Oracle stores account's credentials in DBA_USERS / SYS.USER$ tables. Passwords are encrypted with DES in CBC mode and saved under the form of hashes. This feature connects to the Oracle server via ODBC and dumps all account''s hashes into the Oracle Hashes Cracker list.


How it works

It connects to the server via ODBC and performs the following SQL command:


select username, password from DBA_USERS

select name,password from SYS.USER$


To dump the hashes go to the Oracle Hashes Cracker and press the "Insert" button on the keyboard or click the icon with the blue + on the toolbar. Choose the Data Source Name (DSN) for the target server and provide administrative credentials.



This feature requires administrative privileges on the target database server and Oracle ODBC client installed.