Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: getting users passwords in plain text

Re: getting users passwords in plain text

From: John Darrah <darrah.john_at_gmail.com>
Date: Fri, 19 Oct 2007 11:25:20 -0600
Message-ID: <ec40ac060710191025gb226643n834287ac3f6737f0@mail.gmail.com>


What version of the database? It sounds like you need to connect as these users but don't know the passwords. First as was stated above, its a one way hash so you can't get plain text passwords from hash other than by brute force. Here are your options.
1) log in as a DBA user and type alter session set current_schema=<user>. This won't actually make you the user but you will be able to see the objects in that schema without typing the <user>.object_name 2) if your on on 10.2, you can create a proxy user that connects through the user who's password you don't know. google oracle "proxy users" or "connect through". once this user is setup you can sqlplus into the user who's password you don't know.

On 10/16/07, Vincent verpoort <vincent.verpoort_at_gmail.com> wrote:
>
> I think i was not very clear in my email
>
> What i want is to convert the original hashed password to plain text. I
> need to know that passwords because if i change them
> now, the weblogic guys need a weekend to rest them all. And as we don't
> have the time because where doing a release on production systems,
> this weekend i need the passwords of the users.
>
> changing them means that during the installion of new attributes we can't
> keep the pools open. editing the install to run it from the system user
> means we have to
> go back to the testing servers first and redo all testing.
>
> About the "I have a question that's a bit unethical. "
>
> The user's are appliction weblogic connection pool users. thats why its a
> bit unethical and not allot or illegal
>
> Also because these are appliction connection users i can't brute force
> them as it would not be in time unlesse i got about 7.8 year per user
>
> and the big question
>
> I just got here and the dba before me, well lets put it this way: knew the
> stuff but didn't put it down anywhere. And doesn't really wanne help
> anymore. why? don't ask me.
>
>
> tomorrow ill be at work again and ill give http://www.petefinnigan.com/weblog/archives/archive-102007.html
> ( see october 9th : thanks Paul Drake ) a try, ill update this mail
> chain with my findings.
>
> and thank you for all the info it really helped
>
> if anyone has anymore info or a quick fix please email
>
>
> On 10/16/07, Vincent verpoort <vincent.verpoort_at_gmail.com > wrote:
> >
> > i thought of doing a insert into mytable values (username,password); in the
> >
> > $ORACLE_HOME/rdbms/admin/utlpwdmg.sql <http://download-uk.oracle.com/docs/cd/B10501_01/server.920/a96536/ch53.htm#1005955> but i don't wanne edit or write anything more looking for a scritp that converts the hase to plain text
> >
> >
> >
> > On 10/16/07, Sweetser, Joe <JSweetser_at_icat.com > wrote:
> > >
> > > Not exactly sure what you want to do, but you might google for the
> > > undocumented "alter user XXX identified by values..." command. It will let
> > > you set the passwords back to what they were without knowing them.
> > >
> > > hth,
> > > -joe
> > >
> > > ------------------------------
> > > *From:* oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org]
> > > *On Behalf Of *Vincent verpoort
> > > *Sent:* Tuesday, October 16, 2007 7:14 AM
> > > *To:* Oracle-L Freelists
> > > *Subject:* getting users passwords in plain text
> > >
> > >
> > > Hi Experts,
> > >
> > > I have a question that's a bit unethical.
> > >
> > > For a company i'm working for i need to find out what the passwords
> > > are of oracle users. As changing them means a lot of work for allot of
> > > poeple.
> > >
> > > Is there anyway i can clear text the password from dba database, i
> > > have sysdba and all privs.
> > >
> > > any points would be nice also i want to put this into script so if
> > > anyone has something ?
> > >
> > > --
> > > Vincent Verpoort
> > >
> > > ,.-~`"'~-.,_,.-~`"'~-.,_,.-~`"'~-.,_,.-~`"'~-.,_,.-~`"'~-.,_
> > > Communiceren is begrepen worden
> > > ^*<-._,.->*^*<-._,.->*^*<-._,.->*^*<-._,.->*^*<-._,.->*^*<-.
> > >
> > >
> >
> >
> > --
> > Vincent Verpoort
> >
> > ,.-~`"'~-.,_,.-~`"'~-.,_,.-~`"'~-.,_,.-~`"'~-.,_,.-~`"'~-.,_
> > Communiceren is begrepen worden
> > ^*<-._,.->*^*<-._,.->*^*<-._,.->*^*<-._,.->*^*<-._,.->*^*<-.
> >
> >
>
>
> --
> Vincent Verpoort
>
> ,.-~`"'~-.,_,.-~`"'~-.,_,.-~`"'~-.,_,.-~`"'~-.,_,.-~`"'~-.,_
> Communiceren is begrepen worden
> ^*<-._,.->*^*<-._,.->*^*<-._,.->*^*<-._,.->*^*<-._,.->*^*<-.
>
>

--
http://www.freelists.org/webpage/oracle-l
Received on Fri Oct 19 2007 - 12:25:20 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US