Saturday, August 24, 2013

How to get Oracle support in Metasploit working in Kali Linux.

Getting the Oracle support in Metasploit can be a complete pain, there are a lot of little things that some blogs have right some are missing a step or two and some are just outdated. I couldn't find any information that gave me the complete answers, when I finally figured it out and tested it the setup was quite painless.When it doesn't work the image below is the error you see and even the link shown in the error is outdated. * It's important to point out the module I'm using in these examples is auxiliary/admin/oracle/oracle_login not the the ones in the scanner directory. 

From here you need a few things head over to the following sites and grab these files, on oracle you need to make an account, don’t worry 10 minute mail works for that (make sure you get the 32 or 64 bit for what your system is):

Next, head over to Rubyforge and get the latest version of the oci-8 file. I used 2.1.5 if you deviate from that, you are on your own.* 
Rubyforge is no more as pointed out in the comments, please grab the correct version via Google or

Make a directory in your opt folder called oracle and put all downloaded files in it and unzip them all and follow the steps for the ruby-oci8 file

By simply typing:
  • cd opt/
  • mkdir oracle
  • cd oracle/
  • unzip 
  • unzip
  • unzip
  • mv ruby-oci8-2.1.5.tar.gz  instantclient_10_2/
  • cd instantclient_10_2/
  • ln -s  (if you don’t do this you’ll get an error)
  • tar -zxvf ruby-oci8-2.1.5.tar.gz

Now that that part is done lets add some paths to our .bashrc file.
  • echo "export PATH=$PATH:/opt/oracle/instantclient_10_2" >> /root/.bashrc
  • echo "export SQLPATH=/opt/oracle/instantclient_10_2" >> /root/.bashrc
  • echo "export TNS_ADMIN=/opt/oracle/instantclient_10_2" >> /root/.bashrc
  • echo "export LD_LIBRARY_PATH=/opt/oracle/instantclient_10_2" >> /root/.bashrc
  • echo "export ORACLE_HOME=/opt/oracle/instantclient_10_2" >> /root/.bashrc

Also, I have always gotten an error on the LD_LIBRARY path so I just ran when I ran the ruby setup so just do this again but define it like below:
  • export LD_LIBRARY_PATH=/opt/oracle/instantclient_10_2
  • cd ruby-oci8-2.1.5/
  • ruby setup.rb config *** see update if this errors out.
  • ruby setup.rb setup
  • ruby setup.rb install

Make sure you restart Metasploit and give it a try, if all works like it should have you should now be able to test Oracle with Metasploit. You can test with just to verify everything is working, you don’t need to have Oracle running to verify it will work.

That's it good luck, and enjoy!

As pointed out in the comment below you may also wish to check with the auxiliary/admin/oracle/oracle_sql module, to verify full functionality. Thanks CG!

Some distros such as Kali 1.08 may need the Ruby dev modules installed before running the ruby setup.rb command.  Simply do an apt-get install ruby-dev before you run it. Thanks to Jagar for pointing out this issue.


  1. that's actually a bad choice of modules to check with as im pretty sure it uses nmap oracle libs to perform the brute attack.

    a better one would be the oracle_sql
    use auxiliary/admin/oracle/oracle_sql

    as that will actually log in via sqlplus, run a command, and give you the output.

    1. I didn't see any references to that in the module. But I am not a Metasploit master and could have easily missed or not understood it fully. I have added some info to the blog. Thanks!

  2. if you check here

    it doesnt call the oracle mixin.

    and you can see it setting up the nmap stuff, but agree the description should say something about using nmap. there is no way to know that unless you look the code (which shouldnt be the case)

    1. In my example this is the module I am using which does have the include Oracle statement.

  3. ah yep, thats the old one that one should use the oracle libs.

    1. I gets confusing with both in there, I usually end-up using both.

  4. Thanks, works like a charm!

  5. Hi,

    as is down since Mai 15, you may want to change the download path to the oci file: