Re: Oracle TNS listener

[Esteban Martinez Fayo <secemf () yahoo com ar>]

Chitresh,

To do what you are trying to you can use the tnscmd
tool:
http://www.jammed.com/~jwa/hacks/security/tnscmd/

Regards,
Esteban MF.

--- Chitresh Sen <chitresh_sen () ftml net> wrote:

> Dear All,
>
> Vulnerability: Oracle TNS listener without password;
> Implication: Remote attacker can control the
> listener;
>
> In order to test the above vulnerability I had done
> the following:
>
> 1. Installed the Oracle 9i client on my laptop
> 2. Copy the lsnrctl.exe from Oracle 8 server
> 3. Configured the listener.ora file as follows
>
> LISTENER =
>   (DESCRIPTION_LIST =
>     (DESCRIPTION =
>       (ADDRESS_LIST =
>         (ADDRESS = (PROTOCOL = TCP)(HOST =
> JUNK)(PORT = 1521))
>       )
>     )
>
> But I am unable to execute the commands on remote
> listener and getting
> the following error.
>
> LSNRCTL> status
> Connecting to
(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=JUNK)(PORT=152
> 1))(CONNECT_DATA=(SERVICE_NAME=chitresh)))
> TNS-12538: TNS:no such protocol adapter
>  TNS-12560: TNS:protocol adapter error
>   TNS-00508: No such protocol adapter
>
>     TNS-12538: TNS:no such protocol adapter
>      TNS-12560: TNS:protocol adapter error
>       TNS-00508: No such protocol adapter
>
> What can be the problem ? is it the version problem
> for lsnrctl.exe
> because I was unable to get the Oracle 9i server
> lsnrctl.exe so I had
> taken from oracle 8 server and copies all its dll
> and set the path to
> execute it, or am I missing something.
>
> Regards
> Chitresh
> -- 
>   Chitresh Sen
>   chitresh_sen () ftml net
>
> -- 
> http://www.fastmail.fm - mmm... Fastmail...


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com