A reputable site with collected password lists is https://github. com/danielmiessler/SecLists/tree/master/Passwords. Trying passwords by hand can be time-consuming, but there’s no harm in giving it a shot before breaking out the big guns.
Tools like DBPwAudit (for Oracle, MySQL, MS-SQL and DB2) and Access Passview (for MS Access) are popular password auditing tools that can be run against most databases. [3] X Research source You can also search Google for newer password auditing tools specifically for your database. For instance, a search for password audit tool oracle db if you’re hacking an Oracle database. If you have an account on the server that hosts the database, you can run a hash cracker like John the Ripper against the database’s password file. The location of the hash file is different depending on the database. [4] X Research source Only download from sites that you can trust. Research tools extensively before using them.
Another site with exploits is www. exploit-db. com. Go to their website and click the Search link, then search for the type of database you want to hack (for example, “oracle”). Type the Captcha code in the provided square and search. Be sure you research all exploits you plan to try so you know what to do in case of potential issues.
