After the posting of the Oracle password algorithm in the comp.database.oracle.server newsgroup they are a lot of free and commerical Oracle Password Cracker available.
Orabf is an extremely fast offline brute force/dictionary attack tool that can be used when the particular username and hash are known for an Oracle account. Obviously the speed of the brute force attack slows down the longer the amount of characters that it is trying to brute force with but for short username/hash combinations it can be over a million tries per second.
Repscan (Commercial and Trial) - No bruteforce - Can connect to the database and check multiple accounts in one step , Oracle Easy Connect, support for 11g, OID, APEX, OVS.
It is also able to detect unsecure PL/SQL code, unsecure system configurations, database modifications, weak/default database/apex/oid passwords, forensic traces.
Checkpwd (Free) is another dictionary based password checker for Oracle databases. This is a useful tool for DBA's to identify Oracle accounts with weak or default passwords. Available on Windows ad Linux.
oclhashcat is available on Windows, Linux and OSX and uses your GPU card(s). It can crack these Oracle algorithms :
- Oracle S: Type (Oracle 11+)
- Oracle H: Type (Oracle 7+)
- Oracle T: Type (Oracle 12+)
John The Ripper
Available on Windows, Linux and OSX John The Ripper supports these algo :
We can help you to attempt to recover your Oracle hash : contact us.
Related article : How to crack Oracle version 11g Passwords (SHA1)