Most of admins neglect setting password on TNSlsnr Clients for Oracle databases. Oracle ensures that you can either connect to TNSlsnr on a localhost or through mapping to a remote Oracle database using .ora files.
This is not the case anymore Based on Jwa perl client.
This client is a FULL client, with Packet crafting reassembled.
Supports all the commands as the version that is shipped with Oracle.
Allow you to totally control an unprotected Oracle Database Server remotelly , without having to map or install Oracle.
Download Here
Commands Supported
ping , version , service , status change_password, help, reload, save_config, set connect_timout set display_mode, set log_directory , set log_file , set log_status , show , spawn stop
this version works on Oracle9i.
On Oracle 10g only "version" command is working.
This is feedback i got from Pete Finnigan Oracle Security
The 10g listener is by default protected by local authentication rather than by a password like in the 9i and lower listener. This means that because it is protected you cannot use commands like status which can only be used on an un-protected listener. This is the reason that the version command still works, because it can be executed on a password or locally authenticated listener. To be able to get the lsnrctl tool to work remotely you need to disable local authentication.
Currently, i am working on 10g version with D.O.S check , well if you can't own it see if you can bring it down!!
If you have Oracle10g on a public IP and want to share it for testing let me know , just send me the IP by Email
I recieved feedback from Ivan Saez. Very helpful.
On 10G, when local authentication is enabled, sends a rediret packet back to tnscmd. The packet is :
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=#12543.2)))
The key points to a special file
in /var/tmp/.oracle (for example):
oracle@Siemens:/var/tmp/.oracle > ls -lrt total 0
srwxrwxrwx 1 oracle oinstall 0 2005-11-03 15:57 s#12529
633
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
