Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

Oracle TNS Listener
From: "Chitresh Sen" <chitresh_sen () ftml net>
Date: Thu, 01 Sep 2005 18:41:10 -0700
Dear All,

Vulnerability: Oracle TNS listener without password;
Implication: Remote attacker can control the listener;

In order to test the above vulnerability I had done the following:

1. Installed the Oracle 9i client on my laptop
2. Copy the lsnrctl.exe from Oracle 8 server
3. Configured the listener.ora file as follows

LISTENER =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS_LIST =
        (ADDRESS = (PROTOCOL = TCP)(HOST = JUNK)(PORT = 1521))
      )
    )

But I am unable to execute the commands on remote listener and getting
the following error.

LSNRCTL> status
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=JUNK)(PORT=152
1))(CONNECT_DATA=(SERVICE_NAME=chitresh)))
TNS-12538: TNS:no such protocol adapter
TNS-12560: TNS:protocol adapter error
  TNS-00508: No such protocol adapter

    TNS-12538: TNS:no such protocol adapter
     TNS-12560: TNS:protocol adapter error
      TNS-00508: No such protocol adapter

What can be the problem ? is it the version problem for lsnrctl.exe
because I was unable to get the Oracle 9i server lsnrctl.exe so I had
taken from oracle 8 server and copies all its dll and set the path to
execute it, or am I missing something.

Regards
Chitresh
-- 
  Chitresh Sen
  chitresh_sen () ftml net

-- 
http://www.fastmail.fm - The way an email service should be


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]