Most of admins neglect setting password on TNSlsnr Clients for Oracle databases. Oracle ensures that you can either connect to TNSlsnr on a localhost or through mapping to a remote Oracle database using .ora files.
This is not the case anymore Based on Jwa perl client.
This client is a FULL client, with Packet crafting reassembled.
Supports all the commands as the version that is shipped with Oracle.
Allow you to totally control an unprotected Oracle Database Server remotelly , without having to map or install Oracle.
Download Here

Commands Supported
ping , version , service , status change_password, help, reload, save_config, set connect_timout set display_mode, set log_directory , set log_file , set log_status , show , spawn stop


this version works on Oracle9i.
On Oracle 10g only "version" command is working.


This is feedback i got from Pete Finnigan Oracle Security
The 10g listener is by default protected by local authentication rather than by a password like in the 9i and lower listener. This means that because it is protected you cannot use commands like status which can only be used on an un-protected listener. This is the reason that the version command still works, because it can be executed on a password or locally authenticated listener. To be able to get the lsnrctl tool to work remotely you need to disable local authentication.

Currently, i am working on 10g version with D.O.S check , well if you can't own it see if you can bring it down!!



If you have Oracle10g on a public IP and want to share it for testing let me know , just send me the IP by Email

I recieved feedback from Ivan Saez. Very helpful.
On 10G, when local authentication is enabled, sends a rediret packet back to tnscmd. The packet is :

(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=#12543.2)))

The key points to a special file
in /var/tmp/.oracle (for example):
oracle@Siemens:/var/tmp/.oracle > ls -lrt total 0
srwxrwxrwx 1 oracle oinstall 0 2005-11-03 15:57 s#12529.2
srwxrwxrwx 1 oracle oinstall 0 2005-11-03 15:57 s#12529.1
Those file are created when you start the listener.
If you do a strace lsnrctl status you can see what it does with that special file. So when LA is enabled the status information is provided in a very different way that in earlier releases of Oracle.

Local authentication can be disabled and it should be at this moment beacuse there is a bug (Oracle bugid: 6454409) which allows to circumvent OS local authentication. So I suppose many security minded DBA will disable local authentication.
The listener.ora parameter to circumvent local authentication is
LOCAL_OS_AUTHENTICATION_ = OFF


Downloads


DokFLeed Tool (EXE)
Original tnscmd (PERL)
tnscmd V2 (PERL)
Ivan tnscmd V10g (PERL)