oracle密碼破解工具對比及下載

忘記了oracle密碼，可以使用orapwd 初始化sys密碼；然後再修改其他帳戶密碼，還有就是破解。

工具下載和破解速度對比見下面的連線：多數還是基於字典的破解，複雜些的密碼還是比較難以破解的。推薦兩個破解工具 checkpwd.exe 和 orabf.exe

http://www.red-database-security.com/whitepaper/oracle_password_cracker.html

1、checkpwd.exe

D:oracle_checkpwd>checkpwd.exe sysman/oracle default_passwords.txt
Checkpwd 1.23 [Win] - (c) 2005-2007 by Red-Database-Security GmbH
Oracle Security Consulting, Security Audits & Security Trainings
http://www.red-database-security.com

initializing Oracle client library
connecting to the database
retrieving users and password hash values
disconnecting from the database
opening weak password list file
reading weak passwords list
checking passwords
Starting 4 threads
TEST2 has weak password ORACLE [OPEN]
ORACLEDBA has weak password ORACLE [OPEN]
SCOTT has weak password ORACLE [OPEN]
ORACLE has weak password ORACLE [OPEN]
TSMSYS has weak password TSMSYS [EXPIRED & LOCKED]
PM has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
MDDATA has weak password MDDATA [EXPIRED & LOCKED]
BI has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
IX has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
DIP has weak password DIP [EXPIRED & LOCKED]
OE has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
SH has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
HR has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
SYSMAN has weak password ORACLE [OPEN]
MDSYS has weak password MDSYS [EXPIRED & LOCKED]
DBSNMP has weak password ORACLE [OPEN]
ORDSYS has weak password ORDSYS [EXPIRED & LOCKED]
DMSYS has weak password DMSYS [EXPIRED & LOCKED]
WMSYS has weak password WMSYS [EXPIRED & LOCKED]
EXFSYS has weak password EXFSYS [EXPIRED & LOCKED]
CTXSYS has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
XDB has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED]
ORDPLUGINS has weak password ORDPLUGINS [EXPIRED & LOCKED]
ANONYMOUS OK [EXPIRED & LOCKED]
SI_INFORMTN_SCHEMA OK [EXPIRED & LOCKED]
SYS has weak password ORACLE [OPEN]
OLAPSYS has weak password MANAGER [EXPIRED & LOCKED]
MGMT_VIEW OK [OPEN]
SYSTEM has weak password ORACLE [OPEN]
OUTLN has weak password OUTLN [EXPIRED & LOCKED]

Done. Summary:
Passwords checked : 3574
Weak passwords found : 27
Elapsed time (min:sec) : 0:02
Passwords / second : 1787

D:oracle_checkpwd>

2、ORABAF.EXE

首先找到使用者oracle的密碼的hash值38E38619A12E0257，dba_users

SQL> alter user oracle identified by oracle;

使用者已更改。

SQL> select password from dba_users where username='ORACLE';

PASSWORD
------------------------------
38E38619A12E0257

SQL>

D:orabf-v0.7.6>orabf.exe

orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------

usage: orabf [hash]:[username] [options]

options:
-c [num] complexity: a number in [1..6] or a filename
- read words from stdin
[file] read words from file
1 numbers
2 alpha
3 alphanum
4 standard oracle (alpha)(alpha,num,_,#,$)... (default)
5 entire keyspace (' '..'~')
6 custom (charset read from first line of file: charset.orabf)
-m [num] max pwd len: must be in the interval [1..14] (default: 14)
-n [num] min pwd len: must be in the interval [1..14] (default: 1)
-r resume: tries to resume a previous session


D:orabf-v0.7.6>orabf.exe 38E38619A12E0257:oracle -c 6

orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------
Trying default passwords...
password found: ORACLE:ORACLE

D:orabf-v0.7.6>

修改密碼後再測試

SQL> alter user oracle identified by oracle123;

使用者已更改。

SQL>
SQL> select password from dba_users where username='ORACLE';

PASSWORD
------------------------------
B1BA9ED1B2B824CC

SQL>

D:orabf-v0.7.6>orabf.exe B1BA9ED1B2B824CC:oracle -c 6

orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------
Trying default passwords...
password found: ORACLE:ORACLE123

D:orabf-v0.7.6>orabf.exe B1BA9ED1B2B824CC:oracle -c 3

orabf v0.7.6, (C)2005 orm@toolcrypt.org
---------------------------------------
Trying default passwords...
password found: ORACLE:ORACLE123

D:orabf-v0.7.6>

[@more@]