使用ORABF暴力破解用户密码
2013-11-20 21:24
1636 查看
ORABF是一款暴力破解oracle用户密码的软件,使用方法如下:
orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------
usage: orabf [hash]:[username] [options]
options:
-c [num] complexity: a number in [1..6] or a filename
- read words from stdin
[file] read words from file
1 numbers
2 alpha
3 alphanum
4 standard oracle (alpha)(alpha,num,_,#,$)... (default)
5 entire keyspace (' '..'~')
6 custom (charset read from first line of file: charset.orabf)
-m [num] max pwd len: must be in the interval [1..14] (default: 14)
-n [num] min pwd len: must be in the interval [1..14] (default: 1)
-r resume: tries to resume a previous session
示例:
首先查询DBA_USERS视图获取用户名称和加密后的密码。在11g下,dba_users视图下的password为空,此时,可以使用user$
SQL> select name,password from user$ where name='EASY';
NAME PASSWORD
------------------------------ ------------------------------
EASY 14707135C9262A03
然后,我们使用orabf破解
[easy@easy orabf-v0[1].7.6]$ wine orabf.exe 14707135C9262A03:easy -c 2
orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------
Trying default passwords...
password found: EASY:EASY
换一个复杂一些的密码:
SQL> conn easy/easy
已连接。
SQL> alter user easy identified by wsngd;
用户已更改。
SQL> conn / as sysdba
已连接。
SQL> select name,password from user$ where name='EASY';
NAME PASSWORD
------------------------------ ------------------------------
EASY 8C2E5A3EDFC66102
[easy@easy orabf-v0[1].7.6]$ wine orabf.exe 8C2E5A3EDFC66102:easy -c 2
orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------
Trying default passwords...warning: couldn't open default.txt...done
Starting brute force session using charset:
ABCDEFGHIJKLMNOPQRSTUVWXYZ
press 'q' to quit. any other key to see status
password found: EASY:WSNGD
10854042 passwords tried. elapsed time 00:00:12. t/s:877149
速度还是比较快的
orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------
usage: orabf [hash]:[username] [options]
options:
-c [num] complexity: a number in [1..6] or a filename
- read words from stdin
[file] read words from file
1 numbers
2 alpha
3 alphanum
4 standard oracle (alpha)(alpha,num,_,#,$)... (default)
5 entire keyspace (' '..'~')
6 custom (charset read from first line of file: charset.orabf)
-m [num] max pwd len: must be in the interval [1..14] (default: 14)
-n [num] min pwd len: must be in the interval [1..14] (default: 1)
-r resume: tries to resume a previous session
示例:
首先查询DBA_USERS视图获取用户名称和加密后的密码。在11g下,dba_users视图下的password为空,此时,可以使用user$
SQL> select name,password from user$ where name='EASY';
NAME PASSWORD
------------------------------ ------------------------------
EASY 14707135C9262A03
然后,我们使用orabf破解
[easy@easy orabf-v0[1].7.6]$ wine orabf.exe 14707135C9262A03:easy -c 2
orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------
Trying default passwords...
password found: EASY:EASY
换一个复杂一些的密码:
SQL> conn easy/easy
已连接。
SQL> alter user easy identified by wsngd;
用户已更改。
SQL> conn / as sysdba
已连接。
SQL> select name,password from user$ where name='EASY';
NAME PASSWORD
------------------------------ ------------------------------
EASY 8C2E5A3EDFC66102
[easy@easy orabf-v0[1].7.6]$ wine orabf.exe 8C2E5A3EDFC66102:easy -c 2
orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------
Trying default passwords...warning: couldn't open default.txt...done
Starting brute force session using charset:
ABCDEFGHIJKLMNOPQRSTUVWXYZ
press 'q' to quit. any other key to see status
password found: EASY:WSNGD
10854042 passwords tried. elapsed time 00:00:12. t/s:877149
速度还是比较快的
相关文章推荐
- linux暴力密码破解工具hydra安装与使用
- 使用BackTrack4破解Windows用户密码
- acccheck ----- 破解使用SMB协议的Windows用户密码
- python+pxssh+ssh用户密码暴力破解
- 使用 fail2ban 防止暴力破解 ssh 及 vsftpd 密码
- 警惕黑客使用Lion系统漏洞破解和修改用户登陆密码
- linux暴力密码破解工具hydra安装与使用
- 使用Ftplib暴力破解FTP用户口令
- Linux下的暴力密码在线破解工具Hydra安装及其组件安装-使用
- 警惕黑客使用Lion系统漏洞破解和修改用户登陆密码
- 防暴力破解SSH/FTP/SMTP用户密码----fail2ban操作实务
- 警惕黑客使用Lion系统漏洞破解和修改用户登陆密码
- root用户密码暴力破解
- 使用john弱口令检测破解用户密码步骤
- Linux安全1-用户密码被暴力破解
- CUDA—使用GPU暴力破解密码
- Debian vps使用DenyHosts防止SSH密码暴力破解
- 使用Saminside+Ophcrack破解本地用户密码
- python---ftplib,ftp使用,ftp破解用户与密码,ftp服务器查找web页面
- linux认证:ASP提权暴力破解MSSQL用户密码