〖Environment(环境)〗
OS:Windows XP
DB:ORACLE 10G
TOOL: Checkpwd
〖Cause(原理) 〗
Checkpwd也是一款基于数据字典破解ORACLE密码的工具。它也能破解SYS的密码。不过,如果密码的长度超过2位,它好像就不能破解(内置用户的默认密码除外)。可以使用这个工具校验ORACLE账户密码的安全性。
下面的例子将把下载的Checkpwd解压到 C:\oracle_checkpwd_big
〖Action(方法) 〗
破解案例一:破解普通用户
Step01:创建测试用户 u1
SQL> create user u1 identified by u1;
用户已创建。
SQL>
用户的密码也是u1
Step02:得到用户的加密密码
本例中的参数解释:
checkpwd 破解命令
system/wy 用户名/密码
192.168.1.116:1521 数据库服务器的IP地址和端口号
NBO 实例名
password_fi.txt 口令文件,从解压文件中解压出来的
开始破解………………….
C:\oracle_checkpwd_big>checkpwd system/wy@//192.168.1.116:1521/NBO password_fi
.txt
Checkpwd 1.23 [Win] - (c) 2005-2007 by Red-Database-Security GmbH
Oracle Security Consulting, Security Audits & Security Trainings
http://www.red-database-security.com
initializing Oracle client library
connecting to the database
retrieving users and password hash values
disconnecting from the database
opening weak password list file
reading weak passwords list
checking passwords
Starting 1 threads
SYS has weak password KK [OPEN]
SYSTEM has weak password WY [OPEN]
U2 OK [OPEN]
U1 has weak password U1 [OPEN]
OUTLN has weak password OUTLN [EXPIRED & LOCKED]
MGMT_VIEW OK [EXPIRED & LOCKED]
MDSYS has weak password MDSYS [EXPIRED & LOCKED]
ORDSYS has weak password ORDSYS [EXPIRED & LOCKED]
CTXSYS has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
ANONYMOUS OK [EXPIRED & LOCKED]
EXFSYS has weak password EXFSYS [EXPIRED & LOCKED]
DMSYS has weak password DMSYS [EXPIRED & LOCKED]
DBSNMP has weak password DBSNMP [EXPIRED & LOCKED]
WMSYS has weak password WMSYS [EXPIRED & LOCKED]
SYSMAN has weak password SYSMAN [EXPIRED & LOCKED]
XDB has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
ORDPLUGINS has weak password ORDPLUGINS [EXPIRED & LOCKED]
SI_INFORMTN_SCHEMA OK [EXPIRED & LOCKED]
OLAPSYS has weak password MANAGER [EXPIRED & LOCKED]
MDDATA has weak password MDDATA [EXPIRED & LOCKED]
DIP has weak password DIP [EXPIRED & LOCKED]
SCOTT has weak password TIGER [EXPIRED & LOCKED]
TSMSYS has weak password TSMSYS [EXPIRED & LOCKED]
Done. Summary:
Passwords checked : 8395247
Weak passwords found : 19
Elapsed time (min:sec) : 0:58
Passwords / second : 144746
C:\oracle_checkpwd_big>
破解出:
U1的密码是U1
SYS的密码是KK
SYSTEM的密码是WY
注:好像破解不了长度大于2位的密码
----注:若有转载,请注明出处!!
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/13804621/viewspace-368842/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/13804621/viewspace-368842/