Oracle exploitation in Metasploit

It might be a nightmare for you to use any of Metasploit modules for Oracle service!


measploit_oracle_error

The fact is that Metasploit uses ruby OCI8 module and for using it successfully you need to install two main modules: oracle-instantclient and ruby-oci8.

Basically at the time I was testing, these were the required file:

1: Oracle-instantclient-basic-10.2.0.4-1.i386.zip
2: Oracle-instantclient-sqlplus-10.2.0.4-1.i386.zip
3: Oracle-instantclient-devel-10.2.0.4-1.i386.zip
4: Ruby-oci8-2.0.3.tar.gz

Installing Oracle Instant Client

The first step is to extract the contents and create a Symbolic link:

sudo chmod 777 /opt
mkdir /opt/oracle/
cd /opt/oracle/
unzip /opt/oracle/oracle-instantclient-basic-10.2.0.4-1.i386.zip
unzip /opt/oracle/oracle-instantclient-sqlplus-10.2.0.4-1.i386.zip
unzip /opt/oracle/oracle-instantclient-devel-10.2.0.4-1.i386.zip
cd /opt/oracle/instantclient_10_2
ln -s libclntsh.so.10.1 libclntsh.so

Then we will add environment variables; it is suggested to add them to /root/.bashrc so you will not need to add them after every reboot.

export PATH=$PATH:/opt/oracle/instantclient_10_2
export SQLPATH=/opt/oracle/instantclient_10_2
export TNS_ADMIN=/opt/oracle/instantclient_10_2
export LD_LIBRARY_PATH=/opt/oracle/instantclient_10_2
export ORACLE_HOME=/opt/oracle/instantclient_10_2

And finally testing:

sqlplus


oracle_instant_client

Install ruby-oci8

Installing OCI8 library for ruby to use instant client through sqlplus

Requirement: RUBI

tar xvzf ruby-oci8-2.0.3.tar.gz
cd /opt/oracle/ruby-oci8-2.0.3/
export LD_LIBRARY_PATH=/opt/oracle/instantclient_10_2/
make
sudo make install

And at the end testing:

ruby -r oci8 -e 'OCI8.new("scott", "tiger", nil).exec("select * from emp")'


ruby_oci8

By now you should be able to use Oracle client, Rubi’s OCI8 and finally Metasploit Oracle exploits.

In continue you can find some common errors, following with a solution.

*** /usr/local/lib/site_ruby/1.9.2/oci8.rb:23:in `require’: no such file to load — oci8lib_191

gedit /usr/local/lib/site_ruby/1.9.2/oci8.rb &

change line 23 to “require ‘i486-linux/oci8lib_192’”

*** Warning: NLS_LANG is not set. fallback to US-ASCII.

export NLS_LANG=AMERICAN_AMERICA.WE8ISO8859P15

*** /msf3/data/msfweb/vendor/rails/activesupport/lib/active_support/dependencies.rb:443:in `load_missing_constant’

gem install ruby-oci8

*** require ‘oci8’ LoadError: no such file to load – oci8lib_191 from / usr/local/lib/site_ruby/1.9.2/oci8.rb: 40:

gedit /opt/metasploit/scripts/setenv.sh &

add to RUBYLIB the “/opt/metasploit/ruby/lib/ruby/site_ruby/1.9. 2/i686-linux:/usr/local/lib/site_ruby/1.9.2/”


P.S. You should be able to see environment variables (appendix 1) and files (appendix 2)

Related Video:

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s