The Web Local
 

 

 

WinSID

 

Oracle DBA's are very well respected within the IT industry.  The normal IT practitioner does not have a very keen understanding of the underlying database and applications that make up Oracle.  In saying this some DBA's can sometimes miss out basic security principles to tie down their application.  One of the most basic areas of this is the TNS Listener. The TNS Listener accepts a client request and establishes a TNS (Transparent Network Substrate) connection to the backend database.   This connection is not protocol dependant so can function over TCP/IP, IPX/SPX etc.  The listener is important in that if it is not running iterative enquiries from a client cannot be fulfilled, so essentially you kill the listener you kill the database.  The TNS listener usually can be found on Port 1521, but don't be surprised if the DBA has moved it to obfuscate it from a normal portscan.  (NMAP version scan will find it though every time :-)) There is a Windows GUI tool called WinSID that carries out the same function as the linux command line tool tnscmd.pl (and displays it a little better). 

 

It was available from: www.syntheticbytes.com but this site has since removed most of its content!!  I did manage to get a copy of it before it was removed and it is available here.

 

Note:- Due to extra security features within Oracle 10g Release 2, the use of this program will provide limited results.  You will only be able to enumerate the version of the database and the underlying OS only.

 

Installation

 

As with most Windows tools its double click and the usually install directory of C:/Program Files/Winsid is where the system will put it.  There are no other dependencies and problems whatsoever.

 

Execution

 

  • Open up WinSID from the desktop icon

  • Insert IP address for the Oracle database that you are checking

  • Click on services and record any pertinent information

  • Click on status and record any pertinent information

  • Click on version and record any pertinent information

 

The above buttons will display numerous amount of information about the Oracle database including version, hostname, Operating system type and most importantly the SERVICE_NAME that is required to setup the Oracle Client listener.

 

 

 

IT Security News:

 

Pen Testing Framework:

 

Latest Tool Reviews: