Oracle database : 5 best tools to crack passwords
Intro
After the posting of the Oracle password algorithm in the comp.database.oracle.server newsgroup they are a lot of free and commerical Oracle Password Cracker available.
/!\ This is for educational purposes only, and should not be used for unauthorized access, tampering or accessed illegally without owner permission.
Orabf
Orabf is an extremely fast offline brute force/dictionary attack tool that can be used when the particular username and hash are known for an Oracle account. Obviously the speed of the brute force attack slows down the longer the amount of characters that it is trying to brute force with but for short username/hash combinations it can be over a million tries per second.
Repscan
Repscan (Commercial and Trial) - No bruteforce - Can connect to the database and check multiple accounts in one step , Oracle Easy Connect, support for 11g, OID, APEX, OVS.
It is also able to detect unsecure PL/SQL code, unsecure system configurations, database modifications, weak/default database/apex/oid passwords, forensic traces.
Checkpwd
Checkpwd (Free) is another dictionary based password checker for Oracle databases. This is a useful tool for DBA's to identify Oracle accounts with weak or default passwords. Available on Windows ad Linux.
oclhashcat
oclhashcat is available on Windows, Linux and OSX and uses your GPU card(s). It can crack these Oracle algorithms :
- Oracle S: Type (Oracle 11+)
- Oracle H: Type (Oracle 7+)
- Oracle T: Type (Oracle 12+)
John The Ripper
Available on Windows, Linux and OSX John The Ripper supports these algo :
- Oracle 7+
- Oracle 11g
Note
We can help you to attempt to recover your Oracle hash : contact us.
Related article : How to crack Oracle version 11g Passwords (SHA1)