orabf

Orabf is an extremely fast offline brute force/dictionary attack tool that can be used when the particular username and hash are known for an Oracle account.  Obviously the speed of the brute force attack slows down the longer the amount of characters that it is trying to brute force with but for short username/hash combinations it can be over a million tries per second. 

It is available from here.

Command Syntax

C:\orabf-v0.7.5>orabf [hash]:[username] [options]

Options:

-c     [num] complexity: a number in [1..6] or a filename
        - read words from stdin
        [file] read words from file
        1 numbers
        2 alpha
        3 alphanum
        4 standard oracle (alpha)(alpha,num,_,#,$)... (default)
        5 entire keyspace (' '..'~')
        6 custom (charset read from first line of file: charset.orabf)
-m [num] max pwd len: must be in the interval [1..14] (default: 14)
-n [num] min pwd len: must be in the interval [1..14] (default: 1)
-r resume: tries to resume a previous session

Example output:

In this case the in-built dictionary default.txt has been used to carry out a dictionary based attack.

In this case a brute force attack has been carried out specifying to orabf that it should start brute forcing with a password with a minimum length of 4 characters.