下载和破解速度对比见下面的连接:多数还是基于字典的破解,复杂些的密码还是比较难以破解的。推荐两个破解工具 checkpwd.exe 和 orabf.exe http://www.red-database-security.com/whitepaper/oracle_password_cracker.html 1、checkpwd.exe
D:oracle_checkpwd>checkpwd.exe sysman/oracle default_passwords.txt
Checkpwd 1.23 [Win] - (c) 2005-2007 by Red-Database-Security GmbH
Oracle Security Consulting, Security Audits & Security Trainings http://www.red-database-security.com initializing Oracle client library
connecting to the database
retrieving users and password hash values
disconnecting from the database
opening weak password list file
reading weak passwords list
checking passwords
Starting 4 threads
TEST2 has weak password ORACLE [OPEN]
ORACLEDBA has weak password ORACLE [OPEN]
SCOTT has weak password ORACLE [OPEN]
ORACLE has weak password ORACLE [OPEN]
TSMSYS has weak password TSMSYS [EXPIRED & LOCKED]
PM has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
MDDATA has weak password MDDATA [EXPIRED & LOCKED]
BI has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
IX has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
DIP has weak password DIP [EXPIRED & LOCKED]
OE has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
SH has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
HR has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
SYSMAN has weak password ORACLE [OPEN]
MDSYS has weak password MDSYS [EXPIRED & LOCKED]
DBSNMP has weak password ORACLE [OPEN]
ORDSYS has weak password ORDSYS [EXPIRED & LOCKED]
DMSYS has weak password DMSYS [EXPIRED & LOCKED]
WMSYS has weak password WMSYS [EXPIRED & LOCKED]
EXFSYS has weak password EXFSYS [EXPIRED & LOCKED]
CTXSYS has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
XDB has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
ORDPLUGINS has weak password ORDPLUGINS [EXPIRED & LOCKED]
ANONYMOUS OK [EXPIRED & LOCKED]
SI_INFORMTN_SCHEMA OK [EXPIRED & LOCKED]
SYS has weak password ORACLE [OPEN]
OLAPSYS has weak password MANAGER [EXPIRED & LOCKED]
MGMT_VIEW OK [OPEN]
SYSTEM has weak password ORACLE [OPEN]
OUTLN has weak password OUTLN [EXPIRED & LOCKED]
Done. Summary:
Passwords checked : 3574
Weak passwords found : 27
Elapsed time (min:sec) : 0:02
Passwords / second : 1787
D:oracle_checkpwd>
2、ORABAF.EXE
首先找到用户oracle的密码的hash值38E38619A12E0257,dba_users
SQL> alter user oracle identified by oracle;
用户已更改。
SQL> select password from dba_users where username='ORACLE';
PASSWORD
------------------------------
38E38619A12E0257
SQL>
D:orabf-v0.7.6>orabf.exe
orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------
usage: orabf [hash]:[username] [options]
options:
-c [num] complexity: a number in [1..6] or a filename
- read words from stdin
[file] read words from file
1 numbers
2 alpha
3 alphanum
4 standard oracle (alpha)(alpha,num,_,#,$)... (default)
5 entire keyspace (' '..'~')
6 custom (charset read from first line of file: charset.orabf)
-m [num] max pwd len: must be in the interval [1..14] (default: 14)
-n [num] min pwd len: must be in the interval [1..14] (default: 1)
-r resume: tries to resume a previous session
D:orabf-v0.7.6>orabf.exe 38E38619A12E0257:oracle -c 6
orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------
Trying default passwords...
password found: ORACLE:ORACLE
D:orabf-v0.7.6>
修改密码后再测试
SQL> alter user oracle identified by oracle123;
用户已更改。
SQL>
SQL> select password from dba_users where username='ORACLE';
PASSWORD
------------------------------
B1BA9ED1B2B824CC
SQL>
D:orabf-v0.7.6>orabf.exe B1BA9ED1B2B824CC:oracle -c 6
orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------
Trying default passwords...
password found: ORACLE:ORACLE123
D:orabf-v0.7.6>orabf.exe B1BA9ED1B2B824CC:oracle -c 3
orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------
Trying default passwords...
password found: ORACLE:ORACLE123
D:orabf-v0.7.6
忘记了oracle密码,可以使用orapwd 初始化sys密码;然后再修改其他帐户密码,还有就是破解。
工具下载和破解速度对比见下面的连接:多数还是基于字典的破解,复杂些的密码还是比较难以破解的。推荐两个破解工具 checkpwd.exe 和 orabf.exe http://www.red-database-security.com/whitepaper/oracle_password_cracker.html 1、checkpwd.exe
D:oracle_checkpwd>checkpwd.exe sysman/oracle default_passwords.txt
Checkpwd 1.23 [Win] - (c) 2005-2007 by Red-Database-Security GmbH
Oracle Security Consulting, Security Audits & Security Trainings http://www.red-database-security.com initializing Oracle client library
connecting to the database
retrieving users and password hash values
disconnecting from the database
opening weak password list file
reading weak passwords list
checking passwords
Starting 4 threads
TEST2 has weak password ORACLE [OPEN]
ORACLEDBA has weak password ORACLE [OPEN]
SCOTT has weak password ORACLE [OPEN]
ORACLE has weak password ORACLE [OPEN]
TSMSYS has weak password TSMSYS [EXPIRED & LOCKED]
PM has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
MDDATA has weak password MDDATA [EXPIRED & LOCKED]
BI has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
IX has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
DIP has weak password DIP [EXPIRED & LOCKED]
OE has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
SH has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
HR has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
SYSMAN has weak password ORACLE [OPEN]
MDSYS has weak password MDSYS [EXPIRED & LOCKED]
DBSNMP has weak password ORACLE [OPEN]
ORDSYS has weak password ORDSYS [EXPIRED & LOCKED]
DMSYS has weak password DMSYS [EXPIRED & LOCKED]
WMSYS has weak password WMSYS [EXPIRED & LOCKED]
EXFSYS has weak password EXFSYS [EXPIRED & LOCKED]
CTXSYS has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
XDB has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
ORDPLUGINS has weak password ORDPLUGINS [EXPIRED & LOCKED]
ANONYMOUS OK [EXPIRED & LOCKED]
SI_INFORMTN_SCHEMA OK [EXPIRED & LOCKED]
SYS has weak password ORACLE [OPEN]
OLAPSYS has weak password MANAGER [EXPIRED & LOCKED]
MGMT_VIEW OK [OPEN]
SYSTEM has weak password ORACLE [OPEN]
OUTLN has weak password OUTLN [EXPIRED & LOCKED]
Done. Summary:
Passwords checked : 3574
Weak passwords found : 27
Elapsed time (min:sec) : 0:02
Passwords / second : 1787
D:oracle_checkpwd>
2、ORABAF.EXE
首先找到用户oracle的密码的hash值38E38619A12E0257,dba_users
SQL> alter user oracle identified by oracle;
用户已更改。
SQL> select password from dba_users where username='ORACLE';
PASSWORD
------------------------------
38E38619A12E0257
SQL>
D:orabf-v0.7.6>orabf.exe
orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------
usage: orabf [hash]:[username] [options]
options:
-c [num] complexity: a number in [1..6] or a filename
- read words from stdin
[file] read words from file
1 numbers
2 alpha
3 alphanum
4 standard oracle (alpha)(alpha,num,_,#,$)... (default)
5 entire keyspace (' '..'~')
6 custom (charset read from first line of file: charset.orabf)
-m [num] max pwd len: must be in the interval [1..14] (default: 14)
-n [num] min pwd len: must be in the interval [1..14] (default: 1)
-r resume: tries to resume a previous session
D:orabf-v0.7.6>orabf.exe 38E38619A12E0257:oracle -c 6
orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------
Trying default passwords...
password found: ORACLE:ORACLE
D:orabf-v0.7.6>
修改密码后再测试
SQL> alter user oracle identified by oracle123;
用户已更改。
SQL>
SQL> select password from dba_users where username='ORACLE';
PASSWORD
------------------------------
B1BA9ED1B2B824CC
SQL>
D:orabf-v0.7.6>orabf.exe B1BA9ED1B2B824CC:oracle -c 6
orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------
Trying default passwords...
password found: ORACLE:ORACLE123
D:orabf-v0.7.6>orabf.exe B1BA9ED1B2B824CC:oracle -c 3
orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------
Trying default passwords...
password found: ORACLE:ORACLE123
D:orabf-v0.7.6
相关文章推荐
- Oracle 密码破解易如反掌 ?Oracle 密码破解易如反掌 ?
- Linux下安装Metasploit破解Oracle登录用户名密码
- 数据库迁移工具Navicat Premium之OracleToMysql
- 破解EBS R12应用和数据库用户密码
- 破解Oracle ERP 密码
- SQL Server2005+、MySQL、Oracle 数据库字典生成工具
- WINRAR密码去除/破解工具
- ORACLE 忘记数据库密码
- oracle 9i、10g、11g数据库设置listener密码的方法
- 无线密码破解免费工具coWPAtty
- oracle 11g数据库用户密码180天自动过期调整
- 在没有任何工具下破解开机密码(转)
- 密码哈希破解工具-Hash Kracker V1.0
- ORACLE 忘记数据库密码
- Oracle 数据库连接工具
- python编写暴力破解FTP密码小工具
- 破解weblogic(数据库)密码
- ssh medusa 2.0 – linux下的经典密码破解工具
- oracle 数据库忘记密码怎么办
- 破解Oracle ERP 密码