Oracle Pwnage Part 3 's

admin
admin
admin
140559
文章
117
评论
2017年5月1日16:09:27评论279 views字数 1938阅读6分27秒阅读模式
摘要

Posted by CG Sorry no metasploit for this one.ButI did get asked how to get the SCOTT/TIGER username and pass. I left a (hint) in the first blog post. But by request here is the link:
http://www.petefinnigan.com/default/default_password_checker.htm

Posted by CG

Sorry no metasploit for this one.

But

I did get asked how to get the SCOTT/TIGER username and pass. I left a (hint) in the first blog post. But by request here is the link:
http://www.petefinnigan.com/default/default_password_checker.htm

Second thing was that you may find yourself with some oracle hashes after some crafty (well not realy) sql queries. Something that probably looks like this:

[*] DBSNMP,E066D214D5421CCC
[*] SCOTT,F894844C34402B67
[*] XDB,88D8364765FCE6AF

There are a couple of crackers, but I like checkpwd from red-database security. http://www.red-database-security.com/software/checkpwd.html

[email protected]:~/Desktop/oracle_checkpwd_big$ wine checkpwd.exe DBSNMP:E066D214D5421CCC password_file.txt
Checkpwd 1.23 [Win] – (c) 2005-2007 by Red-Database-Security GmbH
Oracle Security Consulting, Security Audits & Security Trainings
http://www.red-database-security.com

opening weak password list file
reading weak passwords list
checking passwords
Starting 2 threads
DBSNMP has weak password DBSNMP

Done. Summary:
Passwords checked : 2
Weak passwords found : 1
Elapsed time (min:sec) : 0:02
Passwords / second : 1

[email protected]:~/Desktop/oracle_checkpwd_big$ wine checkpwd.exe SCOTT:F894844C34402B67 password_file.txt
Checkpwd 1.23 [Win] – (c) 2005-2007 by Red-Database-Security GmbH
Oracle Security Consulting, Security Audits & Security Trainings
http://www.red-database-security.com

opening weak password list file
reading weak passwords list
checking passwords
Starting 2 threads
SCOTT has weak password TIGER

Done. Summary:
Passwords checked : 9
Weak passwords found : 1
Elapsed time (min:sec) : 0:02
Passwords / second : 4.5

[email protected]:~/Desktop/oracle_checkpwd_big$ wine checkpwd.exe XDB:88D8364765FCE6AF password_file.txt
Checkpwd 1.23 [Win] – (c) 2005-2007 by Red-Database-Security GmbH
Oracle Security Consulting, Security Audits & Security Trainings
http://www.red-database-security.com

opening weak password list file
reading weak passwords list
checking passwords
Starting 2 threads
XDB has weak password CHANGE_ON_INSTALL

Done. Summary:
Passwords checked : 3
Weak passwords found : 1
Elapsed time (min:sec) : 0:02
Passwords / second : 1.5

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2017年5月1日16:09:27
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   Oracle Pwnage Part 3 'shttps://cn-sec.com/archives/45805.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息