I have known about this cracker since version 0.32 when it was previously available but its presence was not advertised. The cracker was then removed from toolcrypt and has just now been made available again as version 0.7. You can download orabf version 0.7 here.
Orabf is a dictionary cracker and a brute force cracker. It is possible to define the character set used in the brute force attack. You can choose alpha, alpha+numeric,numeric or the full character set. You can also define the number of characters to check up to for the password. For instance you can check just for 5 character passwords. You can also start a cracking session and stop it and then use the resume feature to restart from the point you left off. The zip also includes a DOS batch script that can be used to attack multiple usernames/hashes in the same run. There is also included a nice tool called permute that can be used to mangle and manage dictionary or wordlists. There is also a word list and a tool to generate password hashes rather than crack them.
0rm has worked on this cracker for some time and he says it is unlikely to get much more work done on it as it is already very fast. I have clocked 1.02 Million hashes per second on a 2.8 gighz pentium 4. He has done some great tuning work on the DES algorithm itself to make this cracker very fast.
Here is a sample run:-
First alter the SCOTT users password so we can do a brute force cracking session.
SQL> alter user scott identified by xfd7h;
User altered.
SQL> select username, password from dba_users
2 where username='SCOTT';
USERNAME PASSWORD
------------------------------ -----------------------
SCOTT 0BF93A124BAD1F02
SQL>
First view the parameters to pass to orabf:
C:\petefinnigan.com\orm_version_7>orabf
orabf v0.7, (C)2005 orm@toolcrypt.org
-------------------------------------
usage: orabf [hash]:[username] [complexity] [{}|maxpwdlen] [{}|'resume']
where complexity is a number in [1..4] or a filename
- read words from stdin
[file] read words from file
1 numbers
2 alpha
3 alphanum
4 entire keyspace
0 < maxpwdlen < 15 (brute force mode only)
resume tries to resume a previous session
Now run the orabf tool to brute force crack the password:
C:\petefinnigan.com\orm_version_7>orabf 0BF93A124BAD1F02:scott 3 5
orabf v0.7, (C)2005 orm@toolcrypt.org
-------------------------------------
Trying default passwords
Starting brute force session
press 'q' to quit. any other key to see status
password found:SCOTT:XFD7H
57871891 passwords tried. elapsed time 00:00:56. t/s:1026442
C:\petefinnigan.com\alex\orm_version_7>
As you can see the 5 character password was cracked in 56 seconds and the cracker ran at 1.02 Million hashes per second.
This is a fantastic tool. Anyone interested in Oracle Security should get it and use it to test password strength in their databases. Of course I have added 0rm's cracker to my Oracle Security Tools page.
