|
|
Chitresh,
To do what you are trying to you can use the tnscmd
tool:
http://www.jammed.com/~jwa/hacks/security/tnscmd/
Regards,
Esteban MF.
--- Chitresh Sen <chitresh_sen@xxxxxxxx> wrote:
> Dear All,
>
> Vulnerability: Oracle TNS listener without password;
> Implication: Remote attacker can control the
> listener;
>
> In order to test the above vulnerability I had done
> the following:
>
> 1. Installed the Oracle 9i client on my laptop
> 2. Copy the lsnrctl.exe from Oracle 8 server
> 3. Configured the listener.ora file as follows
>
> LISTENER =
> (DESCRIPTION_LIST =
> (DESCRIPTION =
> (ADDRESS_LIST =
> (ADDRESS = (PROTOCOL = TCP)(HOST =
> JUNK)(PORT = 1521))
> )
> )
>
> But I am unable to execute the commands on remote
> listener and getting
> the following error.
>
> LSNRCTL> status
> Connecting to
>
(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=JUNK)(PORT=152
> 1))(CONNECT_DATA=(SERVICE_NAME=chitresh)))
> TNS-12538: TNS:no such protocol adapter
> TNS-12560: TNS:protocol adapter error
> TNS-00508: No such protocol adapter
>
> TNS-12538: TNS:no such protocol adapter
> TNS-12560: TNS:protocol adapter error
> TNS-00508: No such protocol adapter
>
> What can be the problem ? is it the version problem
> for lsnrctl.exe
> because I was unable to get the Oracle 9i server
> lsnrctl.exe so I had
> taken from oracle 8 server and copies all its dll
> and set the path to
> execute it, or am I missing something.
>
> Regards
> Chitresh
> --
> Chitresh Sen
> chitresh_sen@xxxxxxxx
>
> --
> http://www.fastmail.fm - mmm... Fastmail...
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
|
|