Home » Blogs » cg's blog

Orcale TNS listener support for nmap

Sat, 06/27/2009 - 09:17 by cg  

so upgraded to latest version of nmap and it will now give you TNS listener versions. I couldnt find the exact build where this started but its certainly handy.

C:\Users\CG\AppData\Local\msf32>nmap -sV 192.168.73.132

Starting Nmap 4.76 ( http://nmap.org ) at 2009-06-27 10:33 Eastern Daylight Time

Interesting ports on 192.168.73.132:
Not shown: 992 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Microsoft IIS httpd
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows 2003 microsoft-ds
1025/tcp open msrpc Microsoft Windows RPC
1028/tcp open msrpc Microsoft Windows RPC
1047/tcp open unknown?
1521/tcp open oracle-tns Oracle TNS Listener

MAC Address: 00:0C:29:2E:0C:4D (VMware)
Service Info: OS: Windows

Host script results:
| Discover OS Version over NetBIOS and SMB: OS version cannot be determined.
|_ Never received a response to SMB Setup AndX Request

Service detection performed. Please report any incorrect results at http://nmap.
org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 131.42 seconds

C:\Users\CG\AppData\Local\msf32>nmap -sV 192.168.73.132

Starting Nmap 4.90RC1 ( http://nmap.org ) at 2009-06-27 11:10 Eastern Daylight T
ime
Interesting ports on 192.168.73.132:
Not shown: 992 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Microsoft IIS webserver 6.0
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows 2003 microsoft-ds
1025/tcp open msrpc Microsoft Windows RPC
1028/tcp open msrpc Microsoft Windows RPC
1047/tcp open oracle-tns Oracle TNS Listener
1521/tcp open oracle-tns Oracle TNS Listener 11.1.0.6.0 (for 32-bit Windows) <--version info
MAC Address: 00:0C:29:2E:0C:4D (VMware)
Service Info: OS: Windows

Service detection performed. Please report any incorrect results at http://nmap.
org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 99.35 seconds

Trackback URL for this post:

http://carnal0wnage.attackresearch.com/trackback/369
»

Comments

Submitted by cg on Tue, 07/21/2009 - 08:57.

the problem is that after

the problem is that after 9.2.0.8 status wont give you any results where i've never had issues getting a version out of listener instance.

Submitted by Anonymous on Mon, 07/06/2009 - 09:26.

Good Deal, wonder if there

Good Deal, wonder if there are any scripts in the new scripting engine to also query for Status output...

Submitted by Anonymous on Fri, 07/03/2009 - 18:55.

ah !! gud tutorial !! i wud

ah !! gud tutorial !! i wud like to be implementating this later

Submitted by Anonymous on Sun, 06/28/2009 - 06:01.

bah

msf auxiliary(tnscmd) > set CMD (CONNECT_DATA=(COMMAND=VERSION))
CMD => (CONNECT_DATA=(COMMAND=VERSION))
msf auxiliary(tnscmd) > set RHOST 172.10.1.109
RHOST => 172.10.1.109
msf auxiliary(tnscmd) > run

[*] Sending '(CONNECT_DATA=(COMMAND=VERSION))' to 172.10.1.109:1521
[*] writing 90 bytes.
[*] reading
(DESCRIPTION=(TMP=)(VSNNUM=169869568)(ERR=0))?TNSLSNR for 32-bit Windows: Version 10.2.0.1.0 - Production
TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
Oracle Bequeath NT Protocol Adapter for 32-bit Windows: Version 10.2.0.1.0 - Production
Windows NT Named Pipes NT Protocol Adapter for 32-bit Windows: Version 10.2.0.1.0 - Production
Windows NT TCP/IP NT Protocol Adapter for 32-bit Windows: Version 10.2.0.1.0 - Production,,
@
[*] Auxiliary module execution completed

Submitted by Anonymous on Sun, 06/28/2009 - 03:46.

Great news! Now we don't need

Great news!
Now we don't need to use tnscmd for that