| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: Reverse engineer passwords
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01BFEFC3.CD40FBF4
Content-Type: text/plain;
charset="iso-8859-1"
I'm sorry
Oracle is keeping this a secret so you cannot reverse engineer it but you
can keep the original password in a temp file, changed it with alter user
then check you application.
If all works fine then you know the password isn't related anywhere in the
application(s).
Change the next password and so on
If the application fails on invalid password then check the code and if
possible change the used password to the new one, or change the encrypted
password in dba_users back to original one.
hth
Vincent Ruger
-----Oorspronkelijk bericht-----
Van: root_at_fatcity.com [mailto:root_at_fatcity.com]Namens Linda Hagedorn
Verzonden: vrijdag 14 juli 2000 19:16
Aan: Multiple recipients of list ORACLE-L
Onderwerp: RE: Reverse engineer passwords
Hi Vincent,
I have the encrypted password, and I want to reverse engineer it to the Ebcdic. Do you have the math or routine?
Thanks,
Linda
-----Original Message-----
Sent: Friday, July 14, 2000 5:45 AM
To: Multiple recipients of list ORACLE-L
hi,
look into dba_users, there y'll find the encrypted password.
Vincent
-----Oorspronkelijk bericht-----
Van: root_at_fatcity.com [mailto:root_at_fatcity.com]Namens Siva_Chintalapati
Verzonden: vrijdag 14 juli 2000 14:09
Aan: Multiple recipients of list ORACLE-L
Onderwerp: RE: Reverse engineer passwords
Where does this passwords store.What is that file.Will it be in encrypted
form??
Siva
Hi,
You can store the encrypted password in a table, change your password as you like, test your application, if it fails then you know where to look because probably the password will be somewhere in the application or you can put the encrypted pasword back in de original table.
good luck
Vicnent Ruger
(Oracle DBA)
-----Oorspronkelijk bericht-----
Van: root_at_fatcity.com [ mailto:root_at_fatcity.com <mailto:root_at_fatcity.com>
]Namens Eric Lansu
Verzonden: vrijdag 14 juli 2000 12:15
Aan: Multiple recipients of list ORACLE-L
Onderwerp: Re: Reverse engineer passwords
I hope it's not possible to do this reverse engeneering for it would
mean a
serious security-problem.
Eric Lansu
> Some passwords are lost, others are in clear text, others are
operational
> (somewhere in production), but not known due to turnover. Rather than
> possibly break running systems by changing passwords, we (dba staff) would
> like to reverse engineer the passwords in dba_users. > > Has anyone done this, and if so, will you send the key to me? Referralsto
> documentation are appreciated. > > Thank you. > > Linda Hagedorn > > -- > Author: Linda Hagedorn > INET: Linda_at_pets.com > > Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 > San Diego, California -- Public Internet access / Mailing Lists > -------------------------------------------------------------------- > To REMOVE yourself from this mailing list, send an E-Mail message > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). --
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists --------------------------------------------------------------------To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L
-- Author: Linda Hagedorn INET: Linda_at_pets.com Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-LReceived on Mon Jul 17 2000 - 02:51:21 CDT
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing). ------_=_NextPart_001_01BFEFC3.CD40FBF4 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2650.12"> <TITLE>RE: Reverse engineer passwords</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>I'm sorry</FONT> <BR><FONT SIZE=3D2>Oracle is keeping this a secret so you cannot = reverse engineer it but you can keep the original password in a temp = file, changed it with alter user then check you application.</FONT></P> <P><FONT SIZE=3D2>If all works fine then you know the password isn't = related anywhere in the application(s).</FONT> <BR><FONT SIZE=3D2>Change the next password and so on</FONT> <BR><FONT SIZE=3D2>If the application fails on invalid password then = check the code and if possible change the used password to the new one, = or change the encrypted password in dba_users back to original = one.</FONT></P> <P><FONT SIZE=3D2>hth</FONT> </P> <P><FONT SIZE=3D2>Vincent Ruger </FONT> </P> <P><FONT SIZE=3D2>-----Oorspronkelijk bericht-----</FONT> <BR><FONT SIZE=3D2>Van: root_at_fatcity.com [<A = HREF=3D"mailto:root_at_fatcity.com">mailto:root_at_fatcity.com</A>]Namens = Linda Hagedorn</FONT> <BR><FONT SIZE=3D2>Verzonden: vrijdag 14 juli 2000 19:16</FONT> <BR><FONT SIZE=3D2>Aan: Multiple recipients of list ORACLE-L</FONT> <BR><FONT SIZE=3D2>Onderwerp: RE: Reverse engineer passwords</FONT> </P> <BR> <P><FONT SIZE=3D2>Hi Vincent, </FONT> <BR><FONT SIZE=3D2> </FONT> <BR><FONT SIZE=3D2>I have the encrypted password, and I want to reverse = engineer it to the</FONT> <BR><FONT SIZE=3D2>Ebcdic. Do you have the math or = routine?</FONT> <BR><FONT SIZE=3D2> </FONT> <BR><FONT SIZE=3D2>Thanks, </FONT> <BR><FONT SIZE=3D2> </FONT> <BR><FONT SIZE=3D2>Linda </FONT> </P> <P><FONT SIZE=3D2>-----Original Message-----</FONT> <BR><FONT SIZE=3D2>Sent: Friday, July 14, 2000 5:45 AM</FONT> <BR><FONT SIZE=3D2>To: Multiple recipients of list ORACLE-L</FONT> </P> <BR> <P><FONT SIZE=3D2>hi,</FONT> <BR><FONT SIZE=3D2> </FONT> <BR><FONT SIZE=3D2>look into dba_users, there y'll find the encrypted = password.</FONT> <BR><FONT SIZE=3D2> </FONT> <BR><FONT SIZE=3D2> </FONT> <BR><FONT SIZE=3D2>Vincent</FONT> <BR><FONT SIZE=3D2> </FONT> </P> <P><FONT SIZE=3D2>-----Oorspronkelijk bericht-----</FONT> <BR><FONT SIZE=3D2>Van: root_at_fatcity.com [<A = HREF=3D"mailto:root_at_fatcity.com">mailto:root_at_fatcity.com</A>]Namens = Siva_Chintalapati</FONT> <BR><FONT SIZE=3D2>Verzonden: vrijdag 14 juli 2000 14:09</FONT> <BR><FONT SIZE=3D2>Aan: Multiple recipients of list ORACLE-L</FONT> <BR><FONT SIZE=3D2>Onderwerp: RE: Reverse engineer passwords</FONT> </P> <BR> <BR> <P><FONT SIZE=3D2>Where does this passwords store.What is that = file.Will it be in encrypted</FONT> <BR><FONT SIZE=3D2>form?? </FONT> <BR><FONT SIZE=3D2>Siva </FONT> </P> <P> <FONT SIZE=3D2>---------- = </FONT> <BR><FONT SIZE=3D2>Reply To: = ORACLE-L_at_fatcity.com </FONT> <BR><FONT SIZE=3D2>Sent: Friday, July 14, 2000 4:35 PM = </FONT> <BR><FONT SIZE=3D2>To: Multiple recipients of = list ORACLE-L </FONT> </P> <P> <FONT SIZE=3D2>Hi, = </FONT> </P> <P> <FONT SIZE=3D2>You can = store the encrypted password in a table, change your</FONT> <BR><FONT SIZE=3D2>password as you like, test your application, if it = fails then you know where</FONT> <BR><FONT SIZE=3D2>to look because probably the password will be = somewhere in the application</FONT> <BR><FONT SIZE=3D2>or you can put the encrypted pasword back in de = original table.</FONT> </P> <P> <FONT SIZE=3D2>good luck = </FONT> </P> <P> <FONT SIZE=3D2>Vicnent = Ruger </FONT> <BR><FONT SIZE=3D2>(Oracle DBA) </FONT> </P> <P> <FONT = SIZE=3D2>-----Oorspronkelijk bericht----- </FONT> <BR><FONT SIZE=3D2>Van: root_at_fatcity.com [ <A = HREF=3D"mailto:root_at_fatcity.com">mailto:root_at_fatcity.com</A> <<A = HREF=3D"mailto:root_at_fatcity.com">mailto:root_at_fatcity.com</A>></FONT> <BR><FONT SIZE=3D2>]Namens Eric Lansu </FONT> <BR><FONT SIZE=3D2>Verzonden: vrijdag 14 juli 2000 12:15 </FONT> <BR><FONT SIZE=3D2>Aan: Multiple recipients of list ORACLE-L </FONT> <BR><FONT SIZE=3D2>Onderwerp: Re: Reverse engineer passwords </FONT> </P> <BR> <P> <FONT SIZE=3D2>I hope = it's not possible to do this reverse engeneering for it would</FONT> <BR><FONT SIZE=3D2>mean a </FONT> <BR><FONT SIZE=3D2>serious security-problem. </FONT> </P> <P> <FONT SIZE=3D2>Eric Lansu = </FONT> </P> <P> <FONT SIZE=3D2>----- = Original Message ----- </FONT> <BR><FONT SIZE=3D2>To: "Multiple recipients of list ORACLE-L" = <ORACLE-L_at_fatcity.com> </FONT> <BR><FONT SIZE=3D2>Sent: Thursday, 13 July 2000 22:17 </FONT> </P> <BR> <P> <FONT SIZE=3D2>> Some = passwords are lost, others are in clear text, others are</FONT> <BR><FONT SIZE=3D2>operational </FONT> <BR><FONT SIZE=3D2>> (somewhere in production), but not known due to = turnover. Rather than </FONT> <BR><FONT SIZE=3D2>> possibly break running systems by changing = passwords, we (dba staff) would</FONT> </P> <P><FONT SIZE=3D2>> like to reverse engineer the passwords in = dba_users. </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Has anyone done this, and if so, will you send = the key to me? Referrals </FONT> <BR><FONT SIZE=3D2>to </FONT> <BR><FONT SIZE=3D2>> documentation are appreciated. </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Thank you. </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Linda Hagedorn </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> -- </FONT> <BR><FONT SIZE=3D2>> Author: Linda Hagedorn </FONT> <BR><FONT SIZE=3D2>> INET: Linda_at_pets.com </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Fat City Network Services -- =
(858) 538-5051 FAX: (858) 538-5051 </FONT>
<BR><FONT SIZE=3D2>> San Diego, = California -- Public Internet = access / Mailing Lists </FONT> <BR><FONT SIZE=3D2>> = -------------------------------------------------------------------- = </FONT> <BR><FONT SIZE=3D2>> To REMOVE yourself from this mailing list, send = an E-Mail message </FONT> <BR><FONT SIZE=3D2>> to: ListGuru_at_fatcity.com (note EXACT spelling = of 'ListGuru') and in </FONT> <BR><FONT SIZE=3D2>> the message BODY, include a line containing: = UNSUB ORACLE-L </FONT> <BR><FONT SIZE=3D2>> (or the name of mailing list you want to be = removed from). You may </FONT> <BR><FONT SIZE=3D2>> also send the HELP command for other = information (like subscribing). </FONT> </P> <P> <FONT SIZE=3D2>-- </FONT> <BR><FONT SIZE=3D2>Author: Eric Lansu </FONT> <BR><FONT SIZE=3D2> INET: eric.lansu_at_quicknet.nl </FONT> </P> <P> <FONT SIZE=3D2>Fat City = Network Services -- (858) 538-5051 FAX: (858) = 538-5051 </FONT> <BR><FONT SIZE=3D2>San Diego, = California -- Public Internet = access / Mailing Lists </FONT> <BR><FONT = SIZE=3D2>---------------------------------------------------------------= ----- </FONT> <BR><FONT SIZE=3D2>To REMOVE yourself from this mailing list, send an = E-Mail message </FONT> <BR><FONT SIZE=3D2>to: ListGuru_at_fatcity.com (note EXACT spelling of = 'ListGuru') and in </FONT> <BR><FONT SIZE=3D2>the message BODY, include a line containing: UNSUB = ORACLE-L </FONT> <BR><FONT SIZE=3D2>(or the name of mailing list you want to be removed = from). You may </FONT> <BR><FONT SIZE=3D2>also send the HELP command for other information =
(like subscribing). </FONT>
</P> <BR> <P><FONT SIZE=3D2>-- </FONT> <BR><FONT SIZE=3D2>Author: Linda Hagedorn</FONT> <BR><FONT SIZE=3D2> INET: Linda_at_pets.com</FONT> </P> <P><FONT SIZE=3D2>Fat City Network Services -- (858) = 538-5051 FAX: (858) 538-5051</FONT> <BR><FONT SIZE=3D2>San Diego, = California -- Public Internet = access / Mailing Lists</FONT> <BR><FONT = SIZE=3D2>---------------------------------------------------------------= -----</FONT> <BR><FONT SIZE=3D2>To REMOVE yourself from this mailing list, send an = E-Mail message</FONT> <BR><FONT SIZE=3D2>to: ListGuru_at_fatcity.com (note EXACT spelling of =
 |
 |