Penetration Testing mailing list archives

Re: Oracle tnslistener

From: "kevin" <toggmeister () vulnerabilityassessment co uk>
Date: Fri, 11 May 2007 19:48:42 +0100

Tommy,

I am assuming you are talking about early versions of Oracle, withlittle or no protection afforded to them and if so, you could use a numberof tools to effectively deny access to the database by stopping thelistener. The free ones that spring to mind are:

Winsid - now no longer available from the authors site, a copy is availablefrom:

http://www.vulnerabilityassessment.co.uk/WinSID.zip

Oracle TNSLSNR from:
http://www.dokfleed.net/duh/modules.php?name=News&file=article&sid=35

or the in-built Oracle  LSNRCTL command.

Alex Kornbrust wrote a nice article for users of BackTrack 2 on OracleAuditing:


http://www.red-database-security.com/wp/backtrack_oracle_tutorial.pdf

Rgds, have a nice weekend.

Kev Orrey
http://www.vulnerabilityassessment.co.uk

----- Original Message -----From: "Tommy May" <tommymay () comcast net>

To: <pen-test () securityfocus com>
Sent: Friday, May 11, 2007 1:48 AM
Subject: Oracle tnslistener

Anyone know of a good tool that will help to illustrate thevulnerabilities of Oracle tnslistener left unsecured? I already know thatnessus illustrates when it is unprotected, but I am looking for somethingthat will actually illustrate a compromise in a proof of concept lab.
Any insight would be greatly appreciated.

Thanks,
Tommy

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

Current thread:

Oracle tnslistener Tommy May (May 11)
- Re: Oracle tnslistener kevin (May 11)
- RE: Oracle tnslistener Magdelin Tey (May 13)
  - Re: Oracle tnslistener rajat swarup (May 15)
- <Possible follow-ups>
- Re: Oracle tnslistener visitnikhil (May 12)