Penetration Testing mailing list archives
Re: Oracle tnslistener
From: "rajat swarup" <rajats () gmail com>
Date: Mon, 14 May 2007 19:53:13 -0400
http://www.petefinnigan.com/tools.htm On 5/13/07, Magdelin Tey <crux80 () hotmail com> wrote:
I have encounter this vulnerability before. Try the tool tnscmd.pl . You need the perl compiler to run. It is able to detect the no password settings and you can also issue command to stop the database. cheers Mag >From: tommymay () comcast net (Tommy May) >To: pen-test () securityfocus com >Subject: Oracle tnslistener >Date: Fri, 11 May 2007 00:48:55 +0000 >Received: from outgoing.securityfocus.com ([205.206.231.27]) by >bay0-mc7-f21.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Fri, >11 May 2007 11:18:45 -0700 >Received: from outgoing.securityfocus.com by outgoing.securityfocus.com > via smtpd (for bay0-oim-f.bay0.hotmail.com [65.54.244.232]) with >ESMTP; Fri, 11 May 2007 11:17:32 -0700 >Received: from lists.securityfocus.com (lists.securityfocus.com >[205.206.231.19])by outgoing3.securityfocus.com (Postfix) with QMQPid >C3907239044; Fri, 11 May 2007 12:13:49 -0600 (MDT) >Received: (qmail 25878 invoked from network); 11 May 2007 00:55:50 -0000 >X-Message-Info: >LsUYwwHHNt29ePVLi+1OwHdi9fLYKy7op8ROf5mJVfi4pHtb6xdrxuoAnvZmfu0Y >Mailing-List: contact pen-test-help () securityfocus com; run by ezmlm >Precedence: bulk >List-Id: <pen-test.list-id.securityfocus.com> >List-Post: <mailto:pen-test () securityfocus com> >List-Help: <mailto:pen-test-help () securityfocus com> >List-Unsubscribe: <mailto:pen-test-unsubscribe () securityfocus com> >List-Subscribe: <mailto:pen-test-subscribe () securityfocus com> >Resent-Sender: listbounce () securityfocus com >Errors-To: listbounce () securityfocus com >Delivered-To: mailing list pen-test () securityfocus com >Delivered-To: moderator for pen-test () securityfocus com >X-Mailer: AT&T Message Center Version 1 (Oct 4 2006) >X-Authenticated-Sender: dG9tbXltYXlAY29tY2FzdC5uZXQ= >Resent-Message-Id: <20070511181349.C3907239044 () outgoing3 securityfocus com> >Resent-Date: Fri, 11 May 2007 12:13:49 -0600 (MDT) >Resent-From: pen-test-return-1078484117 () securityfocus com >Return-Path: >pen-test-return-1078484117-crux80=hotmail.com () securityfocus com >X-OriginalArrivalTime: 11 May 2007 18:18:46.0010 (UTC) >FILETIME=[D05A4DA0:01C793F8] > >Anyone know of a good tool that will help to illustrate the vulnerabilities >of Oracle tnslistener left unsecured? I already know that nessus >illustrates when it is unprotected, but I am looking for something that >will actually illustrate a compromise in a proof of concept lab. > >Any insight would be greatly appreciated. > >Thanks, >Tommy > >------------------------------------------------------------------------ >This List Sponsored by: Cenzic > >Are you using SPI, Watchfire or WhiteHat? >Consider getting clear vision with Cenzic >See HOW Now with our 20/20 program! > >http://www.cenzic.com/c/2020 >------------------------------------------------------------------------ > _________________________________________________________________ Advertisement: 1000s of Sexy Singles online now at Lavalife - Click here http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Flavalife9%2Eninemsn%2Ecom%2Eau%2Fclickthru%2Fclickthru%2Eact%3Fid%3Dninemsn%26context%3Dan99%26locale%3Den%5FAU%26a%3D27782&_t=762255081&_r=lavalife_may07_1000sexysingles&_m=EXT ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
-- Rajat Swarup http://rajatswarup.blogspot.com/ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Oracle tnslistener Tommy May (May 11)
- Re: Oracle tnslistener kevin (May 11)
- RE: Oracle tnslistener Magdelin Tey (May 13)
- Re: Oracle tnslistener rajat swarup (May 15)
- <Possible follow-ups>
- Re: Oracle tnslistener visitnikhil (May 12)