hydra扫描不出oracle中sys用户的弱密码

文章介绍了在尝试使用Hydra扫描Oracle数据库sys用户sysdba权限密码时遇到的问题。由于OCILogon接口不支持指定用户角色,导致扫描失败。解决方案是使用OCISessionBegin接口,通过判断用户类型来实现sysdba身份的登录尝试,从而成功进行密码扫描。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

sys用户需要以sysdba身份登录

我们知道,oracle数据库的用户是分权限的,其中sys用户权限最高,在登录时需要以sysdba的身份才可以成功登陆,否则会报错:ORA-28009: connection as SYS should be as SYSDBA or SYSOPER.(如图)
在这里插入图片描述

hydra登录oracle的代码

hydra登录oracle的代码在源文件hydra-oracle.c中的start_oracle函数中,使用的是OCI接口,登录时调用的接口是OCILogon,如图。
在这里插入图片描述

OCILogon接口原型

查询OCI官方文档,得知OCILogon接口原型如下:

sword OCILogon ( 
OCIEnv          *envhp,    //环境句柄
OCIError        *errhp,   //错误句柄
OCISvcCtx       **svchp,  //服务上下文句柄
CONST text      *username,   //用户名
ub4             uname_len,  //用户名长度
CONST text      *password,   //密码
ub4             passwd_len,   //密码长度
CONST text      *dbname,   //数据库名
ub4             dbname_len   //数据库名长度
); 

sword OCILogoff (  
OCISvcCtx      *svchp,  //服务上下文句柄
OCIError       *errhp  //错误句柄
);

可以看出,OCILogon接口中并不存在指定用户角色的参数,所以当调用此函数以sys用户登录时,就会报权限不足的错误。

使用其他接口替代OCILogon

既然问题出在OCILogon没有指定用户身份的参数,那么我们找个有指定身份参数的接口去代替。查询OCI官方文档可知,OCISessionBegin符合要求(如图)。这个接口是为某用户开始一个会话,既然能开始会话,当然也就表明该用户登录成功了。
在这里插入图片描述

hydra-oracle.c源码修正

经过上述讨论,决定改用OCISessionBegin接口来代替OCILogon接口。在调用时对sysdba类用户做判断(这里默认只处理sys用户),如图:
在这里插入图片描述

修正后的hydra-oracle.c在:

关于OCILogon和OCISessionBegin的接口测试代码如下:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <oci.h>

/*user name and password*/
#if 1
static text* username=(text *)"sys";
static text* password=(text *)"oracle11g";
#else
static text* username=(text *)"system";
static text* password=(text *)"oracle11g";
#endif

static text* oracle=(text *)"//172.16.7.30:1521/ORCL";


/*handle define*/
static OCIEnv           *p_env;                                        //OCI environment handle
static OCIError         *p_err;                                        //OCI error handle
static OCISvcCtx        *p_svc;                                        //OCI service context handel
static OCIServer        *p_ser;                                        //OCI server handle
static OCISession       *p_usr;                                        //OCI user session handle
static OCIStmt          *p_sql;                                        //OCI statement handle
static OCIDefine        *p_dfn = (OCIDefine *)NULL;                    //OCI define handle
static OCIBind          *p_bnd = (OCIBind *)NULL;                      //OCI bind handle

text o_errormsg[512];
sb4 o_errorcode;

/*create OCI environment*/
int create_env()
{
   
   
  int swResult;            //Return value
  if(swResult = OCIEnvCreate(&p_env,OCI_DEFAULT,NULL,NULL,NULL,NULL,0,NULL)) {
   
   
    printf("environment create error!\n\n");
    return -1;
  
Hydra is a popular tool used for performing brute force attacks against various network services. However, it should be noted that using Hydra to perform attacks against an Oracle database without proper authorization is illegal and can result in severe legal consequences. Assuming you have proper authorization to perform security testing on an Oracle database, here are the steps to use Hydra against it: 1. Install Hydra: Hydra is available for most Linux distributions and can be installed using the package manager. For example, on Ubuntu, you can install Hydra using the following command: `sudo apt-get install hydra`. 2. Identify the Oracle database service: You need to identify the Oracle database service that you want to attack. The default port for Oracle databases is 1521, and the service name is usually "ORCL". 3. Create a password list: Hydra works by trying a list of passwords against a target service. You need to create a list of passwords that you want to try. You can use tools like Crunch or Cewl to generate custom wordlists. 4. Run Hydra: Once you have the target service and password list, you can run Hydra using the following command: `hydra -L <username_list> -P <password_list> <ip_address> -s <port> oracle`. For example, if the target IP address is 192.168.1.100, the port is 1521, and the username list and password list are "usernames.txt" and "passwords.txt", respectively, the command would be: `hydra -L usernames.txt -P passwords.txt 192.168.1.100 -s 1521 oracle`. It's important to note that using Hydra to perform unauthorized attacks against any system or service is illegal and can result in serious legal consequences. Always make sure you have proper authorization before performing any security testing.
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值