Getting the Oracle support in Metasploit can be a complete
pain, there are a lot of little things that some blogs have right some are
missing a step or two and some are just outdated. I couldn't find any
information that gave me the complete answers, when I finally figured it out
and tested it the setup was quite painless.When it doesn't work the image
below is the error you see and even the link shown in the error is outdated. * It's important to point out the module I'm using in these examples is auxiliary/admin/oracle/oracle_login not the the ones in the scanner directory.
From here you need a few things
head over to the following sites and grab these files, on oracle you need to
make an account, don’t worry 10 minute mail works for that (make sure you get
the 32 or 64 bit for what your system is):
http://www.oracle.com/technetwork/database/features/instant-client/index-097480.html
- basic-10.2.0.5.0-linux.zip
- sdk-10.2.0.5.0-linux.zip
- sqlplus-10.2.0.5.0-linux.zip
Next, head over to Rubyforge and get the latest version of
the oci-8 file. I used 2.1.5 if you deviate from that, you are on your own.
http://rubyforge.org/frs/download.php/76831/ruby-oci8-2.1.5.tar.gz*
Rubyforge is no more as pointed out in the comments, please grab the correct version via Google or
https://github.com/kubo/ruby-oci8/releases/tag/ruby-oci8-2.1.5
Rubyforge is no more as pointed out in the comments, please grab the correct version via Google or
https://github.com/kubo/ruby-oci8/releases/tag/ruby-oci8-2.1.5
Make
a directory in your opt folder called oracle and put all downloaded files in it
and unzip them all and follow the steps for the ruby-oci8 file
By simply
typing:
- cd opt/
- mkdir oracle
- cd oracle/
- unzip basic-10.2.0.5.0-linux.zip
- unzip sdk-10.2.0.5.0-linux.zip
- unzip sqlplus-10.2.0.5.0-linux.zip
- mv ruby-oci8-2.1.5.tar.gz instantclient_10_2/
- cd instantclient_10_2/
- ln -s libclntsh.so.10.1 libclntsh.so (if you don’t do this you’ll get an error)
- tar -zxvf ruby-oci8-2.1.5.tar.gz
Now that that part is done lets add some paths to our
.bashrc file.
- echo "export PATH=$PATH:/opt/oracle/instantclient_10_2" >> /root/.bashrc
- echo "export SQLPATH=/opt/oracle/instantclient_10_2" >> /root/.bashrc
- echo "export TNS_ADMIN=/opt/oracle/instantclient_10_2" >> /root/.bashrc
- echo "export LD_LIBRARY_PATH=/opt/oracle/instantclient_10_2" >> /root/.bashrc
- echo "export ORACLE_HOME=/opt/oracle/instantclient_10_2" >> /root/.bashrc
Also, I have always gotten an error on the LD_LIBRARY path
so I just ran when I ran the ruby setup so just do this again but define it like
below:
- export LD_LIBRARY_PATH=/opt/oracle/instantclient_10_2
- cd ruby-oci8-2.1.5/
- ruby setup.rb config *** see update if this errors out.
- ruby setup.rb setup
- ruby setup.rb install
Make sure you restart Metasploit and give it a try, if all works like it should have you should now be able to test Oracle with Metasploit. You can test with 127.0.0.1 just to verify everything is working, you don’t need to have Oracle running to verify it will work.
That's it good luck, and enjoy!
As pointed out in the comment below you may also wish to check with the auxiliary/admin/oracle/oracle_sql module, to verify full functionality. Thanks CG!
*****UPDATE*****
Some distros such as Kali 1.08 may need the Ruby dev modules installed before running the ruby setup.rb command. Simply do an apt-get install ruby-dev before you run it. Thanks to Jagar for pointing out this issue.
As pointed out in the comment below you may also wish to check with the auxiliary/admin/oracle/oracle_sql module, to verify full functionality. Thanks CG!
*****UPDATE*****
Some distros such as Kali 1.08 may need the Ruby dev modules installed before running the ruby setup.rb command. Simply do an apt-get install ruby-dev before you run it. Thanks to Jagar for pointing out this issue.
that's actually a bad choice of modules to check with as im pretty sure it uses nmap oracle libs to perform the brute attack.
ReplyDeletea better one would be the oracle_sql
use auxiliary/admin/oracle/oracle_sql
as that will actually log in via sqlplus, run a command, and give you the output.
I didn't see any references to that in the module. But I am not a Metasploit master and could have easily missed or not understood it fully. I have added some info to the blog. Thanks!
Deleteif you check here
ReplyDeletehttps://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/oracle/oracle_login.rb
it doesnt call the oracle mixin.
and you can see it setting up the nmap stuff, but agree the description should say something about using nmap. there is no way to know that unless you look the code (which shouldnt be the case)
In my example this is the module I am using https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/oracle/oracle_login.rb. which does have the include Oracle statement.
Deleteah yep, thats the old one that one should use the oracle libs.
ReplyDeleteI gets confusing with both in there, I usually end-up using both.
DeleteThanks, works like a charm!
ReplyDeleteHi,
ReplyDeleteas rubyforge.org is down since Mai 15, you may want to change the download path to the oci file: https://github.com/kubo/ruby-oci8/releases
Thanks for point that out.
ReplyDelete