I'm dealing to what i would term as "Oracle-Blackhole". For few past days i'm trying to probe myself into oracle-database-server running Oracle 11g Enterprise Edition 11.1.0.7.0. How did i came to know this(version) well i was able to successful retrieve the banner by using the get_host_address function. So it started good. I mean i was also able to do the authentication by-pass and got the web-console but my luck soon ran out as i realized that this account was configured not as much of pure dba/admin roles one it was like one of those strict role-based account in which you can only update set table attributes and fields, CANNOT delete , search/modify or do other administrative tasks. (i think this user has only rights to one table not full database?)

I needed to explore more in depth the construction and design details of the whole database. I'm sure there would not be one databases but multiple tables, and i want to inquire about details of privileged accounts existing on machine and lastly i want to run some o/s level commands accessing the back-end database (perhaps being able to make new user-account,delete others and yes ultimately getting the root level access to the box)

So far oracle sure has been all tough on me...coz i have tried to inject various attack strings but i was bombarded with sql-error ORA-xxx . I know i'm terribly wrong somewhere but i don't know where? this is my first time playing around with an Oracle db and so far it didn't turned out to be a piece of cake for me. So far this is what i have achieved (-ve results / errors)

string:' OR SELECT username FROM all_users ORDER BY username--
function:List Users
error:ORA-00936: missing expression

string:' or SELECT name,spare4 FROM sys.user$ -- priv, 11g--
function:list pwd hashes
error:ORA-00936: missing expression

string:' or SELECT DISTINCT grantee FROM dba_sys_privs WHERE ADMIN_OPTION = 'YES'--
functionriv, list DBAs, DBA roles
error:missing expression

and same set of error when Hostname, IP Address information is queried for

SELECT UTL_INADDR.get_host_name FROM dual;
SELECT host_name FROM v$instance;
SELECT UTL_INADDR.get_host_address FROM dual; -- gets IP address
SELECT UTL_INADDR.get_host_name('10.0.0.1') FROM dual; -- gets hostnames


I want to know what the easiest way to hack into oracle db? and do i have to do some buffer-overflows attacks meaning exploiting application level vulnerabilities against vulnerable oracle services to gain / execute machine/system level commands. Does the programming language matter in this case? In my case i have asp.net and the back-end machine is window 2003.

I would really appreciate help from this great community. Thank