1#!/usr/bin/python 2 3""" 4 5Dumping APEX hashes 6=================== 7 81. Automated Way 9 10C:\apex>sqlplus sys as sysdba 11 12SQL*Plus: Release 11.2.0.2.0 Production on Fri Feb 22 17:20:51 2013 13 14Copyright (c) 1982, 2010, Oracle. All rights reserved. 15 16Enter password: 17 18Connected to: 19Oracle Database 11g Express Edition Release 11.2.0.2.0 - Production 20 21SQL> @dump-apex-hashes.sql 22 23$ python apex2john.py apex-hashes.txt > apex-hashes-JtR 24 25$ john pex-hashes-JtR # use JtR-jumbo from https://github.com/magnumripper/JohnTheRipper/ 26Loaded 1 password hash (dynamic_1: md5($p.$s) (joomla) [128/128 SSE2 intrinsics 10x4x3]) 27password (?) 28guesses: 1 time: 0:00:00:00 DONE (Thu Feb 21 17:33:43 2013) c/s: 375 trying: 123456 - boomer 29 302. Manual Way 31 32SQL> alter session set current_schema = APEX_040200; 33 34Session altered. 35 36SQL> select user_name,web_password2,security_group_id from wwv_flow_fnd_user; 37 38USER_NAME 39-------------------------------------------------------------------------------- 40WEB_PASSWORD2 41-------------------------------------------------------------------------------- 42SECURITY_GROUP_ID 43----------------- 44ADMIN 45F96D32CBB2FBE17732C3BBAB91C14F3A 4610 47 48... 49 50$ cat dump-apex-hashes.sql 51set colsep ',' 52set echo off 53set feedback off 54set linesize 1000 55set pagesize 0 56set sqlprompt '' 57set trimspool on 58set headsep off 59set termout off 60alter session set current_schema = APEX_040200; 61spool "apex-hashes.txt" 62select user_name,web_password2,security_group_id from wwv_flow_fnd_user; 63spool off 64 65""" 66 67import hashlib 68 69username = "ADMIN" 70sgid = "10" 71password = "password" 72 73# APEX 4.2.1 algorithm 74print username, sgid, password, hashlib.md5(password + sgid + username).hexdigest() 75 76# should print "f96d32cbb2fbe17732c3bbab91c14f3a" which is the actual hash 77