Saturday, August 24, 2013

How to get Oracle support in Metasploit working in Kali Linux.

Getting the Oracle support in Metasploit can be a complete pain, there are a lot of little things that some blogs have right some are missing a step or two and some are just outdated. I couldn't find any information that gave me the complete answers, when I finally figured it out and tested it the setup was quite painless.When it doesn't work the image below is the error you see and even the link shown in the error is outdated. * It's important to point out the module I'm using in these examples is auxiliary/admin/oracle/oracle_login not the the ones in the scanner directory. 


From here you need a few things head over to the following sites and grab these files, on oracle you need to make an account, don’t worry 10 minute mail works for that (make sure you get the 32 or 64 bit for what your system is):

http://www.oracle.com/technetwork/database/features/instant-client/index-097480.html
  • basic-10.2.0.5.0-linux.zip 
  • sdk-10.2.0.5.0-linux.zip
  • sqlplus-10.2.0.5.0-linux.zip




Next, head over to Rubyforge and get the latest version of the oci-8 file. I used 2.1.5 if you deviate from that, you are on your own.

http://rubyforge.org/frs/download.php/76831/ruby-oci8-2.1.5.tar.gz* 
Rubyforge is no more as pointed out in the comments, please grab the correct version via Google or
https://github.com/kubo/ruby-oci8/releases/tag/ruby-oci8-2.1.5


Make a directory in your opt folder called oracle and put all downloaded files in it and unzip them all and follow the steps for the ruby-oci8 file



By simply typing:
  • cd opt/
  • mkdir oracle
  • cd oracle/
  • unzip basic-10.2.0.5.0-linux.zip 
  • unzip sdk-10.2.0.5.0-linux.zip
  • unzip sqlplus-10.2.0.5.0-linux.zip
  • mv ruby-oci8-2.1.5.tar.gz  instantclient_10_2/
  • cd instantclient_10_2/
  • ln -s libclntsh.so.10.1 libclntsh.so  (if you don’t do this you’ll get an error)
  • tar -zxvf ruby-oci8-2.1.5.tar.gz

Now that that part is done lets add some paths to our .bashrc file.
  • echo "export PATH=$PATH:/opt/oracle/instantclient_10_2" >> /root/.bashrc
  • echo "export SQLPATH=/opt/oracle/instantclient_10_2" >> /root/.bashrc
  • echo "export TNS_ADMIN=/opt/oracle/instantclient_10_2" >> /root/.bashrc
  • echo "export LD_LIBRARY_PATH=/opt/oracle/instantclient_10_2" >> /root/.bashrc
  • echo "export ORACLE_HOME=/opt/oracle/instantclient_10_2" >> /root/.bashrc

Also, I have always gotten an error on the LD_LIBRARY path so I just ran when I ran the ruby setup so just do this again but define it like below:
  • export LD_LIBRARY_PATH=/opt/oracle/instantclient_10_2
  • cd ruby-oci8-2.1.5/
  • ruby setup.rb config *** see update if this errors out.
  • ruby setup.rb setup
  • ruby setup.rb install




Make sure you restart Metasploit and give it a try, if all works like it should have you should now be able to test Oracle with Metasploit. You can test with 127.0.0.1 just to verify everything is working, you don’t need to have Oracle running to verify it will work.



That's it good luck, and enjoy!

As pointed out in the comment below you may also wish to check with the auxiliary/admin/oracle/oracle_sql module, to verify full functionality. Thanks CG!

*****UPDATE*****
Some distros such as Kali 1.08 may need the Ruby dev modules installed before running the ruby setup.rb command.  Simply do an apt-get install ruby-dev before you run it. Thanks to Jagar for pointing out this issue.