修改oracle口令安全问题
[20171225]变态的windows批处理4.txt
[oracle@hb shell_test]$ cat echo_time
#!/bin/sh
[20171101]修改oracle口令安全难点.txt
--//后天求学windows 批管理的echo &.使用它能够达成类似回车换行的功能.例子:
一.最轻松易行的调用sqlplus
sqlplus -S "sys/unimas as sysdba" << !
select to_char(sysdate,'yyyy-mm-dd') today from dual;
exit;
!
--//等保的难题,做一些有关修改oracle口令方面包车型客车测量检验.
1.echo &.
R:>echo 1111 & echo 2222
1111
2222
[oracle@hb shell_test]$ ./echo_time
1.oracle改换口令平常如下格局:
--//可是如若写成如下:
TODAY
2011-03-21
-S 是silent mode,不出口邻近“SQL>”,连接数据库,关闭数据库之类的新闻。
eof能够是任何字符串
举例"laldf"那么当您输入单独一行laldf时"shell以为输入完结,然而必得代表块开端必得利用<<;
千帆竞发和终结要合营那些符号“<<”后边的原委
举例子:
[oracle@hb shell_test]$ sqlplus -s "sys/unimas as sysdba" <<
abc
> select to_char(sysdate,'yyyy-mm-dd') today from dual;
> exit;
> abc
alter user scott identified by oracle;
password scott
其三方工具,日常也是实行以上类似的命令.作者使用SQL
Tracker(toad自带的工具)测量试验,实际上试行的也是第1种格局.
R:>echo 1111 & echo 2222 > aa.txt
1111
TODAY
2011-03-21
二.sqlplus的结果传递给shell的诀要一
[oracle@hb shell_test]$ cat test2.sh
#!/bin/bash
VALUE=`sqlplus -S "test/unimas" << !
set heading off
set feedback off
set pagesize 0
set verify off
set echo off
select to_char(sysdate,'yyyy-mm-dd') today from dual;
exit
!`
echo $VALUE
if [ -n "$VALUE" ]; then
echo "The rows is $VALUE"
exit 0
else
echo "There is no row"
fi
三.sqlplus的结果传递给shell的措施二
[oracle@hb shell_test]$ cat test1.sh
#!/bin/bash
sqlplus -S "test/unimas" << !
set heading off
set feedback off
set pagesize 0
set verify off
set echo off
col coun new_value v_coun
select count(*) coun from lesson;
exit v_coun
!
VALUE="$?"
echo "show row:$VALUE"
col coun new_value v_coun v_coun为number类型。因为exit 只可以回去数值类型。
四.把shell参数字传送递给sqlplus
#!/bin/bash
t_id="$1"
sqlplus -S "test/unimas" << !
set heading off
set feedback off
set pagesize 0
set verify off
set echo off
select teachername from teacher where id=$t_id;
exit
!
五.sqlplus的结果存款和储蓄在文件中
#!/bin/sh
sqlplus -S "test/unimas"<<EOF
set heading off
set feedback off
set pagesize 0
set verify off
set echo off
spool spool_file
SELECT * from teacher;
spool off
exit;
EOF
http://blog.chinaunix.net/space.php?uid=9124312&do=blog&id=181372
####################################################################################################################################
翻开调解系统状态脚本:
#!/bin/sh
if [[ -z "$1" ]] || [[ "$1" -ne 0 && "$1" -ne 2 ]] #使用[[ ]] 举办逻辑不通操作
then
echo "Please input your parameter: query status[0,2]!"
exit
fi
#for buname in cnlog enlog ItLog JrLog AuLog InnerLog
for buname in cnlog enlog
do
sqlplus -S 'etl/etl@dw_testdb' << abc #采用 << EOF方式输入音信 set line 155
set pages 9999
SELECT /* PARALLEL(a,4) */ * FROM $buname.hla_job_rec a where
status = $1;
exit
abc
done
2.测试:
--//作者本身早已树立多个剧本(笔者修改加入包涵alter的内容):
# cat -v Tcpdumpsql
#! /bin/bash
/usr/sbin/tcpdump -l -i eth0 -s 16384 -A -nn src host $1 and dst port
1521 2>/dev/null | tee -a /tmp/aa1 |sed -u -e
"s/^M/!/g;s/^E...{1,100}//;s/.*$//;s/^.*//" |
awk '{if (tolower($0) ~ "select" || tolower($0) ~ "update" ||
tolower($0) ~ "delete" ||tolower($0) ~ "alter" || tolower($0) ~ "insert"
|| $0 ~ "ORA-" ) {p=1;print}
else if(p == 1 && $0 !~ "^[0-9][0-9]:") {print} else if ($0 ~
"^[0-9][0-9]:") {p=0}}'
R:>cat aa.txt
2222
--//注:^M 实际上在vi里面要透过ctrl v ctrl m输入(windows下ctrl q
ctrl m),首假如因为大家付出写PB代码使用~r而从不加~n,这样
--//在呈现时因为未有换行突显内容会被覆盖.
--//你能够开采1111,突显输出,而2222写入文件aa.txt,改写成管道看看.
3.测试alter user修改口令:
--//在client端登陆,实施如下测量检验命令:
select sysdate from dual;
alter user scott identified by oracle;
select Sysdate from dual;
R:>echo 1111 &echo 2222 | cat
1111
2222
--//在服务器实行:
# Tcpdumpsql cliend_ip
--//注:client_id换来对应的ip.
select sysdate from dual
%alter user scott identified by oracle
select Sysdate from dual
--//OK.实际上那一个是假象,第1行动显示器,第2行动管道,看上面包车型客车测验就驾驭了.假设要写到文件实际上要加括号,那几个跟linux有一个相似.
R:>(echo 1111 &echo 2222 ) > aa.txt
--//很显著改造口令的命令原形毕露.
R:>cat aa.txt
1111
2222
4.测验password修改口令:
--//在client端登陆,实行如下测量试验命令:
select sysdate from dual;
password
select Sysdate from dual;
--//那些倒是平常的意况.
--//在服务器试行:
# Tcpdumpsql cliend_ip
select sysdate from dual
....................SCOTT.....AUTH_SESSKEY........!...!AUTH_PASSWORD@...@1498887FF997E2D432717C036E8672E9858F261F5A058B6927A9CE4DA137D1AD.........AUTH_NEWPASSWORD@...@FD4CD857F51847B1B86CFDC3263776C365CC27A33FACD76763AB40FE3B073052....!...!AUTH_TERMINAL.....IKD84BCP.........AUTH_PROGRAM_NM.....sqlplus.exe.........AUTH_MACHINE.....WORKGROUPIKD84BCP.........AUTH_PID
...
1404:5880.........AUTH_SID!...!Administrator.........AUTH_ALTER_SESSION......ALTER
SESSION SET NLS_LANGUAGE= 'AMERICAN' NLS_TERRITORY= 'AMERICA'
NLS_CURRENCY= '$' NLS_ISO_CURRENCY= 'AMERICA'
NLS_NUMERIC_CHARACTERS= '.,' NLS_CALENDAR= 'GREGORIAN'
NLS_DATE_FORMAT= 'YYYY-MM-DD HH24:MI:SS' NLS_DATE_LANGUAGE=
'AMERICAN' NLS_SORT= 'BINA.RY' TIME_ZONE= ' 08:00' NLS_COMP= 'BINARY'
NLS_DUAL_CURRENCY= '$' NLS_TIME_FORMAT= 'HH.MI.SSXFF AM'
NLS_TIMESTAMP_FORMAT= 'YYYY-MM-DD HH24:MI:SS.FF'
NLS_TIME_TZ_FORMAT= 'HH.MI.SSXFF AM TZR' NLS_TIMESTAMP_TZ_FORMAT=
'YYYY-MM-DD HH24:MI:SS.FF TZH:TZM'
select Sysdate from dual
2.行使那些特点能够透过管道传输命令给sqlplus.
--//做一些格式化处理
....................SCOTT.....AUTH_SESSKEY........!...!AUTH_PASSWORD@...@1498887FF997E2D432717C036E8672E9858F261F5A058B6927A9CE4DA137D1AD
.........AUTH_NEWPASSWORD@...@FD4CD857F51847B1B86CFDC3263776C365CC27A33FACD76763AB40FE3B073052....!...!AUTH_TERMINAL.....IKD84BCP
.........AUTH_PROGRAM_NM.....sqlplus.exe.........AUTH_MACHINE.....WORKGROUPIKD84BCP.........AUTH_PID
...
1404:5880.........AUTH_SID!...!Administrator.........AUTH_ALTER_SESSION......ALTER
SESSION SET NLS_LANGUAGE= 'AMERICAN'
NLS_TERRITORY= 'AMERICA' NLS_CURRENCY= '$' NLS_ISO_CURRENCY=
'AMERICA' NLS_NUMERIC_CHARACTERS= '.,'
NLS_CALENDAR= 'GREGORIAN' NLS_DATE_FORMAT= 'YYYY-MM-DD HH24:MI:SS'
NLS_DATE_LANGUAGE= 'AMERICAN' NLS_SORT= 'BINA.RY' TIME_ZONE=
' 08:00'
NLS_COMP= 'BINARY' NLS_DUAL_CURRENCY= '$' NLS_TIME_FORMAT=
'HH.MI.SSXFF AM' NLS_TIMESTAMP_FORMAT= 'YYYY-MM-DD HH24:MI:SS.FF'
NLS_TIME_TZ_FORMAT= 'HH.MI.SSXFF AM TZR' NLS_TIMESTAMP_TZ_FORMAT=
'YYYY-MM-DD HH24:MI:SS.FF TZH:TZM'
R:>echo set timing off head off; &echo select sysdate from
dual;
set timing off head off;
select sysdate from dual;
SYS@book> column SPARE4 format a70
SYS@book> select name,password,spare4 from user$ where
name='SCOTT';
NAME PASSWORD SPARE4
R:>echo set timing off head off; &echo select sysdate from dual;
| sqlplus -s scott/book@78
set timing off head off;
SYSDATE
2017-12-25 10:06:33
--//晕!!分明set timing off head
off;那行未有通过管道出口,而是径直出口到显示器.因为若是输入管道,展现的相应是不曾sysdate字段名.
--//留神看眼下的事例才发掘实际上echo 1111 &echo 2222 | cat
输出1111走显示器,而输出2222管道,看上去展现是经常的.
--//也便是要2行都因此管道必需使用括号.修改如下.
R:>(echo set timing off head off; &echo select sysdate from dual;
) | sqlplus -s scott/book@78
2017-12-25 10:08:59
--//小编google发现此外的写法,在&前到场^.
R:>echo set timing off head off;^&echo select sysdate from dual;
| sqlplus -s scott/book@78
2017-12-25 10:11:57
--//确实是Ok了,可是此外的难题来了:
R:>echo set timing off head off;^&echo select sysdate from dual;
| cat
set timing off head off;
select sysdate from dual;
R:>echo set timing off head off;^&echo select sysdate from dual; > aa.txt
R:>cat aa.txt
set timing off head off;&echo select sysdate from dual;
--//无法通晓windows的批管理,通过管道出口2行.而使用文件吸收接纳展现的是set
timing off head off;&echo select sysdate from dual;
--//重定向到文件时^实际上转义&.
set timing off head off; &echo select sysdate from dual;
--//而实际上那样进行是拾叁分的.
R:>cat aa.txt | sqlplus -s scott/book@78
Enter value for echo:
SP2-0546: User requested Interrupt or EOF detected.
--//如故糟糕精通windows的批管理的微妙!!在笔者认为最好的章程照旧加括号比较好驾驭一些.
--//实际上倘若能很好精晓链接
--//就能够很好精晓.
--//可是一旦echo里面有括号难点又来了:
R:>(echo set timing off head off;&echo select (sysdate 1) from
dual;) | sqlplus -s scott/book@78
此刻不该 from。
--//约等于)要转义,要转义3次.遭遇这种情景不断加码^便是了.
R:>(echo set timing off head off;&echo select (sysdate 1^^^) from
dual;) | sqlplus -s scott/book@78
2017-12-26 11:16:33
--//而前边这种格局就简单了.
R:>echo set timing off head off;^&echo select (sysdate 1) from
dual; | sqlplus -s scott/book@78
2017-12-26 11:17:35
--//在笔者眼里windows批管理真是变态加变态..
SCOTT 0EDE56329E1D82EA S:52BD300CE604E12EB9D6731005A8294E77D62C898D4C7CB2827DFCAE90AC
--//从这里见到,更改口令使用password越发安全一些.
本文由星彩网app下载发布于星彩网app下载,转载请注明出处:修改oracle口令安全问题
TAG标签: 星彩网app下载
