Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Oracle TNS Listener
From: Michael Gargiullo <mgargiullo () pvtpt com>
Date: Mon, 05 Sep 2005 10:51:46 -0400

I have a tool written in Perl somewhere here to exploit this.  Lemme dig
around a bit.

How much you can do with the listener depends on a few factors.

-Mike

-----Original Message-----
From: Chitresh Sen [mailto:chitresh_sen () ftml net] 
Sent: Thursday, September 01, 2005 9:41 PM
To: pen-test () securityfocus com
Subject: Oracle TNS Listener

Dear All,

Vulnerability: Oracle TNS listener without password;
Implication: Remote attacker can control the listener;

In order to test the above vulnerability I had done the following:

1. Installed the Oracle 9i client on my laptop
2. Copy the lsnrctl.exe from Oracle 8 server
3. Configured the listener.ora file as follows

LISTENER =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS_LIST =
        (ADDRESS = (PROTOCOL = TCP)(HOST = JUNK)(PORT = 1521))
      )
    )

But I am unable to execute the commands on remote listener and getting
the following error.

LSNRCTL> status
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=JUNK)(PORT=152
1))(CONNECT_DATA=(SERVICE_NAME=chitresh)))
TNS-12538: TNS:no such protocol adapter
TNS-12560: TNS:protocol adapter error
  TNS-00508: No such protocol adapter

    TNS-12538: TNS:no such protocol adapter
     TNS-12560: TNS:protocol adapter error
      TNS-00508: No such protocol adapter

What can be the problem ? is it the version problem for lsnrctl.exe
because I was unable to get the Oracle 9i server lsnrctl.exe so I had
taken from oracle 8 server and copies all its dll and set the path to
execute it, or am I missing something.

Regards
Chitresh
-- 
  Chitresh Sen
  chitresh_sen () ftml net

-- 
http://www.fastmail.fm - The way an email service should be


------------------------------------------------------------------------
------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on
your 
website. Up to 75% of cyber attacks are launched on shopping carts,
forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are 
futile against web application hacking. Check your website for
vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before
hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
------------------------------------------------------------------------
-------


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]