How to list files from directory using external table in 12c

10.02.2016
by Kamil Stawiarski

I’ve wrote about privilege escalation with external tables in this post:
https://blog.ora-600.pl/2014/12/23/simple-technics-of-privilege-escalation-part2-dbasysdba/

This time we will try to list all files within directory object, to which we have no EXECUTE privs. This is possible due to great new feature of database 12c that allows to use metacharacters to match multiple files in external table.

I have database 12c:

view source
print?
1SQL> select banner from v$version;
2 
3BANNER
4--------------------------------------------------------------------------------
5Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
6PL/SQL Release 12.1.0.2.0 - Production
7CORE    12.1.0.2.0  Production
8TNS for Linux: Version 12.1.0.2.0 - Production
9NLSRTL Version 12.1.0.2.0 - Production

And I’ll create a sample user with limited privileges:

view source
print?
1SQL> create user rico identified by kaboom;
2 
3User created.
4 
5SQL> create or replace directory dir_oracle as '/home/oracle';
6 
7Directory created.
8 
9SQL> grant connect, resource to rico;
10 
11Grant succeeded.
12 
13SQL> grant read, write on directory dir_oracle to rico;
14 
15Grant succeeded.

Now let’s try to list all files in directory DIR_ORACLE using just external tables.

First we will create external table which will try to read all files from this directory:

view source
print?
1SQL> conn rico/kaboom
2Connected.
3SQL> get exttab
4  1  CREATE TABLE gen_list (
5  2  txt varchar2(4000)
6  3    )
7  4    ORGANIZATION EXTERNAL (
8  5  TYPE ORACLE_LOADER
9  6  DEFAULT DIRECTORY dir_oracle
10  7  ACCESS PARAMETERS (
11  8     RECORDS DELIMITED BY NEWLINE
12  9     LOGFILE '.ls.log'
13 10     DISABLE_DIRECTORY_LINK_CHECK
14 11     FIELDS TERMINATED BY ','
15 12     MISSING FIELD VALUES ARE NULL
16 13      (
17 14        txt
18 15      )
19 16   )
20 17   LOCATION ('*')
21 18    )
22 19*      REJECT LIMIT 0
23SQL> /
24 
25Table created.

Selecting from this table will probably cause error and return no values – but it will create a logfile – .ls.log
And this log we will read using another table 😉

view source
print?
1SQL> ed
2Wrote file afiedt.buf
3 
4  1  CREATE TABLE get_list (
5  2  txt varchar2(4000)
6  3    )
7  4    ORGANIZATION EXTERNAL (
8  5  TYPE ORACLE_LOADER
9  6  DEFAULT DIRECTORY dir_oracle
10  7  ACCESS PARAMETERS (
11  8     RECORDS DELIMITED BY NEWLINE
12  9     NOLOGFILE
13 10     DISABLE_DIRECTORY_LINK_CHECK
14 11     FIELDS TERMINATED BY ','
15 12     MISSING FIELD VALUES ARE NULL
16 13      (
17 14        txt
18 15      )
19 16   )
20 17   LOCATION ('.ls.log')
21 18    )
22 19*      REJECT LIMIT 0
23SQL> /
24 
25Table created.
26 
27SQL> select * from get_list;
28 
29TXT
30--------------------------------------------------------------------------------
31 
32 
33 LOG file opened at 02/10/16 23:32:54
34 
35KUP-05004:   Warning: Intra source concurrency disabled because parallel select
36was not requested.
37 
38 
39Location specification * has a wild card
40  Matching files are:
41    .Xauthority
42 
43TXT
44--------------------------------------------------------------------------------
45    .bash_history
46    .bash_logout
47    .bash_profile
48    .bashrc
49    .grid
50    .kshrc
51    .lesshst
52    .ls.log
53    .orcl
54    afiedt.buf
55    aggr.sql
56 
57TXT
58--------------------------------------------------------------------------------
59    alter.sql
60    bash_profile.txt
61    bh.sql
62    count.sql
63    dbm.env
64    disks.sql
65    ehcc.sql
66    exttab.sql
67    fmw_12.1.3.0.0_infrastructure.jar
68    fmw_12.1.3.0.0_odi.jar
69    grid.env
70 
71TXT
72--------------------------------------------------------------------------------
73    grid.env.bck
74    hardcopy.0
75    hr_spatial.dmp
76    hr_spatial.log
77    im_off.sql
78    im_on.sql
79    im_query1.sql
80    im_query2.sql
81    im_status.sql
82    install2015-04-23_11-44-25.log
83    install2015-04-23_11-57-20.log
84 
85TXT
86--------------------------------------------------------------------------------
87    java0.log
88    join_group_small.sql
89    my_init.ora
90    ne
91    netstat
92    off_off.sql
93    off_on.sql
94    oratop.RDBMS_12.1_LINUX_X64
95    orcl.env
96    orcl.env.bck
97    orcl1.env
98 
99TXT
100--------------------------------------------------------------------------------
101    orcl2.env
102    orcl3.env
103    orcl4.env
104    plan.sql
105    planoff.sql
106    planon.sql
107    ps_q01.sql
108    ps_q01plan.sql
109    q.sql
110    q01.sql
111    sales_six.sql
112 
113TXT
114--------------------------------------------------------------------------------
115    saprse_dg.sql
116    sesja1.sql
117    sesja2.sql
118    sesja3.sql
119    set_cluster_interconnect.lst
120    set_cluster_interconnect.wk1
121    size.sql
122    small_Table.sql
123    snapshot.sql
124    spid.sql
125    sql_stat.sql
126 
127TXT
128--------------------------------------------------------------------------------
129    sqldeveloper-4.1.2.20.64-x64.zip
130    ssb.tar
131    tables.sql
132    test.xml
133    union.sql
134    v
135    val.sql
136    with.sql
137    zap.sql
138    zap1.sql
139    zap2.sql
140 
141TXT
142--------------------------------------------------------------------------------
143    zap4.sql
144    zap5.sql
145    zap6.sql
146 
147Field Definitions for table GEN_LIST
148  Record format DELIMITED BY NEWLINE
149  Data in file has same endianness as the platform
150  Rows with all null fields are accepted
151 
152  Fields in Data Source:
153 
154 
155TXT
156--------------------------------------------------------------------------------
157    TXT                 CHAR (255)
158      Terminated by "
159      Trim whitespace same as SQL Loader

That’s it 😉
So use external tables with attention. They are powerful and can be dangerous.

Search:

Category:
choose
All categories 12c Exadata GO internals konferencje Oracle RAC RMAN RUST security tips&tricks tuning

Popular posts

14.06.2016
ORACLE RAC 12c: restore OCR and VOTEDISK

Let’s fuckup the cluster! Of course after this operation, the final state of the processes can look like this: The cssd service will not be able to start, because there are no voting disks: OK, so let’s try to stop the cluster services: Now we will have to start CRS in exclusive mode and start […]

Read more
10.02.2016
How to list files from directory using external table in 12c

I’ve wrote about privilege escalation with external tables in this post: https://blog.ora-600.pl/2014/12/23/simple-technics-of-privilege-escalation-part2-dbasysdba/ This time we will try to list all files within directory object, to which we have no EXECUTE privs. This is possible due to great new feature of database 12c that allows to use metacharacters to match multiple files in external table. I […]

Read more
28.05.2017
How to recover a dropped package from archivelogs – based on research for VOODOO engine

Sorry for long time without post, but we are writing with Marcin Rydz a new heterogenous replication product based on archivelogs and it’s consuming a looooooot of our time 🙂 Yes I know it’s nothing new on the market. There are other cool products and I know they’ll be probably be better. But we want […]

Read more
01.02.2017
back to the basics: ALTER TABLE MOVE vs SHRINK

It’s time for the next article with ODBV visualisation 🙂 This time let’s examine the difference between move and shrink – this is very common question on a lot of trainings. You can find a lot of great articles in the Internet regarding this subject but I think that visualisation really helps to understand what […]

Read more
03.05.2015
12c: Spatial Vector Acceleration

There is a new feature in Oracle Spatial 12c, called "Spatial Vector Acceleration". According to Oracle: One of the most notable improvements with Oracle Spatial and Graph 12c can be seen in performance increases in vector data operations. Enabling the Spatial Vector Acceleration feature (available with the Spatial option) dramatically improves the performance of commonly […]

Read more
30.12.2016
back to the basics: truncate table reuse storage vs drop storage

From time to time I get questions on my trainings, what is the difference between TRUNCATE TABLE and TRUNCATE TABLE DROP STORAGE… well, there is no difference because DROP STORAGE is default 😉 DROP STORAGE Specify DROP STORAGE to deallocate all space from the deleted rows from the table except the space allocated by the […]

Read more
28.10.2017
Visualize your STATSPACK reports with Python Plotly

If you work as a consultant, getting remote access to your customer is sometimes a nightmare! Even when you’ll get one, there a times when you just want to get your job done and finish this nightmare. For example, there are times when it is easier to dump a statspack repo and do offline analyzes. […]

Read more
08.02.2016
Sparc M7 vs Intel and P8

I had a pleasure to work with my colleagues from Oracle – Radosław Kut and Krzysztof Marciniak – at comparing the performance of In-Memory queries between Sparc M7, Intel® Xeon® X5670 and Intel® Xeon® E5-2699. You can find results of our findings in this presentation: https://www.oracle.com/webfolder/s/delivery_production/docs/FY16h1/doc17/DB12c-on-SPARC-M7.pdf Following their methodology I’d like to present appropriate results […]

Read more
29.10.2015
Oracle 12c: PRAGMA UDF – the truth

Let’s check, why PRAGMA UDF makes execution faster, then regular function. C function responsible for calling a PL/SQL code from SQL is called "plsql_run": Now let’s try to create a new HR session and create a simple function which will multiple values by 2: From other terminal I will connect to the HR session with […]

Read more
12.03.2017
ODBV improvements

Thanks to suggestions made by Frits Hoogland, I made some improvements to the ODBV. The new version can be found here: http://ora-600.pl/oinstall/odbv.x86_64 The changes are: Recognition of first, second and third level bitmap block Recognition of pagetable segment header Block number ranges on the left side The blocks will be coloured properly to belonging segment. […]

Read more
10.02.2024
[SOLVED!] ORA-39405: Oracle Data Pump does not support importing from a source database with TSTZ

This is a pain in the ass. You try to import something from a newer database and you hit the error that your timestamp is not good enough! Even tho you have no timestamp datatypes in the dump… The whole case was covered by Mike Dietrich: Let me show you my – a little bit […]

Read more
03.11.2016
Oracle Database Block Visualizer

Recently I wanted to demonstrate to some people on my training, how Oracle database maintains blocks in a datafile – what happens after truncate, truncate with drop storage clause, delete, regular insert, direct path insert and so on… I didn’t find any tool for that so I’ve written my own. It’s core code is based […]

Read more

Contact us

Database Whisperers sp. z o. o. sp. k.
al. Jerozolimskie 200, 3rd floor, room 342
02-486 Warszawa
NIP: 5272744987
REGON:362524978
+48 508 943 051
+48 661 966 009
info@ora-600.pl

Newsletter Sign up to be updated