Getting the Oracle support in Metasploit can be a complete
pain, there are a lot of little things that some blogs have right some are
missing a step or two and some are just outdated. I couldn't find any
information that gave me the complete answers, when I finally figured it out
and tested it the setup was quite painless.When it doesn't work the image
below is the error you see and even the link shown in the error is outdated. * It's important to point out the module I'm using in these examples is auxiliary/admin/oracle/oracle_login not the the ones in the scanner directory.
From here you need a few things
head over to the following sites and grab these files, on oracle you need to
make an account, don’t worry 10 minute mail works for that (make sure you get
the 32 or 64 bit for what your system is):
http://www.oracle.com/technetwork/database/features/instant-client/index-097480.html
- basic-10.2.0.5.0-linux.zip
- sdk-10.2.0.5.0-linux.zip
- sqlplus-10.2.0.5.0-linux.zip
Next, head over to Rubyforge and get the latest version of
the oci-8 file. I used 2.1.5 if you deviate from that, you are on your own.
http://rubyforge.org/frs/download.php/76831/ruby-oci8-2.1.5.tar.gz*
Rubyforge is no more as pointed out in the comments, please grab the correct version via Google or
https://github.com/kubo/ruby-oci8/releases/tag/ruby-oci8-2.1.5
Rubyforge is no more as pointed out in the comments, please grab the correct version via Google or
https://github.com/kubo/ruby-oci8/releases/tag/ruby-oci8-2.1.5
Make
a directory in your opt folder called oracle and put all downloaded files in it
and unzip them all and follow the steps for the ruby-oci8 file
By simply
typing:
- cd opt/
- mkdir oracle
- cd oracle/
- unzip basic-10.2.0.5.0-linux.zip
- unzip sdk-10.2.0.5.0-linux.zip
- unzip sqlplus-10.2.0.5.0-linux.zip
- mv ruby-oci8-2.1.5.tar.gz instantclient_10_2/
- cd instantclient_10_2/
- ln -s libclntsh.so.10.1 libclntsh.so (if you don’t do this you’ll get an error)
- tar -zxvf ruby-oci8-2.1.5.tar.gz
Now that that part is done lets add some paths to our
.bashrc file.
- echo "export PATH=$PATH:/opt/oracle/instantclient_10_2" >> /root/.bashrc
- echo "export SQLPATH=/opt/oracle/instantclient_10_2" >> /root/.bashrc
- echo "export TNS_ADMIN=/opt/oracle/instantclient_10_2" >> /root/.bashrc
- echo "export LD_LIBRARY_PATH=/opt/oracle/instantclient_10_2" >> /root/.bashrc
- echo "export ORACLE_HOME=/opt/oracle/instantclient_10_2" >> /root/.bashrc
Also, I have always gotten an error on the LD_LIBRARY path
so I just ran when I ran the ruby setup so just do this again but define it like
below:
- export LD_LIBRARY_PATH=/opt/oracle/instantclient_10_2
- cd ruby-oci8-2.1.5/
- ruby setup.rb config *** see update if this errors out.
- ruby setup.rb setup
- ruby setup.rb install
Make sure you restart Metasploit and give it a try, if all works like it should have you should now be able to test Oracle with Metasploit. You can test with 127.0.0.1 just to verify everything is working, you don’t need to have Oracle running to verify it will work.
That's it good luck, and enjoy!
As pointed out in the comment below you may also wish to check with the auxiliary/admin/oracle/oracle_sql module, to verify full functionality. Thanks CG!
*****UPDATE*****
Some distros such as Kali 1.08 may need the Ruby dev modules installed before running the ruby setup.rb command. Simply do an apt-get install ruby-dev before you run it. Thanks to Jagar for pointing out this issue.
As pointed out in the comment below you may also wish to check with the auxiliary/admin/oracle/oracle_sql module, to verify full functionality. Thanks CG!
*****UPDATE*****
Some distros such as Kali 1.08 may need the Ruby dev modules installed before running the ruby setup.rb command. Simply do an apt-get install ruby-dev before you run it. Thanks to Jagar for pointing out this issue.