How to crack Oracle Passwords

After the posting of the Oracle password algorithm in the newsgroup they are a lot of free and commerical Oracle Password Cracker available.


Orabf is an extremely fast offline brute force/dictionary attack tool that can be used when the particular username and hash are known for an Oracle account. Obviously the speed of the brute force attack slows down the longer the amount of characters that it is trying to brute force with but for short username/hash combinations it can be over a million tries per second.


Repscan (Commercial and Trial) - No bruteforce - Can connect to the database and check multiple accounts in one step , Oracle Easy Connect, support for 11g, OID, APEX, OVS, HTMLS


- Windows + Linux - Checkpwd

John The Ripper with Oracle patch

- John The Ripper


- Perl based brute forcer