Auditing an Oracle database for security issues is very important. PeteFinnigan.com provides all of the information and tools that you will need Click here for details of PeteFinnigan.com Limited's detailed Oracle database security audit service Click here for details of PeteFinnigan.com Limited's Oracle Security Training Courses
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Welcome, Guest. Please Login.
Oct 17th, 2018, 10:06am
News: If you would like to register contact the forum admin
Home | Help | Search | Members | Login
   Pete Finnigan's Oracle Security Forum
   Oracle Security
   Oracle Security tools
(Moderator: Pete Finnigan)
   New TNS client written in C
« Previous topic | Next topic »
Pages: 1  Reply | Notify of replies | Send Topic | Print
   Author  Topic: New TNS client written in C  (Read 2473 times)
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
New TNS client written in C
« on: Aug 12th, 2005, 6:42pm »
Quote | Modify

I found a new free TNS client written in C and supplied free. The tool is based on James Abendschan's previous tnscmd.pl tool and supports all the commands that the Oracle supplied tool lsnrctl does. This tool also supports fully crafted TNS packets.  
 
It looks like a useful tool for auditing and exploiting the listener. It is available from [url http://www.dokfleed.net/duh/modules.php?name=News&file=article&s id=35]here[/url].
 
I downloaded it last night and had a play. If anyone has used it in anger, please let us known.
 
cheers
 
Pete
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: New TNS client written in C
« Reply #1 on: Aug 15th, 2005, 12:49pm »
Quote | Modify

I could not resist to try this out. However, I think some work has to be done on this tool. For example, I think commands of two words or more don't work.  
 
Some examples of output:
 
ping
(DESCRIPTION=(TMP=)(VSNNUM=1539312)(ERR=)(ALIAS=LISTENER))
 
version
(DESCRIPTION=(TMP=)(VSNNUM=1539312)(ERR=))
W00
00000TNSLSNR for Linux: Version 9.2..4. - Production
 
TNS for Linux: Version 9.2..4. - Production
 
Unix Domain Socket IPC NT Protocol Adaptor for Linux: Version 9.2..4. - Production
 
Oracle Bequeath NT Protocol Adapter for Linux: Version 9.2..4. - Production
 
TCP/IP NT Protocol Adapter for Linux: Version 9.2..4. - Production,,0
00
0000@
 
Command: status
Result:
(DESCRIPTION=(TMP=)(VSNNUM=1539312)(ERR=)(ALIAS=LISTENER)(SECURITY=OFF)( VERSION=TNSLSNR for Linux: Version 9.2..4. - Production)(START_DATE=12-AUG-25 9:48:35)(SIDNUM=1)(LOGFILE=/oracle/product/9.2./network/log/listener.log )(PRMFILE=/oracle/product/9.2./network/admin/listener.ora)(TRACING=off)( UPTIME=2626261)(SNMP=OFF)(PID=2447))
=00
00000(ENDPOINT=(HANDLER=(HANDLER_MAXLOAD=)(HANDLER_LOAD=)(ESTABLISHED=)( REFUSED=)(HANDLER_ID=EF9FBDAE3A14-C6E8-E4-AA17198F)(PRE=any)(SESSION=NS) (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=testserver)(PORT=1521))))),,(S ERVICE=(SERVICE_NAME=TEST)(INSTANCE=(INSTANCE_NAME=TEST2)(NUM=1)(NUMREL= 1))),,0
00
0000@
 
Here I noticed an interesting bug in this tool. It removes 0. Just look at the version. This also happens in returned errorcodes.
 
The error in this returned output:
(DESCRIPTION=(ERR=1258)(VSNNUM=1539312)(ERROR_STACK=(ERROR=(CODE=1258)(E MFI=4))))
is actually this error in the listener.log:
TNS-12508: TNS:listener could not resolve the COMMAND given
 
With a 2-word command like "show log_directory" the client hangs and with "set log_directory /tmp" an error was chalked up in Windows 2000's event viewer.
 
All these quirks set aside, it is now very easy to remotely stop a listener (starting after that is harder ;), since you have no connection). So the idea is very promising. A bit too promising if you ask me. I mean, how many listeners are running without a password these days? Many I guess.
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: New TNS client written in C
« Reply #2 on: Aug 15th, 2005, 8:28pm »
Quote | Modify

Hi Marcel-Jan,
 
Thanks for the feedback on this tool. I just downloaded it last night and had a short play to see if it worked.  
 
I have not had the time to test it fully though. It seems a pity that there seems to be some problems. I got the same issue with the ping command as well.  
 
I have sent an email to DokFLeed to see if he can shed some light on the issues.  
 
cheers
 
Pete
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pages: 1  Reply | Notify of replies | Send Topic | Print

« Previous topic | Next topic »

Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright 2000-2004 Yet another Bulletin Board