Penetration Testing mailing list archives
RE: Oracle TNS Listener
From: Michael Gargiullo <mgargiullo () pvtpt com>
Date: Mon, 05 Sep 2005 10:51:46 -0400
I have a tool written in Perl somewhere here to exploit this. Lemme dig around a bit. How much you can do with the listener depends on a few factors. -Mike -----Original Message----- From: Chitresh Sen [mailto:chitresh_sen () ftml net] Sent: Thursday, September 01, 2005 9:41 PM To: pen-test () securityfocus com Subject: Oracle TNS Listener Dear All, Vulnerability: Oracle TNS listener without password; Implication: Remote attacker can control the listener; In order to test the above vulnerability I had done the following: 1. Installed the Oracle 9i client on my laptop 2. Copy the lsnrctl.exe from Oracle 8 server 3. Configured the listener.ora file as follows LISTENER = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = JUNK)(PORT = 1521)) ) ) But I am unable to execute the commands on remote listener and getting the following error. LSNRCTL> status Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=JUNK)(PORT=152 1))(CONNECT_DATA=(SERVICE_NAME=chitresh))) TNS-12538: TNS:no such protocol adapter TNS-12560: TNS:protocol adapter error TNS-00508: No such protocol adapter TNS-12538: TNS:no such protocol adapter TNS-12560: TNS:protocol adapter error TNS-00508: No such protocol adapter What can be the problem ? is it the version problem for lsnrctl.exe because I was unable to get the Oracle 9i server lsnrctl.exe so I had taken from oracle 8 server and copies all its dll and set the path to execute it, or am I missing something. Regards Chitresh -- Chitresh Sen chitresh_sen () ftml net -- http://www.fastmail.fm - The way an email service should be ------------------------------------------------------------------------ ------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Oracle TNS Listener Chitresh Sen (Sep 02)
- <Possible follow-ups>
- RE: Oracle TNS Listener Michael Gargiullo (Sep 05)
- Re: Oracle TNS Listener Pete Finnigan (Sep 06)
- RE: Oracle TNS Listener Chitresh Sen (Sep 07)