Pen Testing Framework:
I became aware of this tool after attending the Blackhat Breaking into Oracle Server class given by David Litchfield of NGS Software. It essentially queries the TNS listener to enumerate what version of Oracle is running and also on what operating system platform. There are a number of other tools that do the same thing with graphical user interfaces i.e. Winsid, Oracle TNSLSNR etc, but it may be worth keeping an eye on this due to the ever increasing security features that are being applied to the Oracle TNS listener to limit what information is leaked back to un-authenticated hosts that send direct queries to it.
At the time of writing this tool has not been publicly released, however, it is opined that the upcoming David Litchfield book on Oracle Security due for release in Jan 07 will contain a number of tools including this one as added content.
To manually determine the version number of the Oracle server, you could also look at the network traffic via a protocol analyser. Sending a non-standard packet o the TNS Listener it should return an error packet. Contained within this is the ASCII string VSNNUM followed by a decimal number i.e. 169869568. Converting this number to hex it is converted to A200100. which is actually the Oracle version number i.e. 10gR2.
Another way of decrypting the version number via a protocol analyser is to look for the following in the contents of a packet:
de ad be ef 00 99
the next line will usually return the
Oracle version number
09 20 01 for 9i2.01 etc.
|© VulnerabilityAssessment.co.uk Thursday May 17, 2007|
html hit counter