UCD File Leak

1. ) ( ( )
2. ( /( )\ ) )\ ) ( ( /( * )
3. )\()) ( (()/( (()/( ( )\ )\())` ) /(
4. ((_)\ )\ /(_)) /(_)))((_)((_)\ ( )(_))
5. _((_) _ ((_)(_)) (_)) ((_)_ ((_)(_(_())
6. | \| || | | || | | | | _ ) / _ \|_ _|
7. | .` || |_| || |__ | |__ | _ \| (_) | | |
8. |_|\_| \___/ |____||____||___/ \___/ |_|
9.  
10. The following is a leak of the UCD's dba config sql file
11. I have no clue if it is useful or not... I am but a sciddie
12. It does say in the file: "Get the encrypted password of the user (requires DBA privilege)"
13. And it includes possible a password hash: "define _password = "AEF42D39C3600AD4""
14. So i decided to share my find
15. FILE LINK = http://members.nova.org/~shperl/Oracle/dba_conn.sql
16. ++++++++++++++++++ENJOY+++++++++++++++++++++
17. ------------------------------------------------------------------------------------------------------------------------
18. REM
19. REM.................................................................
20. REM University of California, Davis
21. REM Procedure Name : dba_conn.sql
22. REM Author : Tim L. Olesen
23. REM (Original concept developed by Thomas A. Grayson)
24. REM Date Completed : 11-OCT-90
25. REM Version : V01-001
26. REM Location : $ORACLE_HOME/tools/odms/frm
27. REM
28. REM Execute Commands : start dba_conn.sql
29. REM Purpose:
30. REM
31. REM This SQL script allows any user with DBA privilege to connect to
32. REM another user's account without a password. It accepts a parameter
33. REM for the name of the user to connect to and does the rest. The
34. REM password of the latter user does not change.
35. REM
36. REM Bugs: A non-DBA will be able to connect to the user with this routine
37. REM if that user's password happens to be 'temporary_dummy_password_'.
38. REM This password was selected to make this occurrence unlikely. If the
39. REM user is a DBA and the user to connect to doesn't exist, then the
40. REM user will be created with a password of 'temporary_dummy_password_'.
41. REM
42. REM Modification History:
43. REM Revised By Date Version Description
44. REM ---------- -------- ------- --------------------------------
45. REM mm/dd/yy Vxx-xxx
46. REM
47. REM Input/Output:
48. REM Log. Name File Name Description
49. REM --------- --------- ------------------------------------
50. REM
51. REM Parameters:
52. REM Name Description
53. REM ---- -----------------------------------------------------
54. REM
55. REM.................................................................
56. REM
57. REM set termout off
58. set echo off
59. set verify off
60. set pause off
61. REM
62. REM
63. REM Set the variable '_password' equal to the encrypted value of
64. REM 'temporary_dummy_password_' as a default if the password query
65. REM returns no rows
66. REM
67. define _password = "AEF42D39C3600AD4"
68. REM
69. REM Get the encrypted password of the user (requires DBA privilege)
70. REM
71. column password new_value _password noprint
72. accept USERNAME prompt "Connect as user named : "
73. select password from dba_users where username = upper('&&USERNAME');
74. REM
75. REM Change the password of the user to 'temporary_dummy_password_'
76. REM (requires DBA privilege)
77. REM
78. alter user &&USERNAME identified by temporary_dummy_password_;
79. REM
80. REM Connect to the user using the password 'temporary_dummy_password_'
81. REM
82. connect &USERNAME/temporary_dummy_password_
83. REM
84. REM Reset the encrypted password using the undocumented VALUES keyword
85. REM to GRANT
86. REM
87. alter user &&USERNAME identified by values '&&_password';
88. REM
89. REM Clean up the tracks
90. REM
91. set termout on
92. column password clear
93. undefine _password