Tools:

bullet

Database Security

bullet

DBVisualiser

bullet

MatriXay

bullet

     MS SQL Server

bullet

           forceSQL

bullet

           piggy

bullet

           SQLat

bullet

           SQLdict

bullet

           SQLlhf

bullet

           SQLPing

bullet

           SQLPing2

bullet

           SQLPoke

bullet

           SQLRecon

bullet

           SQLVer

bullet

Oracle

bullet

           breakable

bullet

           check password

bullet

           Default Passwords

bullet

           DNS/HTTP enumeration

bullet

           LSNR Check

bullet

           OAK

bullet

           Oracle Auditing Tool

bullet

           Oracle Client

bullet

           Oracle Security Check

bullet

           OracSec

bullet

           Oscanner

bullet

           Orabf

bullet

           Oracle TNSLSNR

bullet

           scuba

bullet

           Service Register

bullet

           SIDGuess

bullet

           sidguesser

bullet

           sqlinjector

bullet

           SQL Plus

bullet

           TCP Scan

bullet

           TNSCmd

bullet

           TNSVer

bullet

           Winsid

bullet

SQL Injection    

bullet

     Sybase

bullet

           NGS Squirrel for Sybase

 

Pen Testing Framework:

bullet

Pen Test Framework  (html)

bullet

    Source  (FreeMind .mm format)

bullet

    PDF       (zip format)

bullet

Framework Poster available

bullet

Pre-site Template (html)

bullet

Pre-site Template (pdf)

bullet

Report Template (html)

bullet

Report Template (pdf)

bullet

Compliance Testing

 

Information:

bullet

IT Threats

bullet

RSS Feed


 
      

 

TNSVer

 

 I became aware of this tool after attending the Blackhat Breaking into Oracle Server class given by David Litchfield of NGS Software.  It essentially queries the TNS listener to enumerate what version of Oracle is running and also on what operating system platform.  There are a number of other tools that do the same thing with graphical user interfaces i.e. Winsid, Oracle TNSLSNR etc, but it may be worth keeping an eye on this due to the ever increasing security features that are being applied to the Oracle TNS listener to limit what information is leaked back to un-authenticated hosts that send direct queries to it.

 

At the time of writing this tool has not been publicly released, however, it is opined that the upcoming David Litchfield book on Oracle Security due for release in Jan 07 will contain a number of tools including this one as added content.

 

Execution:

C:\>tnsver host [port]
 

Example output:


C:\>tnsver 192.168.0.17 1522

Version of Oracle is 10.2.0.1.0

TNS version 0x13B is not supported
TNS version 0x13A is not supported
TNS version 0x139 is supported

Version command:
TNSLSNR for 32-bit Windows: Version 10.2.0.1.0 - Production
TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
Oracle Bequeath NT Protocol Adapter for 32-bit Windows: Version 10.2.0.1.0 - Production
Windows NT Named Pipes NT Protocol Adapter for 32-bit Windows: Version 10.2.0.1.0 - Production
Windows NT TCP/IP NT Protocol Adapter for 32-bit Windows: Version 10.2.0.1.0 - Production.

 

To manually determine the version number of the Oracle server, you could also look at the network traffic via a protocol analyser.  Sending a non-standard packet o the TNS Listener it should return an error packet.  Contained within this is the ASCII string VSNNUM followed by a decimal number i.e. 169869568.  Converting this number to hex it is converted to A200100. which is actually the Oracle version number i.e. 10gR2.

 

Another way of decrypting the version number via a protocol analyser is to look for the following in the contents of a packet:

 

de ad be ef 00 99

 

the next line will usually return the Oracle version number
0a 10 02 for 10gR2

09 20 01 for 9i2.01 etc.

 

  VulnerabilityAssessment.co.uk            Thursday May 17, 2007
hit counter
html hit counter