pwny.cc
Search…
Oracle
Some of the queries in the table below can only be run by an admin. These are marked with (PRIV) at the description.

Version

1
SELECT banner FROM v$version WHERE banner LIKE 'Oracle%';
2
SELECT banner FROM v$version WHERE banner LIKE 'TNS%';
3
SELECT version FROM v$instance;
Copied!

Comments

1
SELECT 1; -- comment
Copied!

Current User

1
SELECT user FROM dual;
Copied!

List Users

1
SELECT username FROM all_users ORDER BY username;
2
SELECT name FROM sys.user$;
Copied!

List Password Hashes (PRIV)

1
#Oracle version <= 10g
2
SELECT name, password, astatus FROM sys.user$. astatus tells you if acct is locked
3
4
#Oracle version 11g
5
SELECT name,spare4 FROM sys.user$
Copied!

List Privileges (PRIV)

1
SELECT FROM session_privs;
2
SELECT GRANTEE, GRANTED_ROLE FROM DBA_ROLE_PRIVS;
3
4
#List a user's privs
5
SELECT FROM dba_sys_privs WHERE grantee = 'DBSNMP';
6
7
#Find users with a particular priv
8
SELECT grantee FROM dba_sys_privs WHERE privilege = 'SELECT ANY DICTIONARY';
Copied!

List DBA Accounts (PRIV)

1
SELECT DISTINCT grantee FROM dba_sys_privs WHERE ADMIN_OPTION = 'YES';
Copied!

Current Database

1
SELECT global_name FROM global_name;
2
SELECT name FROM v$database;
3
SELECT instance_name FROM v$instance;
4
SELECT SYS.DATABASE_NAME FROM DUAL;
Copied!

List Databases

1
#List schemas (one per user)
2
SELECT DISTINCT owner FROM all_tables;
Copied!

List Tables

1
SELECT table_name FROM all_tables;
2
SELECT owner, table_name FROM all_tables;
Copied!

List Columns

1
SELECT column_name FROM all_tab_columns WHERE table_name = 'blah';
2
SELECT column_name FROM all_tab_columns WHERE table_name = 'blah' and owner = 'foo';
Copied!

Find Tables from Column Name

1
#NB: table names are upper case
2
SELECT owner, table_name FROM all_tab_columns WHERE column_name LIKE '%PASS%';
Copied!

Hostname, IP Address

1
SELECT UTL_INADDR.get_host_name FROM dual;
2
SELECT host_name FROM v$instance;
3
4
#Gets IP address
5
SELECT UTL_INADDR.get_host_address FROM dual;
6
7
#Gets hostnames
8
SELECT UTL_INADDR.get_host_name(10.0.0.1) FROM dual;
Copied!

Location of DB Files

1
SELECT name FROM V$DATAFILE;
Copied!

Get all tablenames in One String

1
#When using union based SQLi with only one row
2
SELECT rtrim(xmlagg(xmlelement(e, table_name || ',')).extract('//text()').extract('//text()') ,',') from all_tables
Copied!
Last modified 8mo ago