使用ORABF暴力破解用户密码

ORABF是一款暴力破解oracle用户密码的软件，使用方法如下：

orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------

usage: orabf [hash]:[username] [options]

options:
-c [num] complexity: a number in [1..6] or a filename
- read words from stdin
[file] read words from file
1 numbers
2 alpha
3 alphanum
4 standard oracle (alpha)(alpha,num,_,#,$)... (default)
5 entire keyspace (' '..'~')
6 custom (charset read from first line of file: charset.orabf)
-m [num] max pwd len: must be in the interval [1..14] (default: 14)
-n [num] min pwd len: must be in the interval [1..14] (default: 1)
-r resume: tries to resume a previous session


示例：
首先查询DBA_USERS视图获取用户名称和加密后的密码。在11g下，dba_users视图下的password为空，此时，可以使用user$

SQL> select name,password from user$ where name='EASY';

NAME PASSWORD
------------------------------ ------------------------------
EASY 14707135C9262A03


然后，我们使用orabf破解
[easy@easy orabf-v0[1].7.6]$ wine orabf.exe 14707135C9262A03:easy -c 2

orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------
Trying default passwords...
password found: EASY:EASY


换一个复杂一些的密码：
SQL> conn easy/easy
已连接。
SQL> alter user easy identified by wsngd;

用户已更改。

SQL> conn / as sysdba
已连接。
SQL> select name,password from user$ where name='EASY';

NAME PASSWORD
------------------------------ ------------------------------
EASY 8C2E5A3EDFC66102

[easy@easy orabf-v0[1].7.6]$ wine orabf.exe 8C2E5A3EDFC66102:easy -c 2

orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------
Trying default passwords...warning: couldn't open default.txt...done

Starting brute force session using charset:
ABCDEFGHIJKLMNOPQRSTUVWXYZ

press 'q' to quit. any other key to see status

password found: EASY:WSNGD

10854042 passwords tried. elapsed time 00:00:12. t/s:877149


速度还是比较快的