Oracle

Some of the queries in the table below can only be run by an admin. These are marked with (PRIV) at the description.

Version

SELECT banner FROM v$version WHERE banner LIKE 'Oracle%';
SELECT banner FROM v$version WHERE banner LIKE 'TNS%';
SELECT version FROM v$instance;

Comments

SELECT 1; -- comment

Current User

SELECT user FROM dual;

List Users

SELECT username FROM all_users ORDER BY username;
SELECT name FROM sys.user$;

List Password Hashes (PRIV)

#Oracle version <= 10g
SELECT name, password, astatus FROM sys.user$. astatus tells you if acct is locked

#Oracle version 11g
SELECT name,spare4 FROM sys.user$

List Privileges (PRIV)

SELECT FROM session_privs;
SELECT GRANTEE, GRANTED_ROLE FROM DBA_ROLE_PRIVS;

#List a user's privs
SELECT FROM dba_sys_privs WHERE grantee = 'DBSNMP';

#Find users with a particular priv
SELECT grantee FROM dba_sys_privs WHERE privilege = 'SELECT ANY DICTIONARY';

List DBA Accounts (PRIV)

SELECT DISTINCT grantee FROM dba_sys_privs WHERE ADMIN_OPTION = 'YES';

Current Database

SELECT global_name FROM global_name;
SELECT name FROM v$database;
SELECT instance_name FROM v$instance;
SELECT SYS.DATABASE_NAME FROM DUAL;

List Databases

#List schemas (one per user)
SELECT DISTINCT owner FROM all_tables;

List Tables

SELECT table_name FROM all_tables;
SELECT owner, table_name FROM all_tables;

List Columns

SELECT column_name FROM all_tab_columns WHERE table_name = 'blah';
SELECT column_name FROM all_tab_columns WHERE table_name = 'blah' and owner = 'foo';

Find Tables from Column Name

#NB: table names are upper case
SELECT owner, table_name FROM all_tab_columns WHERE column_name LIKE '%PASS%';

Hostname, IP Address

SELECT UTL_INADDR.get_host_name FROM dual;
SELECT host_name FROM v$instance;

#Gets IP address
SELECT UTL_INADDR.get_host_address FROM dual;

#Gets hostnames
SELECT UTL_INADDR.get_host_name(’10.0.0.1′) FROM dual;

Location of DB Files

SELECT name FROM V$DATAFILE;

Get all tablenames in One String

#When using union based SQLi with only one row
SELECT rtrim(xmlagg(xmlelement(e, table_name || ',')).extract('//text()').extract('//text()') ,',') from all_tables

PreviousMSSQL NextPostgreSQL

Last updated 4 years ago

Was this helpful?