Oracle的verify_function_11G函数只是通过一些密码规则来让密码看起来不容易猜到,但一些用户的习惯让所设的密码虽然复杂,但并不
Oracle的verify_function_11G函数只是通过一些密码规则来让密码看起来不容易猜到,但一些用户的习惯让所设的密码虽然复杂,但并不难猜,这时可以用我写的这个程序,把一些常见的易猜的密码放入文件或字典数据库中, 通过程序自动尝试连接Oracle数据库,来效验指定数据密码是否太过易猜或简单,如果数据库用户配置稍严格些,这个程序就不起作用了,所以不太具有实用价值,仅参考使用。
程序用到了 SQLite与 OTL可看: SQLite编程相关() OTL的使用() 去了解相关使用方法。
程序代码如下:
/**
* author: xiongchuanliang
* desc: 效验密码是否是使用数据库默认密码,或密码是否太过简单
程序的参数说明:
-d 效验是否使用默认用户和密码没改过
-s 事先在SQLite数据库中存放各类数据库密码,然后依次尝试。
可通过 “ -s a% “这类来从字典表中过滤出相符合的密码字符串
-f 从密码文件中读取密码字符串依次尝试
*/
#include
#include
#include
#include
#include "sqlite3.h"
#define OTL_ORA10G
//#define OTL_ORA11G_R2 // Compile OTL 4.0/OCI11.2
#include "otlv4.h" // include the OTL 4 header file
using namespace std;
otl_connect oracledb;
#define MAXLINE 150
#define DICT_DB "c:\\sqlite\\mydict.db"
#define DICT_FILE "c:/sqlite/mydict.txt"
#define TNS_DBNAME "xcldb"
#define SQL_COUNT " SELECT count(*) FROM userpwd "
#define SQL_SELECT " SELECT pwd FROM userpwd "
char arrTestUser[][30] = {"sys","system","test"};
int arrTestUserLen = 3;
//从SQLite只按条件查出密码串放入文件
sqlite3_uint64 getDictDB(char * pWhere);
//初始化OTL
void initOTL();
//连接Oracle数据库
int connectORA(char * connstr);
//从字典文件读入密码字符串尝试连接
bool testConnDB();
//尝试用默认的用户名和密码连接
bool testConnDBDF();
int main(int argc, char* argv[])
{
printf("==========================\n");
printf("数据库密码有效性测试!\n");
printf("==========================\n");
if(argc==1||argc printf("请输入运行参数(-f,-d,-s).\n");
//从指定字典文件中查找
if( strcmp(argv[1],"-f") == 0)
{
printf(" -f : 从指定字典文件中查找\n");
testConnDB();
}else{
initOTL();
//查数据库默认用户密码
if( strcmp(argv[1],"-d") == 0)
{
printf(" -d : 查数据库默认用户密码 \n");
testConnDBDF();
}else if( strcmp(argv[1],"-s") == 0) //从SQLite数据库找出密码
{
printf(" -s : 从SQLite数据库找出密码 \n");
if(argc==3)
{
printf("过滤条件: %s\n",argv[2]); // %a123%
char sW[50] = {0};
//char *s = " where pwd like '%aaa%' ";
sprintf_s(sW, " where pwd like '%s' ",argv[2]);
getDictDB(sW);
}else{
char *sW = NULL;
getDictDB(sW);
}
//从数据库中转出的密码文件中读取密码进行尝试
testConnDB();
}else{
printf("请输入(-f,-d,-s)三个参数之一.\n");
}
}
return 0;
}
//从SQLite只按条件查出密码串放入文件
sqlite3_uint64 getDictDB(char * pWhere)
{
char sqlCount[MAXLINE] = {0};
char sqlSelect[MAXLINE] = {0};
strcpy_s(sqlCount,SQL_COUNT);
strcpy_s(sqlSelect,SQL_SELECT);
if(pWhere != NULL)
{
strcat_s(sqlCount,pWhere);
strcat_s(sqlSelect,pWhere);
}
sqlite3 * pDB = NULL;
//打开路径采用utf-8编码
//如果路径中包含中文,,需要进行编码转换
// c:\\sqlite\\mydict.db
int nRes = sqlite3_open(DICT_DB, &pDB);
if (nRes != SQLITE_OK)
{
printf("字典数据库连接失败. %s \n",sqlite3_errmsg(pDB));
return 0;
}
sqlite3_stmt * stmt;
const char *pTail;
sqlite3_uint64 rCount = 0;
int rc = 0;
//查询所有数据
sqlite3_prepare(pDB, sqlCount,-1,&stmt,&pTail);
int r = sqlite3_step(stmt);
if(r == SQLITE_ROW)
{
rCount = sqlite3_column_int64( stmt, 0 );
printf("共找到%d条字典密码.\n",rCount);
}
sqlite3_finalize(stmt);
if(rCount
//查询所有数据
sqlite3_prepare(pDB, sqlSelect,-1,&stmt,&pTail);
do{
FILE *fp;
fopen_s(&fp,DICT_FILE,"w");
if(fp == NULL)
{
printf("字典文件生成失败.\n");
goto end;
}
Explain the InnoDB Buffer Pool and its importance for performance.Apr 19, 2025 am 12:24 AMInnoDBBufferPool reduces disk I/O by caching data and indexing pages, improving database performance. Its working principle includes: 1. Data reading: Read data from BufferPool; 2. Data writing: After modifying the data, write to BufferPool and refresh it to disk regularly; 3. Cache management: Use the LRU algorithm to manage cache pages; 4. Reading mechanism: Load adjacent data pages in advance. By sizing the BufferPool and using multiple instances, database performance can be optimized.
MySQL vs. Other Programming Languages: A ComparisonApr 19, 2025 am 12:22 AMCompared with other programming languages, MySQL is mainly used to store and manage data, while other languages such as Python, Java, and C are used for logical processing and application development. MySQL is known for its high performance, scalability and cross-platform support, suitable for data management needs, while other languages have advantages in their respective fields such as data analytics, enterprise applications, and system programming.
Learning MySQL: A Step-by-Step Guide for New UsersApr 19, 2025 am 12:19 AMMySQL is worth learning because it is a powerful open source database management system suitable for data storage, management and analysis. 1) MySQL is a relational database that uses SQL to operate data and is suitable for structured data management. 2) The SQL language is the key to interacting with MySQL and supports CRUD operations. 3) The working principle of MySQL includes client/server architecture, storage engine and query optimizer. 4) Basic usage includes creating databases and tables, and advanced usage involves joining tables using JOIN. 5) Common errors include syntax errors and permission issues, and debugging skills include checking syntax and using EXPLAIN commands. 6) Performance optimization involves the use of indexes, optimization of SQL statements and regular maintenance of databases.
MySQL: Essential Skills for Beginners to MasterApr 18, 2025 am 12:24 AMMySQL is suitable for beginners to learn database skills. 1. Install MySQL server and client tools. 2. Understand basic SQL queries, such as SELECT. 3. Master data operations: create tables, insert, update, and delete data. 4. Learn advanced skills: subquery and window functions. 5. Debugging and optimization: Check syntax, use indexes, avoid SELECT*, and use LIMIT.
MySQL: Structured Data and Relational DatabasesApr 18, 2025 am 12:22 AMMySQL efficiently manages structured data through table structure and SQL query, and implements inter-table relationships through foreign keys. 1. Define the data format and type when creating a table. 2. Use foreign keys to establish relationships between tables. 3. Improve performance through indexing and query optimization. 4. Regularly backup and monitor databases to ensure data security and performance optimization.
MySQL: Key Features and Capabilities ExplainedApr 18, 2025 am 12:17 AMMySQL is an open source relational database management system that is widely used in Web development. Its key features include: 1. Supports multiple storage engines, such as InnoDB and MyISAM, suitable for different scenarios; 2. Provides master-slave replication functions to facilitate load balancing and data backup; 3. Improve query efficiency through query optimization and index use.
The Purpose of SQL: Interacting with MySQL DatabasesApr 18, 2025 am 12:12 AMSQL is used to interact with MySQL database to realize data addition, deletion, modification, inspection and database design. 1) SQL performs data operations through SELECT, INSERT, UPDATE, DELETE statements; 2) Use CREATE, ALTER, DROP statements for database design and management; 3) Complex queries and data analysis are implemented through SQL to improve business decision-making efficiency.
MySQL for Beginners: Getting Started with Database ManagementApr 18, 2025 am 12:10 AMThe basic operations of MySQL include creating databases, tables, and using SQL to perform CRUD operations on data. 1. Create a database: CREATEDATABASEmy_first_db; 2. Create a table: CREATETABLEbooks(idINTAUTO_INCREMENTPRIMARYKEY, titleVARCHAR(100)NOTNULL, authorVARCHAR(100)NOTNULL, published_yearINT); 3. Insert data: INSERTINTObooks(title, author, published_year)VA
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
WebStorm Mac version
Useful JavaScript development tools
Atom editor mac version download
The most popular open source editor
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
