20171228db_link的full_hash_value值的計算
[20171228]db_link的full_hash_value值的計算.txt
SCOTT@book> @ &r/ver1
PORT_STRING VERSION BANNER
------------------------------ -------------- --------------------------------------------------------------------------------
x86_64/Linux 2.4.xx 11.2.0.4.0 Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
grant dba to a identified by a;
connect a/a
CREATE DATABASE LINK A CONNECT TO A IDENTIFIED BY a USING '192.168.100.78/BOOK';
CREATE DATABASE LINK B CONNECT TO A IDENTIFIED BY a USING '192.168.100.78/BOOK';
A@book> select sysdate from dual@a;
SYSDATE
-------------------
2017-12-28 15:10:34
A@book> select sysdate from dual@b;
SYSDATE
-------------------
2017-12-28 15:10:35
SYS@book> SELECT KGLHDNSP ,kglnaown,dump(kglnaown,16) c20 ,kglnaobj,kglnahsv FROM x$kglob where kglhdnsd='DBLINK' and KGLHDNSP=69;
KGLHDNSP KGLNAOWN C20 KGLNAOBJ KGLNAHSV
---------- -------- -------------------- ------------------------------ --------------------------------
69 Typ=1 Len=1: 1 A 81bba48dfce8b02861466f0dcf04e262
69 b Typ=1 Len=1: 62 B 88feaa22ffa6b1db8d2314ba0941360c
69 NULL A ff10282030f73c72c9c594e2f7a54d64
69 b Typ=1 Len=1: 62 A 295be635973bc44911d9f76efb5f521b
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
69 NULL RECO.ORACLE.COM 022bfb39389939832aaa659c3b1dfeba
--//很奇怪KGLNAOWN顯示的是b(小寫).選擇下劃線那行作為crack.
$ echo 295be635973bc44911d9f76efb5f521b | xxd -r -p | od -t x4
0000000 35e65b29 49c43b97 6ef7d911 1b525ffb
0000020
--//拼接 35e65b29 49c43b97 6ef7d911 1b525ffb => 35e65b2949c43b976ef7d9111b525ffb
--//做了各種嘗試,終於破解了,建立字典d.dict
R:\hashcat>cat d.dict
A.b
R:\hashcat>hashcat64 --force -a 6 -m 0 35e65b2949c43b976ef7d9111b525ffb d.dict --hex-charset -1 00 -2 45 ?b?b?b?2?1?1?1
hashcat (v3.00-1-g67a8d97) starting...
OpenCL Platform #1: Advanced Micro Devices, Inc.
================================================
- Device #1: Turks, 766/1024 MB allocatable, 6MCU
- Device #2: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, skipped
WARNING: ADL_Overdrive6_TargetTemperatureData_Get is missing from ADL shared library.
Hashes: 1 hashes; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable Optimizers:
* Zero-Byte
* Precompute-Init
* Precompute-Merkle-Demgard
* Meet-In-The-Middle
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Raw-Hash
Watchdog: Temperature abort trigger disabled
Watchdog: Temperature retain trigger disabled
Cache-hit dictionary stats d.dict: 5 bytes, 1 words, 16777216 keyspace
ATTENTION!
The wordlist or mask you are using is too small.
Therefore, hashcat is unable to utilize the full parallelization power of your device(s).
The cracking speed will drop.
Workaround:
INFO: approaching final keyspace, workload adjusted
35e65b2949c43b976ef7d9111b525ffb:$HEX[412e6200000045000000]
Session.Name...: hashcat
Status.........: Cracked
Input.Left.....: File (d.dict)
Input.Right....: Mask (?b?b?b?2?1?1?1) [7]
Hash.Target....: 35e65b2949c43b976ef7d9111b525ffb
Hash.Type......: MD5
Time.Started...: 0 secs
Speed.Dev.#1...: 39792 H/s (4.03ms)
Recovered......: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.......: 512/16777216 (0.00%)
Rejected.......: 0/512 (0.00%)
Restore.Point..: 0/1 (0.00%)
Started: Fri Dec 29 11:44:45 2017
Stopped: Fri Dec 29 11:44:48 2017
--//A.b後面跟000000然後才是45000000為什麼?驗證其它的情況
SYS@book> SELECT KGLHDNSP ,kglnaown,dump(kglnaown,16) c20 ,kglnaobj,kglnahsv FROM x$kglob where kglhdnsd='DBLINK' and KGLHDNSP=69;
KGLHDNSP KGLNAOWN C20 KGLNAOBJ KGLNAHSV
---------- -------- -------------------- ------------------------------ --------------------------------
69 b Typ=1 Len=1: 62 B 88feaa22ffa6b1db8d2314ba0941360c
69 b Typ=1 Len=1: 62 A 295be635973bc44911d9f76efb5f521b
69 NULL RECO.ORACLE.COM 022bfb39389939832aaa659c3b1dfeba
SYS@book> host echo -e -n 'B.b\0\0\0\x45\0\0\0' | md5sum |sed 's/ -//' | xxd -r -p | od -t x4 | sed -n -e 's/^0000000 //' -e 's/ //gp'
88feaa22ffa6b1db8d2314ba0941360c
--//OK,現在猜對了.
SYS@book> host echo -e -n 'RECO.ORACLE.COM.\0\0\0\0\x45\0\0\0' | md5sum |sed 's/ -//' | xxd -r -p | od -t x4 | sed -n -e 's/^0000000 //' -e 's/ //gp'
022bfb39389939832aaa659c3b1dfeba
--//另外我檢查其它機器視乎每臺機器都有一個RECO.ORACLE.COM的dblink,查詢根本看不到.另外我在另外的機器以相同的使用者a建立dblink.結果如下:
SYS@orclxx> SELECT KGLHDNSP ,kglnaown,dump(kglnaown,16) c20 ,kglnaobj,kglnahsv FROM x$kglob where kglhdnsd='DBLINK' and KGLHDNSP=69;
KGLHDNSP KGLNAOWN C20 KGLNAOBJ KGLNAHSV
-------- -------- -------------------- ------------------------------ --------------------------------
69 d Typ=1 Len=1: 64 B 262a01a31e2f3c4dd721aa85b49864b5
69 NULL B 4be7794722b7dff82d9a726430d0cc1b
69 d Typ=1 Len=1: 64 A 5c35cb76c87322d4c1dcba2539fcfdc0
69 NULL A ff10282030f73c72c9c594e2f7a54d64
69 NULL RECO.ORACLE.COM 022bfb39389939832aaa659c3b1dfeba
--//這裡KGLNAOWN變成了d,不知道為什麼?
SYS@orclxx> host echo -e -n 'B.d\0\0\0\x45\0\0\0' | md5sum |sed 's/ -//' | xxd -r -p | od -t x4 | sed -n -e 's/^0000000 //' -e 's/ //gp'
262a01a31e2f3c4dd721aa85b49864b5
SYS@orclxx> host echo -e -n 'B.\0\0\0\0\x45\0\0\0' | md5sum |sed 's/ -//' | xxd -r -p | od -t x4 | sed -n -e 's/^0000000 //' -e 's/ //gp'
4be7794722b7dff82d9a726430d0cc1b
SYS@orclxx> host echo -e -n 'A.d\0\0\0\x45\0\0\0' | md5sum |sed 's/ -//' | xxd -r -p | od -t x4 | sed -n -e 's/^0000000 //' -e 's/ //gp'
5c35cb76c87322d4c1dcba2539fcfdc0
SYS@orclxx> host echo -e -n 'A.\0\0\0\0\x45\0\0\0' | md5sum |sed 's/ -//' | xxd -r -p | od -t x4 | sed -n -e 's/^0000000 //' -e 's/ //gp'
ff10282030f73c72c9c594e2f7a54d64
--//都能對上了.
--//只有這樣破解最快,其它我機器承受不了.最主要知道加密串的格式:
$ echo -n A.b | xxd -c 16 -g4 |xargs
0000000: 412e62 A.b
R:\hashcat>hashcat64 --potfile-disable --force -a 3 -m 0 35e65b2949c43b976ef7d9111b525ffb --hex-charset -1 45 -2 412e62 -3 00 ?2?2?2?b?b?b?1?3?3?3
hashcat (v3.00-1-g67a8d97) starting...
OpenCL Platform #1: Advanced Micro Devices, Inc.
================================================
- Device #1: Turks, 766/1024 MB allocatable, 6MCU
- Device #2: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, skipped
WARNING: ADL_Overdrive6_TargetTemperatureData_Get is missing from ADL shared library.
Hashes: 1 hashes; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable Optimizers:
* Zero-Byte
* Precompute-Init
* Precompute-Merkle-Demgard
* Meet-In-The-Middle
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
* Raw-Hash
Watchdog: Temperature abort trigger disabled
Watchdog: Temperature retain trigger disabled
ATTENTION!
The wordlist or mask you are using is too small.
Therefore, hashcat is unable to utilize the full parallelization power of your device(s).
The cracking speed will drop.
Workaround:
INFO: approaching final keyspace, workload adjusted
35e65b2949c43b976ef7d9111b525ffb:$HEX[412e6200000045000000]
Session.Name...: hashcat
Status.........: Cracked
Input.Mode.....: Mask (?2?2?2?b?b?b?1?3?3?3) [10]
Hash.Target....: 35e65b2949c43b976ef7d9111b525ffb
Hash.Type......: MD5
Time.Started...: 0 secs
Speed.Dev.#1...: 1368.0 MH/s (8.82ms)
Recovered......: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.......: 452984832/452984832 (100.00%)
Rejected.......: 0/452984832 (0.00%)
Started: Fri Dec 29 12:04:02 2017
Stopped: Fri Dec 29 12:04:04 2017
--//再其它機器做了驗證ok,都是對的.
總結:
1.主要是hashcat工具不熟悉,浪費許多時間在crack.特點是使用字典+mask的方式
2.沒有想到中間的?b?b?b模式.
3.沒有想到在x$kglob的欄位KGLNAOWN不是建立的owner.不知道oracle為什麼這樣設定,
這樣保證每個dblink獨一無二嗎?
4.昨天晚上一直想,是否有必要繼續crack,本來心裡想不再在上面浪費時間.
5.V$DB_OBJECT_CACHE type='INDEX'的問題,連結:http://blog.itpub.net/267265/viewspace-2149479/
6.感覺最大的收穫不是如何破解,而是理解namespace概念.
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/267265/viewspace-2149494/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- [20171227]表的FULL_HASH_VALUE值的計算
- [20171227]表的FULL_HASH_VALUE值的計算2
- [20171231]oracle full_hash_value如何計算的總結Oracle
- (高階)繼承的值與計算的值繼承
- 已計算的關鍵值和限制的關鍵值
- 樹,計算父節點的值
- 36:計算多項式的值
- 簡單的計算最值的MapReduce程式
- 平行計算π值
- 數值計算的可靠性(一)
- 數值計算的可靠性(二)
- 數值計算的可靠性(三)
- 【DA】z檢驗p值的計算
- 雲端計算專業技能的價值
- Octave 數值計算
- greenplum分佈鍵的hash值計算分析
- [20180914]oracle 12c 表 full_hash_value如何計算.txtOracle
- 數值計算 插值與擬合
- 你所不知道的大資料、雲端計算,以及無法計算的價值大資料
- 33:計算分數加減表示式的值
- 如何計算MySQL QPS和TPS的值MySql
- 用c++實現淨現值的計算C++
- 數值計算基礎
- 使用 Python 計算 π 值Python
- python 計算 sin 值Python
- 【數值計算方法】線性方程組的迭代解法-數值實驗
- 【數值計算方法】數值積分&微分
- 【計算機演算法】 求字首表示式的值計算機演算法
- 陣列操作,計算組元素的極值函式陣列函式
- 計算機程式的思維邏輯 (2) :賦值計算機賦值
- 計算PI值到一億位的演算法 (轉)演算法
- 圖解計算機中的數值範圍和浮點運算圖解計算機
- python計算對數值Python
- 從寵物到牛:雲端計算技能價值的變化
- C#——Dictionary<TKey, TValue> 計算向量的餘弦值C#
- 使用AWK計算某一列的所有數值和
- js計算線性漸變的中間顏色值JS
- 計算int變數中攸多少bit的值是1變數