oracle10g密码不对,案例:使用user$表猜测试数据库用户密码 Oracle 10g绕过密码登陆数据库...

天萃荷净

Oracle10G使用user$表猜测试数据库用户密码，绕过密码登陆数据库过程

1.查询Oracle数据库版本

SQL> select * from v$version;

BANNER

----------------------------------------------------------------

Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Prod

PL/SQL Release 10.2.0.4.0 - Production

CORE 10.2.0.4.0 Production

TNS for Linux: Version 10.2.0.4.0 - Production

NLSRTL Version 10.2.0.4.0 - Production

2.user$表Oracle 10g密码加密猜测

user$表中的password=hash(user||password)

SQL> create user xff identified by oracleplus;

User created.

SQL> create user xf identified by foracleplus;

User created.

SQL> select name,password from user$ where name in('XF','XFF');

NAME PASSWORD

------------------------------ ------------------------------

XF 1B60F4BFF1DAB500

XFF 1B60F4BFF1DAB500

3.通过修改user$.password饶过oracle密码登陆

--创建两个可以登陆用户

SQL> grant connect to ab identified by oracleplus;

Grant succeeded.

SQL> grant connect to abc identified by oracleplus;

Grant succeeded.

--查看用户名和password内容

SQL> select user#,name,password from user$ where name in ('AB','ABC');

USER# NAME PASSWORD

---------- ------------------------------ ------------------------------

63 AB 7AF07A2EFB054758

64 ABC 40C0E6EE497444B7

--修改ab用户的password内容和abc相同，即ab用户对应的密码应该为coracleplus

SQL> update user$ set password='40C0E6EE497444B7' where user#=63;

1 row updated.

SQL> commit;

Commit complete.

SQL> select user#,name,password from user$ where name in ('AB','ABC');

USER# NAME PASSWORD

---------- ------------------------------ ------------------------------

63 AB 40C0E6EE497444B7

64 ABC 40C0E6EE497444B7

--修改后登陆失败

SQL> conn ab/coracleplus

ERROR:

ORA-01017: 用户名/口令无效; 登录被拒绝

Warning: You are no longer connected to ORACLE.

SQL> conn / as sysdba

Connected.

--ab的user$.password被重设为原先值

SQL> select user#,name,password from user$ where name in ('AB','ABC');

USER# NAME PASSWORD

---------- ------------------------------ ------------------------------

63 AB 7AF07A2EFB054758

64 ABC 40C0E6EE497444B7

SQL> update user$ set password='40C0E6EE497444B7' where user#=63;

1 row updated.

SQL> commit;

Commit complete.

SQL> select user#,name,password from user$ where name in ('AB','ABC');

USER# NAME PASSWORD

---------- ------------------------------ ------------------------------

63 AB 40C0E6EE497444B7

64 ABC 40C0E6EE497444B7

--刷新databuffer和shared_pool

SQL> alter system flush buffer_cache ;

System altered.

SQL> alter system flush shared_buffer;

alter system flush shared_buffer

*

ERROR at line 1:

ORA-02000: missing SHARED_POOL/BUFFER_CACHE/GLOBAL CONTEXT keyword

SQL> alter system flush shared_pool;

System altered.

--修改ab的密码为coracleplus成功

SQL> conn ab/coracleplus

Connected.

SQL> show user;

USER is "AB"

3.绕过密码登陆数据库方法

1)建立一个和你需要登陆用户相似用户(一般是末尾多一个或者几个字符)

2)查询建立用户的user$.password，并修改你需要的用户的password

3)刷新data buffer和shared pool

4)使用你建立的用户多出在字符串+你建立用户的密码登陆你需要登陆用户

--------------------------------------ORACLE-DBA----------------------------------------

最权威、专业的Oracle案例资源汇总之案例:使用user$表猜测试数据库用户密码 Oracle 10g绕过密码登陆数据库