Sunday, March 24, 2013

Crack Oracle Password Example

Brute Force One of hacking way used application programs to decode encrypted data such as passwords or Data Encryption Just as a criminal might break into, or "crack" a safe by trying many possible combinations, a brute force cracking application proceeds through all possible combinations of legal characters in sequence. Brute force is considered to be an infallible, although time-consuming, approach.

To help prevent dictionary brute-force attacks many systems will only allow a user to make a mistake in entering their username or password three or four times. If the user exceeds these attempts, the system will either lock them out of the system or prevent any future attempts for a set amount of time.

Today i will provide example how to crack oracle password using Tools called orabf  please remember it's only example and there's million tools can do the same i will mention it later in this Topics and work on them in another thread.

Orabf is an extremely fast offline brute force/dictionary attack tool that can be used when the particular username and hash are known for an Oracle account.  Obviously the speed of the brute force attack slows down the longer the amount of characters that it is trying to brute force with but for short username/hash combinations it can be over a million tries per second. 

and you can visit the website here.

Check the below example :

set head off
set feed off
set verify off
Spool Hacker.lis
select password||':'||username from dba_users
Spool off ;

Output sample for the file look like :

if you have any tag on the column remove them and save the file again since Orabf  don't read these tags

Because i am using version 0.7.5 the command should be like :
orabfscript hacker.lis -c default.txt
Remember Default.txt is the file already exist in the software and output append inside this file.

Small trick !!! i will provide another example using another software such as :
  • Repscan 
  • Checkpwd 
  • John The Ripper
  •  bfora
Thank you
Osama Mustafa


  1. can you crack this: D19EF8C8424337C07F8995C9205CAA90