Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[NSE] Changes/Improvements to Oracle TNS library

From: Patrik Karlsson <patrik () cqure net>
Date: Sun, 21 Aug 2011 21:20:12 +0200
Hi list,

After receiving bug reports from Duarte Silva and Alexander Kornbrust I've been working on the tns library to fix it.
The bugs found were both in the query code as well as in the connect code of the library.
I would like to thank both Duarte and Alexander for sending me packet dumps so that I've been able to look into the 
problem in detail.

It turns out that the packet needed to perform a connection and authenticate to the server are a little different 
depending on what platform we're connecting to.
Although I already knew that and had accounted for it in the library, I had only tested 32-bit servers which apparently 
behave a little different than 64-bit servers.
I've tried to address this in the library now and have done some more testing of both the connection/authentication 
code and the query code and it seems to work better now.
There are still a lot of unknowns in this implementation as the library is more or less completely based on packet 
dumps, due to the lack of documentation.
I've improved error handling a little and changed the code so it will only connect to tested versions that are known to 
work.
By tested versions I don't mean the full version number eg. 11.2.0.2.0 but rather the version reported in the packets 
eg. IBMPC/WIN_NT64-9.1.0.

Here's a complete list of servers I've been testing against:
+--------+---------------+-------+-------------------------------+
| OS     | DB Version    | Arch  | Functionality                 |
+--------+---------------+-------+-------------------------------|
| Win    | 11.2.0.2.0    | 64bit | Authentication                |
| Win    | 11.2.0.1.0    | 64bit | Authentication                |
| Win    | 11.1.0.6.0    | 64bit | Authentication                |
| Win    | 11.1.0.6.0    | 32bit | Authentication, Queries       |
| Win    | 11.2.0.1.0    | 32bit | Authentication, Queries       |
| Linux  | 10.2.0.1.0    | 32bit | Authentication                |
| Linux  | 11.2.0.1.0    | 64bit | Authentication                |
+--------+---------------+-------+-------------------------------+

As you can see, there's still some work to be done to get query functionality working in more versions.
While I don't have time to look into this at the moment I hope to do so soon.
In addition to bug reports I'm also interested to get more versions in to the table, so if you have a version that's 
not in the table that works, please let me know.

Also, there's currently an undocumented argument tns.forceos that allows you to force the packet exchange of a specific 
OS.
This could be useful to test whether unsupported versions work with the current implemented packet exchanges or not.
The currently supported OS strings are:
IBMPC/WIN_NT64-9.1.0
IBMPC/WIN_NT-8.1.0
Linuxi386/Linux-2.0.34-8.1.0
x86_64/Linux 2.4.xx

The code has been committed as r26114.

Cheers,
Patrik
--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: