Re: Oracle tnslistener

From: rajat swarup (rajats@gmail.com)
Date: Mon May 14 2007 - 19:53:13 EDT

• Next message: John Babio: "RE: Does Backtrack set a swapfile by default?"
• Previous message: evb: "RE: Does Backtrack set a swapfile by default?"
• In reply to: Magdelin Tey: "RE: Oracle tnslistener"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

http://www.petefinnigan.com/tools.htm

On 5/13/07, Magdelin Tey <crux80@hotmail.com> wrote:
> I have encounter this vulnerability before. Try the tool tnscmd.pl . You
> need the perl compiler to run. It is able to detect the no password settings
> and you can also issue command to stop the database.
>
> cheers
> Mag
>
> >From: tommymay@comcast.net (Tommy May)
> >To: pen-test@securityfocus.com
> >Subject: Oracle tnslistener
> >Date: Fri, 11 May 2007 00:48:55 +0000
> >Received: from outgoing.securityfocus.com ([205.206.231.27]) by
> >bay0-mc7-f21.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Fri,
> >11 May 2007 11:18:45 -0700
> >Received: from outgoing.securityfocus.com by outgoing.securityfocus.com
> > via smtpd (for bay0-oim-f.bay0.hotmail.com [65.54.244.232]) with
> >ESMTP; Fri, 11 May 2007 11:17:32 -0700
> >Received: from lists.securityfocus.com (lists.securityfocus.com
> >[205.206.231.19])by outgoing3.securityfocus.com (Postfix) with QMQPid
> >C3907239044; Fri, 11 May 2007 12:13:49 -0600 (MDT)
> >Received: (qmail 25878 invoked from network); 11 May 2007 00:55:50 -0000
> >X-Message-Info:
> >LsUYwwHHNt29ePVLi+1OwHdi9fLYKy7op8ROf5mJVfi4pHtb6xdrxuoAnvZmfu0Y
> >Mailing-List: contact pen-test-help@securityfocus.com; run by ezmlm
> >Precedence: bulk
> >List-Id: <pen-test.list-id.securityfocus.com>
> >List-Post: <mailto:pen-test@securityfocus.com>
> >List-Help: <mailto:pen-test-help@securityfocus.com>
> >List-Unsubscribe: <mailto:pen-test-unsubscribe@securityfocus.com>
> >List-Subscribe: <mailto:pen-test-subscribe@securityfocus.com>
> >Resent-Sender: listbounce@securityfocus.com
> >Errors-To: listbounce@securityfocus.com
> >Delivered-To: mailing list pen-test@securityfocus.com
> >Delivered-To: moderator for pen-test@securityfocus.com
> >X-Mailer: AT&T Message Center Version 1 (Oct 4 2006)
> >X-Authenticated-Sender: dG9tbXltYXlAY29tY2FzdC5uZXQ=
> >Resent-Message-Id: <20070511181349.C3907239044@outgoing3.securityfocus.com>
> >Resent-Date: Fri, 11 May 2007 12:13:49 -0600 (MDT)
> >Resent-From: pen-test-return-1078484117@securityfocus.com
> >Return-Path:
> >pen-test-return-1078484117-crux80=hotmail.com@securityfocus.com
> >X-OriginalArrivalTime: 11 May 2007 18:18:46.0010 (UTC)
> >FILETIME=[D05A4DA0:01C793F8]
> >
> >Anyone know of a good tool that will help to illustrate the vulnerabilities
> >of Oracle tnslistener left unsecured? I already know that nessus
> >illustrates when it is unprotected, but I am looking for something that
> >will actually illustrate a compromise in a proof of concept lab.
> >
> >Any insight would be greatly appreciated.
> >
> >Thanks,
> >Tommy
> >
> >------------------------------------------------------------------------
> >This List Sponsored by: Cenzic
> >
> >Are you using SPI, Watchfire or WhiteHat?
> >Consider getting clear vision with Cenzic
> >See HOW Now with our 20/20 program!
> >
> >http://www.cenzic.com/c/2020
> >------------------------------------------------------------------------
> >
>
> _________________________________________________________________
> Advertisement: 1000s of Sexy Singles online now at Lavalife - Click here
> http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Flavalife9%2Eninemsn%2Ecom%2Eau%2Fclickthru%2Fclickthru%2Eact%3Fid%3Dninemsn%26context%3Dan99%26locale%3Den%5FAU%26a%3D27782&_t=762255081&_r=lavalife_may07_1000sexysingles&_m=EXT
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Are you using SPI, Watchfire or WhiteHat?
> Consider getting clear vision with Cenzic
> See HOW Now with our 20/20 program!
>
> http://www.cenzic.com/c/2020
> ------------------------------------------------------------------------
>
>

-- 
Rajat Swarup
http://rajatswarup.blogspot.com/
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------

• Next message: John Babio: "RE: Does Backtrack set a swapfile by default?"
• Previous message: evb: "RE: Does Backtrack set a swapfile by default?"
• In reply to: Magdelin Tey: "RE: Oracle tnslistener"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:47 EDT