[20171213]john破解oracle口令.txt--//跟別人討論的oracle破解問題,我曾經提過不要使用6位字元以下的密碼,其實不管那種系統低於6位口令非常容易破解.--//而且oracle預設還保證舊口令模式在sys.user$文件中,破解這個更容易.我僅僅寫一些例子:1.環境:SYS ...
[20171213]john破解oracle口令.txt
--//跟別人討論的oracle破解問題,我曾經提過不要使用6位字元以下的密碼,其實不管那種系統低於6位口令非常容易破解.
--//而且oracle預設還保證舊口令模式在sys.user$文件中,破解這個更容易.我僅僅寫一些例子:
1.環境:
SYS@book> @ &r/ver1
PORT_STRING VERSION BANNER
------------------------------ -------------- --------------------------------------------------------------------------------
x86_64/Linux 2.4.xx 11.2.0.4.0 Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
SYS@book> column spare4 format a62
SYS@book> select NAME,SPARE4,PASSWORD from sys.user$ where name='SCOTT';
NAME SPARE4 PASSWORD
-------------------- -------------------------------------------------------------- ------------------------------
SCOTT S:70863744165E30E16FA46A05043A7E858A7D98BC359FD004C4A628C3F80A F894844C34402B67
2.安裝john:
--//我選擇rpm包,很容易找到.步驟略.我安裝的版本:
$ john
John the Ripper password cracker, version 1.7.6-jumbo-12
...
3.破解:
--//建立文件a.txt
$ cat a.txt
SCOTT:F894844C34402B67
$ john --format=oracle a.txt
Loaded 1 password hash (Oracle [oracle])
TIGER (SCOTT)
guesses: 1 time: 0:00:00:00 100.00% (2) (ETA: Wed Dec 13 10:54:35 2017) c/s: 56600 trying: TIGER
4.破解oracle 11g密碼:
--//建立文件b.txt
$ cat b.txt
S:70863744165E30E16FA46A05043A7E858A7D98BC359FD004C4A628C3F80A
$ john --format=oracle11 b.txt
Loaded 1 password hash (Oracle 11g [oracle11])
tiger (S)
guesses: 1 time: 0:00:00:00 100.00% (2) (ETA: Wed Dec 13 10:55:28 2017) c/s: 80100 trying: tiger
--//基於英文字典的破解1秒都不到.
--//破解的記錄保證在在/home/oracle/.john/目錄的john.pot文件,安全需要可以刪除.
--//修改為T1IGER,再次測試:
$ john --format=oracle a.txt
Loaded 1 password hash (Oracle [oracle])
Warning: mixed-case charset, but the current hash type is case-insensitive;
some candidate passwords may be unnecessarily tried more than once.
guesses: 0 time: 0:00:00:07 (3) c/s: 694786 trying: 31044016
guesses: 0 time: 0:00:00:08 (3) c/s: 702679 trying: DDAPH7
T1IGER (SCOTT)
guesses: 1 time: 0:00:00:11 (3) c/s: 738577 trying: T1IGER
--//6位的密碼11秒破解.
$ john --format=oracle11 b.txt
Loaded 1 password hash (Oracle 11g [oracle11])
guesses: 0 time: 0:00:00:02 (3) c/s: 2534K trying: bob1420
t1iger (S)
guesses: 1 time: 0:00:00:03 (3) c/s: 2581K trying: t1iger
--//我修改3次,都記錄在a.txt:
$ john --format=oracle a.txt
Loaded 3 password hashes with no different salts (Oracle [oracle])
TIGER (SCOTT)
Warning: mixed-case charset, but the current hash type is case-insensitive;
some candidate passwords may be unnecessarily tried more than once.
T1IGER (SCOTT)
BOOKBOOK (SCOTT)
guesses: 3 time: 0:00:01:53 (3) c/s: 1037K trying: BOOKBOOK
$ john --format=oracle11 b.txt
Loaded 3 password hashes with 3 different salts (Oracle 11g [oracle11])
tiger (S)
t1iger (S)
bookbook (S)
guesses: 3 time: 0:00:00:33 (3) c/s: 3526K trying: bookbook
--//基於英文字典的破解非常快,3個口令2分鐘.
--//重新安裝john-1.7.9-1.el5.rf.x86_64.rpm,但是要修改/etc/john.conf註解:
#.include <dynamic.conf>
