I’ve run into the not uncommon situation where there is a SQL login and no one seems to have the password. We can change it and suffer the pain, create a new account, or try to crack it. I’ve opted to at least try cracking, using the article How to recover a SQL Server login password as a guide. Only took a few minutes to set up and I put just the hash for the one account in a file, and I bumped the thread count to 4. On my I7-3630QM with 8G it’s running at 65%, leaving enough for me to keep working. Once it starts the status screen below only updates if you press enter, you can see the time remaining is two days. Clearly this needs the GPU approach mentioned in the article. I’ll let it run for a while and see what happens, maybe 2 days is pessimistic!
SQLAndy 
Do you know if something similar exists for Oracle?
Thnks.
LikeLike
Michael, it looks like Hashcat has some support for Oracle.
LikeLike
Yes, I did find some explanations on the Internet. But so far I haven’t gotten it to work for cracking the sys and system passwords even though I have full access to the database files including that precious PWDORCL.ORA file where I can see everyting using a hex editor. Will keep trying.
This is an Oracle 11.2.0.3 database in our data center where no one seems remember these passwords. Yes, this can happen…
LikeLike
Sorry I wasn’t more help. Lost passwords happen. It’s one reason I’m in favor of annual or more frequent changes to those kinds of accounts, makes it “normal” to do the change and when it breaks something, it’s not the fault of the person making the change!
LikeLike