Use orabf to crack Oracle user’s password



Orabf is an extremely fast offline brute force/dictionary attack tool that can be used when the particular username and hash are known for an Oracle account.  Obviously the speed of the brute force attack slows down the longer the amount of characters that it is trying to brute force with but for short username/hash combinations it can be over a million tries per second.

Command Syntax

C:\orabf-v0.7.5>orabf [hash]:[username] [options]

-c     [num] complexity: a number in [1..6] or a filename
– read words from stdin
[file] read words from file
1 numbers
2 alpha
3 alphanum
4 standard oracle (alpha)(alpha,num,_,#,$)… (default)
5 entire keyspace (‘ ‘..’~’)
6 custom (charset read from first line of file: charset.orabf)
-m [num] max pwd len: must be in the interval [1..14] (default: 14)
-n [num] min pwd len: must be in the interval [1..14] (default: 1)
-r resume: tries to resume a previous session



:\awrtmp>sqlplus / as sysdba 
SQL*Plus: Release Production on 星期一 8月 29 08:20:55 2011 
Copyright (c) 1982, 2010, Oracle.  All rights reserved.
Oracle Database 11g Enterprise Edition Release - Production 
With the Partitioning, OLAP, Data Mining and Real Application Testing options 
SQL> set pages 1000 lines 100 
SQL> select username,password from dba_users where username='MARSHALL';
USERNAME                       PASSWORD 
------------------------------ ------------------------------ 

在Oracle 11g之前,加密后的密码可以从DBA_USERS数据字典的PASSWORD字段中获得。但是在11g中,PASSWORD字段却不再显示密码的内容了。

SQL> select name,password from user$ where name='MARSHALL';
NAME                           PASSWORD 
------------------------------ ------------------------------ 
MARSHALL                       A76A8C6CF0E4D786 
AGA                            1249697BA47A5831



SQL> exit 
从 Oracle Database 11g Enterprise Edition Release - Production 
With the Partitioning, OLAP, Data Mining and Real Application Testing options 断开
F:\awrtmp>orabf A76A8C6CF0E4D786:marshall
orabf v0.7.6, (C)2005 [email protected] 
F:\awrtmp>orabf 1249697BA47A5831:aga
orabf v0.7.6, (C)2005 [email protected] 
Trying default passwords... 
password found: AGA:AGA



F:\awrtmp>orabf 75800913E1B66343:sys
orabf v0.7.6, (C)2005 [email protected] 
Trying default passwords...warning: couldn't open default.txt...done
Starting brute force session using charset: 
press 'q' to quit. any other key to see status
current password: W4FP 
1355425 passwords tried. elapsed time 00:00:01. t/s:1200485
current password: AF9OO 
2609079 passwords tried. elapsed time 00:00:02. t/s:1172026
current password: ANZZY 
3123616 passwords tried. elapsed time 00:00:02. t/s:1182225
current password: B34FK 
4202732 passwords tried. elapsed time 00:00:03. t/s:1201398
current password: BDZJ8 
4843217 passwords tried. elapsed time 00:00:04. t/s:1208017








普人特福的博客cnzz&51la for wordpress,cnzz for wordpress,51la for wordpress