Oracle 11g CVE-2012-1675(远程投毒)漏洞修复。
[root@localhost Tools]# wget https://downloads.metasploit.com/data/releases/archive/metasploit-4.17.1-2020080301-linux-x64-installer.run
wget下载速度较慢,可以拷贝网址使用迅雷下载后上传至服务器
[root@localhost Tools]# chmod +x metasploit-4.17.1-2020080301-linux-x64-installer.run
[root@localhost Tools]# msfconsole
msf5 > use auxiliary/scanner/oracle/tnspoison_checker
msf5 auxiliary(scanner/oracle/tnspoison_checker) > set RHOSTS 192.168.137.150
msf5 auxiliary(scanner/oracle/tnspoison_checker) > run
[+] 192.168.137.150:1521 - 192.168.137.150:1521 is vulnerable [*] 192.168.137.150:1521 - Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed
VALID_NODE_CHECKING_REGISTRATION_LISTENER=ON
[root@oracledb ~]# su - oracle
[oracle@oracledb ~]$ cd $ORACLE_HOME/network/admin
[oracle@oracledb admin]$ lsnrctl stop
[oracle@oracledb admin]$ vim listener.ora
VALID_NODE_CHECKING_REGISTRATION_LISTENER = ON
启动监听服务
再次验证漏洞