Pretty simple from there. There is probably an account called oracle that is the software owner. su - oracle cd $ORACLE_HOME/bin ./svrmgrl connect / as sysdba spool results.log select * from dba_users; /*perform any other sql statements you would like now*/ /*to find the actual location of the database files run the following sql statement*/ select * from dba_data_files; Aaron C. Newman CTO/Founder Application Security, Inc. 212-490-6022 anewmanat_private www.appsecinc.com -Protection Where It Counts- -----Original Message----- From: pen-test-return-405-aaron=newman-family.comat_private [mailto:pen-test-return-405-aaron=newman-family.comat_private]On Behalf Of Osvaldo J . Filho Sent: Monday, June 25, 2001 6:21 PM To: pen-testat_private Subject: Pen Testing a Oracle database. How to pull data? Hello, I am currently pen testing a DB server running Oracle. I already got root on it, and I would like a lil' help to gather info on human readable format. Is there a specific file/dir where all DB data are? How can I get/convert it to Human Readable or even edit the data without any external programs like SQLNet? The server is running AIX. Any help is appreciated. Thank you very much. Osvaldo J. Filho osvaldojaneriat_private -------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Jun 26 2001 - 16:33:23 PDT