Re: Oracle tnslistener

From: kevin (toggmeister@vulnerabilityassessment.co.uk)
Date: Fri May 11 2007 - 14:48:42 EDT

• Next message: Peter Wood: "Re: dumping hashes on box w/ Norton AV"
• Previous message: SD List: "Re: Open Source Database Auditing"
• In reply to: Tommy May: "Oracle tnslistener"
• Next in thread: visitnikhil@gmail.com: "Re: Oracle tnslistener"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Tommy,
    I am assuming you are talking about early versions of Oracle, with
little or no protection afforded to them and if so, you could use a number
of tools to effectively deny access to the database by stopping the
listener. The free ones that spring to mind are:

Winsid - now no longer available from the authors site, a copy is available
from:
http://www.vulnerabilityassessment.co.uk/WinSID.zip

Oracle TNSLSNR from:
http://www.dokfleed.net/duh/modules.php?name=News&file=article&sid=35

or the in-built Oracle LSNRCTL command.

Alex Kornbrust wrote a nice article for users of BackTrack 2 on Oracle
Auditing:

http://www.red-database-security.com/wp/backtrack_oracle_tutorial.pdf

Rgds, have a nice weekend.

Kev Orrey
http://www.vulnerabilityassessment.co.uk

----- Original Message -----
From: "Tommy May" <tommymay@comcast.net>
To: <pen-test@securityfocus.com>
Sent: Friday, May 11, 2007 1:48 AM
Subject: Oracle tnslistener

> Anyone know of a good tool that will help to illustrate the
> vulnerabilities of Oracle tnslistener left unsecured? I already know that
> nessus illustrates when it is unprotected, but I am looking for something
> that will actually illustrate a compromise in a proof of concept lab.
>
> Any insight would be greatly appreciated.
>
> Thanks,
> Tommy
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Are you using SPI, Watchfire or WhiteHat?
> Consider getting clear vision with Cenzic
> See HOW Now with our 20/20 program!
>
> http://www.cenzic.com/c/2020
> ------------------------------------------------------------------------
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

• Next message: Peter Wood: "Re: dumping hashes on box w/ Norton AV"
• Previous message: SD List: "Re: Open Source Database Auditing"
• In reply to: Tommy May: "Oracle tnslistener"
• Next in thread: visitnikhil@gmail.com: "Re: Oracle tnslistener"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:47 EDT