E-Books Online     E-Books Download     DokFLeed.Net Tools     Smoking Kills Search The Site
   
Labrova PHP Sheild Protection              
Portal Services
· Home
· Downloads
· Encyclopedia
· Feedback
· IP Diagnosis
· MP3
· PHP JAVA & Poems
· Private Messages
· Recommend Us
· Security Links
· Statistics
· Stories Archive
· Submit News
· Surveys
· Top 10
· Topics
· Your Account

Users Info
Welcome, AnonyDok
Nickname
Password
(Register)
Membership:
Latest: ApewMoobbor
New Today: 0
New Yesterday: 4
Overall: 1941
People Online:
Visitors: 6
Members: 0
Total: 6

Topic Articles: Oracle TNSLSNR Full Client
Posted on Monday, September 27 @ 11:02:02 EDT by DokFLeed

Latest Xploits Most of admins neglect setting password on TNSlsnr Clients for Oracle databases. Oracle ensures that you can either connect to TNSlsnr on a localhost or through mapping to a remote Oracle database using .ora files.
This is not the case anymore Based on Jwa perl client.
This client is a FULL client, with Packet crafting reassembled.
Supports all the commands as the version that is shipped with Oracle.
Allow you to totally control an unprotected Oracle Database Server remotelly , without having to map or install Oracle.
Download Here

Commands Supported
ping , version , service , status change_password, help, reload, save_config, set connect_timout set display_mode, set log_directory , set log_file , set log_status , show , spawn stop


this version works on Oracle9i.
On Oracle 10g only "version" command is working.


This is feedback i got from Pete Finnigan Oracle Security
The 10g listener is by default protected by local authentication rather than by a password like in the 9i and lower listener. This means that because it is protected you cannot use commands like status which can only be used on an un-protected listener. This is the reason that the version command still works, because it can be executed on a password or locally authenticated listener. To be able to get the lsnrctl tool to work remotely you need to disable local authentication.

Currently, i am working on 10g version with D.O.S check , well if you can't own it see if you can bring it down!!



If you have Oracle10g on a public IP and want to share it for testing let me know , just send me the IP by Email

I recieved feedback from Ivan Saez. Very helpful.
On 10G, when local authentication is enabled, sends a rediret packet back to tnscmd. The packet is :

(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=#12543.2)))

The key points to a special file
in /var/tmp/.oracle (for example):
oracle@Siemens:/var/tmp/.oracle > ls -lrt total 0
srwxrwxrwx 1 oracle oinstall 0 2005-11-03 15:57 s#12529.2
srwxrwxrwx 1 oracle oinstall 0 2005-11-03 15:57 s#12529.1
Those file are created when you start the listener.
If you do a strace lsnrctl status you can see what it does with that special file. So when LA is enabled the status information is provided in a very different way that in earlier releases of Oracle.

Local authentication can be disabled and it should be at this moment beacuse there is a bug (Oracle bugid: 6454409) which allows to circumvent OS local authentication. So I suppose many security minded DBA will disable local authentication.
The listener.ora parameter to circumvent local authentication is
LOCAL_OS_AUTHENTICATION_ = OFF


Downloads


DokFLeed Tool (EXE)
Original tnscmd (PERL)
tnscmd V2 (PERL)
Ivan tnscmd V10g (PERL)

 
Related Links
· More about Latest Xploits
· News by DokFLeed
Most read story about Latest Xploits:
Oracle TNSLSNR Full Client


Article Rating
Average Score: 4.30
Votes: 13


Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad


Options

 Printer Friendly Printer Friendly

 Send to a Friend Send to a Friend


Associated Topics

Latest Xploits

Sorry, Comments are not available for this article.

 

You can syndicate our news using the file backend.php or ultramode.txt