SQLPlus

This can be used to run .sql scripts against Oracle.  You need the Oracle 9i or any other client (Runtime installing from the Oracle 9i disk 1).

Now run WinSID or a similar tool and look for:

SERVICE_NAME=test.domain   (in this case test.domain)

Now go to a command prompt and type: 

sqlplus user/password@test.domain (to access sqlplus) and connect to remote

Oracle server. 

(where user = valid username and password = valid password on the Oracle server obtained from OScanner or OAT)

Now from SQL> @c:\sql\sql   (Script is located at c:\sql and is called sql.sql)

A plethora of .sql scripts that will output a great deal of information to assess the security of the database are available from:  http://www.pentest.co.uk.

Note:- Ensure the spool [output_file_name] is specified at the top of the script to save a copy locally to a .lis file and that spool off is

at the end.  If this is not the case you will only get output to the screen only.

A prompt opens: