No, the only thing you can possibly do, remotely, with the SID and address of the machine is to connect to the TNS listener and query the services (depending on listener configuration).
Otherwise, I'd be selling my Oracle license for security concerns. :)
If you are on the machine itself, unless you have a user account on the database, or belong to the dba or osoper group or the like, you will not be able to connect to the database. Not in interest of hacking, but for information purposes, if you have an OS account, the only thing you might see is sqlplus, sqlldr or export sessions with credentials in the command string (which is why on a non-private machine you should always login to those utilities in prompt mode and not by passing the credentials on the command line).
The OP updated the question:
Login to Oracle as sysdba from the OS account, and query the v$session view while the app is active. If the app is logging in, it will show up in v$session. If you have trouble that way, but you happen to know a table name, query SYS.DBA_TABLES for the table name, and note the OWNER column. Or look at V$SQLAREA or one of the other dynamic views that shows current or recent SQL queries on the system.
Example:
root# su - oracle
oracle@linuxdb ~]$ sqlplus / as sysdba
SQL> select username, status, program from v$session where username is not null;
You can view or export the schema, once you know which one, without the app password. Once you reset the password, you will not be able to recover it. I would, instead, set the SYSTEM password, then run expdp (or exp) and export the schema. Something like:
oracle@linuxdb ~]$ expdp system/manager schemas=appschema <other parameters here...>