Saturday, December 8, 2007

playing with tnscmd.pl for oracle version identification

doing a little bit of playing with tnscmd.pl on oracle

cg@segfault:~/evil/scanners$ perl tnscmd.pl version -h 192.168.0.242 --indent
sending (CONNECT_DATA=(COMMAND=version)) to 192.168.0.242:1521
writing 90 bytes
reading
.M.......6.........-. ..........
DESCRIPTION=
TMP=
VSNNUM=169869824
ERR=0

.\........TNSLSNR for Linux: Version 10.2.0.2.0 - Production..TNS for Linux: Version 10.2.0.2.0 - Production..Unix Domain Socket IPC NT Protocol Adaptor for Linux: Version 10.2.0.2.0 - Production..Oracle Bequeath NT Protocol Adapter for Linux: Version 10.2.0.2.0 - Production..TCP/IP NT Protocol Adapter for Linux: Version 10.2.0.2.0 - Production,,.........@

or

cg@segfault:~/evil/scanners$ perl tnscmd.pl status -h 192.168.1.114 --indent
sending (CONNECT_DATA=(COMMAND=status)) to 192.168.1.114:1521
writing 89 bytes
reading
. .......6.........m. ...........w........
DESCRIPTION=
TMP=
VSNNUM=153093376
ERR=0
ALIAS=LISTENER
SECURITY=OFF
VERSION=TNSLSNR for Linux: Version 9.2.0.5.0 - Production
START_DATE=13-AUG-2007 19:01:21
SIDNUM=1
LOGFILE=/u01/app/oracle/product/9.2.0.1.0/network/log/listener.log
PRMFILE=/u01/app/oracle/product/9.2.0.1.0/network/admin/listener.ora
TRACING=off
UPTIME=71462092
SNMP=OFF
PID=3833

.#........
ENDPOINT=
HANDLER=
HANDLER_MAXLOAD=0
HANDLER_LOAD=0
ESTABLISHED=0
REFUSED=0
HANDLER_ID=379BDD72B603-9E0F-E040-007F01000EF9
PRE=any
SESSION=NS
DESCRIPTION=
ADDRESS=
PROTOCOL=ipc
KEY=EXTPROC
,,
ENDPOINT=
HANDLER=
HANDLER_MAXLOAD=0
HANDLER_LOAD=0
ESTABLISHED=0
REFUSED=0
HANDLER_ID=379BDD72B604-9E0F-E040-007F01000EF9
PRE=any
SESSION=NS
DESCRIPTION=
ADDRESS=
PROTOCOL=tcp
HOST=OracleServer
PORT=1521
,,
ENDPOINT=
HANDLER=
STA=ready
HANDLER_MAXLOAD=0
HANDLER_LOAD=0
ESTABLISHED=0
REFUSED=0
HANDLER_ID=379BDD72B60C-9E0F-E040-007F01000EF9
PRE=http
SESSION=RAW
DESCRIPTION=
ADDRESS=
PROTOCOL=tcp
HOST=OracleServer
PORT=8080

Presentation=HTTP
Session=RAW
,,
ENDPOINT=
HANDLER=
STA=ready
HANDLER_MAXLOAD=0
HANDLER_LOAD=0
ESTABLISHED=0
REFUSED=0
HANDLER_ID=379BDD72B60D-9E0F-E040-007F01000EF9
PRE=FTP
SESSION=RAW
DESCRIPTION=
ADDRESS=
PROTOCOL=tcp
HOST=OracleServer
PORT=2100

Presentation=FTP
Session=RAW
,,
SERVICE=
SERVICE_NAME=PLSExtProc
INSTANCE=
INSTANCE_NAME=PLSExtProc
NUM=1
INSTANCE_STATUS=UNKNOWN
NUMREL=1
,,
SERVICE=
SERVICE_NAME=orcl
INSTANCE=
INSTANCE_NAME=orcl
NUM=1
INSTANCE_STATUS=UNKNOWN
NUMREL=1

INSTANCE=
INSTANCE_NAME=orcl
NUM=2
NUMREL=1
,,
SERVICE=
SERVICE_NAME=orclXDB
INSTANCE=
INSTANCE_NAME=orcl
NUM=2
NUMREL=1

-------------
Interesting TNS Listener commands

ping Pings the listener

version Provides output of the listener version and platform information

status Returns the current status and variables used by the listener

debug Dumps debugging information to the listener log

reload Reloads the listener config file

services Dumps service data

save_config Writes the listener config file to a backup location

stop Shuts down the listener Shuts down the listener


-------------
LINKS!, everyone loves links...

tnscmd available from: http://www.jammed.com/~jwa/hacks/security/tnscmd/tnscmd

tnscmd documentation:
http://www.jammed.com/~jwa/hacks/security/tnscmd/tnscmd-doc.html

useful post on identifying oracle:
http://www.pentest.co.uk/documents/ora_db_on_network.htm

-CG

No comments: