sitemap

RSS地图

收藏本站

设为首页

Oracle研究中心

当前位置:Oracle研究中心 > 故障案例 >

案例:使用user$表猜测试数据库用户密码 Oracle 10g绕过密码登陆数据库

时间:2016-06-15 11:08   来源:Oracle研究中心   作者:惜分飞   点击:

天萃荷净 Oracle10G使用user$表猜测试数据库用户密码,绕过密码登陆数据库过程

1.查询Oracle数据库版本

SQL> select * from v$version;

BANNER
----------------------------------------------------------------
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Prod
PL/SQL Release 10.2.0.4.0 - Production
CORE    10.2.0.4.0      Production
TNS for Linux: Version 10.2.0.4.0 - Production
NLSRTL Version 10.2.0.4.0 - Production

2.user$表Oracle 10g密码加密猜测

user$表中的password=hash(user||password)

SQL> create user xff identified by oracleplus;

User created.

SQL> create user xf identified by foracleplus;

User created.

SQL> select name,password from user$ where name in('XF','XFF');

NAME                           PASSWORD
------------------------------ ------------------------------
XF                             1B60F4BFF1DAB500
XFF                            1B60F4BFF1DAB500

3.通过修改user$.password饶过oracle密码登陆

--创建两个可以登陆用户
SQL> grant connect to ab identified by oracleplus;

Grant succeeded.


SQL> grant connect to abc identified by oracleplus;

Grant succeeded.

--查看用户名和password内容
SQL> select user#,name,password from user$ where name in ('AB','ABC');

     USER# NAME                           PASSWORD
---------- ------------------------------ ------------------------------
        63 AB                             7AF07A2EFB054758
        64 ABC                            40C0E6EE497444B7

--修改ab用户的password内容和abc相同,即ab用户对应的密码应该为coracleplus
SQL> update user$ set password='40C0E6EE497444B7' where user#=63;

1 row updated.

SQL> commit;

Commit complete.

SQL> select user#,name,password from user$ where name in ('AB','ABC');

     USER# NAME                           PASSWORD
---------- ------------------------------ ------------------------------
        63 AB                             40C0E6EE497444B7
        64 ABC                            40C0E6EE497444B7

--修改后登陆失败
SQL> conn ab/coracleplus
ERROR:
ORA-01017: 用户名/口令无效; 登录被拒绝


Warning: You are no longer connected to ORACLE.
SQL> conn / as sysdba
Connected.
--ab的user$.password被重设为原先值
SQL> select user#,name,password from user$ where name in ('AB','ABC');

     USER# NAME                           PASSWORD
---------- ------------------------------ ------------------------------
        63 AB                             7AF07A2EFB054758
        64 ABC                            40C0E6EE497444B7

SQL>  update user$ set password='40C0E6EE497444B7' where user#=63;

1 row updated.

SQL> commit;     

Commit complete.

SQL> select user#,name,password from user$ where name in ('AB','ABC');

     USER# NAME                           PASSWORD
---------- ------------------------------ ------------------------------
        63 AB                             40C0E6EE497444B7
        64 ABC                            40C0E6EE497444B7

--刷新databuffer和shared_pool
SQL> alter system flush buffer_cache ;

System altered.

SQL> alter system flush shared_buffer;
alter system flush shared_buffer
*
ERROR at line 1:
ORA-02000: missing SHARED_POOL/BUFFER_CACHE/GLOBAL CONTEXT keyword


SQL> alter system flush shared_pool;

System altered.

--修改ab的密码为coracleplus成功
SQL> conn ab/coracleplus
Connected.
SQL> show user;
USER is "AB"

3.绕过密码登陆数据库方法

1)建立一个和你需要登陆用户相似用户(一般是末尾多一个或者几个字符)
2)查询建立用户的user$.password,并修改你需要的用户的password
3)刷新data buffer和shared pool
4)使用你建立的用户多出在字符串+你建立用户的密码登陆你需要登陆用户


--------------------------------------ORACLE-DBA----------------------------------------

最权威、专业的Oracle案例资源汇总之案例:使用user$表猜测试数据库用户密码 Oracle 10g绕过密码登陆数据库

本文由大师惜分飞原创分享,网址:http://www.oracleplus.net/arch/382.html

Oracle研究中心

关键词:

使用user$表猜测试数据库用户密码

Oracle 10g中如何绕过密码登陆数据库