Penetration Testing mailing list archives
RE: Oracle TNS Listener
From: "Chitresh Sen" <chitresh_sen () ftml net>
Date: Wed, 07 Sep 2005 02:31:20 -0700
Dear All, By using tnscmd.pl, I can able to stop and crash the listener. I tested this on Oracle 8.1.5 (Windows), need to test on more versions .... Also exploring more what else can be done on windows machine (able to change log file) ... any comments ??? will expedite the process. Regrds Chitresh On Mon, 5 Sep 2005 18:08:18 -0700 (PDT), "magdelin tey" <cruxiezzzzz () yahoo com> said:
here u go, I think it is this tool. I used it before to check for the listener password, and at the end of the day, i managed to stop the database. caused quite a havoc. :P So, used at your own risk Maggie Michael Gargiullo <mgargiullo () pvtpt com> wrote: I have a tool written in Perl somewhere here to exploit this. Lemme dig around a bit. How much you can do with the listener depends on a few factors. -Mike -----Original Message----- From: Chitresh Sen [mailto:chitresh_sen () ftml net] Sent: Thursday, September 01, 2005 9:41 PM To: pen-test () securityfocus com Subject: Oracle TNS Listener Dear All, Vulnerability: Oracle TNS listener without password; Implication: Remote attacker can control the listener; In order to test the above vulnerability I had done the following: 1. Installed the Oracle 9i client on my laptop 2. Copy the lsnrctl.exe from Oracle 8 server 3. Configured the listener.ora file as follows LISTENER = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = JUNK)(PORT = 1521)) ) ) But I am unable to execute the commands on remote listener and getting the following error. LSNRCTL> status Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=JUNK)(PORT=152 1))(CONNECT_DATA=(SERVICE_NAME=chitresh))) TNS-12538: TNS:no such protocol adapter TNS-12560: TNS:protocol adapter error TNS-00508: No such protocol adapter TNS-12538: TNS:no such protocol adapter TNS-12560: TNS:protocol adapter error TNS-00508: No such protocol adapter What can be the problem ? is it the version problem for lsnrctl.exe because I was unable to get the Oracle 9i server lsnrctl.exe so I had taken from oracle 8 server and copies all its dll and set the path to execute it, or am I missing something. Regards Chitresh -- Chitresh Sen chitresh_sen () ftml net -- http://www.fastmail.fm - The way an email service should be ------------------------------------------------------------------------ ------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------------- __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
-- Chitresh Sen chitresh_sen () ftml net -- http://www.fastmail.fm - A no graphics, no pop-ups email service ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Oracle TNS Listener Chitresh Sen (Sep 02)
- <Possible follow-ups>
- RE: Oracle TNS Listener Michael Gargiullo (Sep 05)
- Re: Oracle TNS Listener Pete Finnigan (Sep 06)
- RE: Oracle TNS Listener Chitresh Sen (Sep 07)