How to crack Oracle Passwords

After the posting of the Oracle password algorithm in the comp.database.oracle.server newsgroup they are a lot of free and commerical Oracle Password Cracker available.

Orabf

Orabf is an extremely fast offline brute force/dictionary attack tool that can be used when the particular username and hash are known for an Oracle account. Obviously the speed of the brute force attack slows down the longer the amount of characters that it is trying to brute force with but for short username/hash combinations it can be over a million tries per second.

Repscan

Repscan (Commercial and Trial) - No bruteforce - Can connect to the database and check multiple accounts in one step , Oracle Easy Connect, support for 11g, OID, APEX, OVS, HTMLS

Checkpwd

- Windows + Linux - Checkpwd

John The Ripper with Oracle patch

- John The Ripper

bfora

- Perl based brute forcer