Some of the queries in the table below can only be run by an admin. These are marked with (PRIV) at the description.
Version
SELECT banner FROM v$versionWHERE banner LIKE'Oracle%';SELECT banner FROM v$versionWHERE banner LIKE'TNS%';SELECTversionFROM v$instance;
Comments
SELECT1; -- comment
Current User
SELECT user FROM dual;
List Users
SELECT username FROM all_users ORDER BY username;SELECTnameFROM sys.user$;
List Password Hashes (PRIV)
#Oracle version<= 10gSELECTname, password, astatus FROM sys.user$. astatus tells you if acct is locked#Oracle version 11gSELECTname,spare4 FROM sys.user$
List Privileges (PRIV)
SELECTFROM session_privs;SELECT GRANTEE, GRANTED_ROLE FROM DBA_ROLE_PRIVS;#List a user's privsSELECT FROM dba_sys_privs WHERE grantee = 'DBSNMP';#Find users with a particular privSELECT grantee FROM dba_sys_privs WHERE privilege = 'SELECT ANY DICTIONARY';
List DBA Accounts (PRIV)
SELECT DISTINCT grantee FROM dba_sys_privs WHERE ADMIN_OPTION ='YES';
Current Database
SELECT global_name FROM global_name;SELECTnameFROM v$database;SELECT instance_name FROM v$instance;SELECT SYS.DATABASE_NAME FROM DUAL;
List Databases
#List schemas (one per user)SELECT DISTINCTownerFROM all_tables;
List Tables
SELECT table_name FROM all_tables;SELECTowner, table_name FROM all_tables;
List Columns
SELECT column_name FROM all_tab_columns WHERE table_name ='blah';SELECT column_name FROM all_tab_columns WHERE table_name ='blah'andowner='foo';
Find Tables from Column Name
#NB: table names are upper caseSELECTowner, table_name FROM all_tab_columns WHERE column_name LIKE'%PASS%';
Hostname, IP Address
SELECT UTL_INADDR.get_host_name FROM dual;SELECT host_name FROM v$instance;#Gets IP addressSELECT UTL_INADDR.get_host_address FROM dual;#Gets hostnamesSELECT UTL_INADDR.get_host_name(’10.0.0.1′) FROM dual;
Location of DB Files
SELECTnameFROM V$DATAFILE;
Get all tablenames in One String
#Whenusingunion based SQLi with only one rowSELECTrtrim(xmlagg(xmlelement(e, table_name ||',')).extract('//text()').extract('//text()') ,',') from all_tables