Writing a python program to check Oracle Listener

At this note; I will show you how you can write a python program
to check whether an Oracle Listener is running on a server.

First ; I want to give a brief introduction for the program ;

I will write a python function which will take two parameters.
One of them is server Ip adress and the other is server port number.
At the program ; first I will try to open a port connection and then I will
send a special message to this port. If the Oracle listener runs on the server.
The listener gives a special answer to this message. If the Oracle listener does not work on the server, you will not get an answer.

I will not add an exception handling part to this program . If you can add an exception handling part and  you can developed this program to check many port numbers and network segments  find servers which run Oracle databases on your network

Let’s start to write the program.

In python we use socket module to use sockets on the network. Therefore we need to import it like this;

 import socket

Now we can start to create our function oracle_listener_ping with two parameters

def oracle_listener_ping(p_servername,p_port):

At the first part of the program try to open a port connection to the server with below commands

  sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  result = sock.connect_ex((p_servername, p_port))
  print(‘Connection Result >> ‘ , result)

if the connection result is 0 . It means that this port is used by the server. But It does not mean that this port is used by Oracle Listener.  For this reason we have to send the below message to this port. This is the magic part of  the program. This is the command for Oracle listener to  check it on the server. ( Hint: Wireshark will help you to analyze network packets )

# Message sent: (CONNECT_DATA=(COMMAND=ping))
# to check an Oracle listener whether is  running the server

send_msg= bytearray ([
0x00, 0x57, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
0x01, 0x3a, 0x01, 0x2c, 0x00, 0x00, 0x20, 0x00,
0x7f, 0xff, 0xc6, 0x0e, 0x00, 0x00, 0x01, 0x00,
0x00, 0x1d, 0x00, 0x3a, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x28, 0x43, 0x4f, 0x4e, 0x4e, 0x45,
0x43, 0x54, 0x5f, 0x44, 0x41, 0x54, 0x41, 0x3d,
0x28, 0x43, 0x4f, 0x4d, 0x4d, 0x41, 0x4e, 0x44,
0x3d, 0x70, 0x69, 0x6e, 0x67, 0x29, 0x29 ] )

Now send the message to the server an then close the open connection

sock.send(send_msg)
msg = sock.recv(2048)
sock.close()
print(‘FULL RETURNED MESSAGE’)
print (‘Received >> ‘,msg )
return

As I said I did not add an exception  handling part this program to make it much more readable. But If you want you can add it.

I tried it on my virtual server.

The IP of  My virtual server is  192.200.11.9 and Oracle listener runs on 1521 port like this

Capture

Now let’s check this Oracle Listener

Capture

As you see ; Oracle listener returns a special message for your command and It shows that Oracle listener is running on this server.

Successful return from the program

Connection Result >> 0
FULL RETURNED MESSAGE
Received >> b’\x00A\x00\x00\x04\x00\x00\x00″\x00\x005(DESCRIPTION=(TMP=)(VSNNUM=0)(ERR=0)(ALIAS=LISTENER))’
>>>

Otherwise you will get error messages like this

Capture

You can get the full python program from github .

I hope that this note will help you to understand how Oracle works on the network.

Advertisements

A SIMPLE SOLUTION FOR ORACLE TNS REMOTE VERSION DISCLOSURE

A SIMPLE SOLUTION FOR ORACLE LISTENER REMOTE VERSION DISCLOSURE

At this note I will give you some brief information about how you can hide Oracle listener version information from hackers and network scanning tools. This vulnerability is called tns remote version disclosure.

First we know that ; there is no parameters at Oracle listeners to hide version information.

And the legal solution for this problem is to filter network traffic by any means. But this solution can be very expensive to hide version information, If you think about you have many listeners.

Therefore the simple solution is to change the default listener configuration.

The main point is that ; hackers assume that you are using factory setting at your database listener. At the factory settings the name of the listener is LISTENER and the default port is 1521 or 1522

Now ; After installing Oracle binary if you do not change default listener parameters. Hackers can get your installed binary version name  by sending version command to 1521 port. The output will be liket that.

null

After getting this information; Hackers will try the known vulnerabilities to hack your database . Therefore it is important to hide Oracle binary version.

You can do it very easily way. Change default listener name to any complicated name. Like on the following picture.

null

And then restart the listener.

After that ; when any scanning tools or hackers attempt to find Oracle binary version. They will get the below answers.

null

After changing Listener Name, if you change default port. It will be much more difficult for hackers to hack Oracle listener. But do not forget that changing listener port could be difficult job.

I will work  on listener security topics on the next notes.