It might be a nightmare for you to use any of Metasploit modules for Oracle service!
The fact is that Metasploit uses ruby OCI8 module and for using it successfully you need to install two main modules: oracle-instantclient and ruby-oci8.
Basically at the time I was testing, these were the required file:
1: Oracle-instantclient-basic-10.2.0.4-1.i386.zip
2: Oracle-instantclient-sqlplus-10.2.0.4-1.i386.zip
3: Oracle-instantclient-devel-10.2.0.4-1.i386.zip
4: Ruby-oci8-2.0.3.tar.gz
Installing Oracle Instant Client
The first step is to extract the contents and create a Symbolic link:
sudo chmod 777 /opt mkdir /opt/oracle/ cd /opt/oracle/ unzip /opt/oracle/oracle-instantclient-basic-10.2.0.4-1.i386.zip unzip /opt/oracle/oracle-instantclient-sqlplus-10.2.0.4-1.i386.zip unzip /opt/oracle/oracle-instantclient-devel-10.2.0.4-1.i386.zip
cd /opt/oracle/instantclient_10_2 ln -s libclntsh.so.10.1 libclntsh.so
Then we will add environment variables; it is suggested to add them to /root/.bashrc so you will not need to add them after every reboot.
export PATH=$PATH:/opt/oracle/instantclient_10_2 export SQLPATH=/opt/oracle/instantclient_10_2 export TNS_ADMIN=/opt/oracle/instantclient_10_2 export LD_LIBRARY_PATH=/opt/oracle/instantclient_10_2 export ORACLE_HOME=/opt/oracle/instantclient_10_2
And finally testing:
sqlplus
Install ruby-oci8
Installing OCI8 library for ruby to use instant client through sqlplus
Requirement: RUBI
tar xvzf ruby-oci8-2.0.3.tar.gz cd /opt/oracle/ruby-oci8-2.0.3/ export LD_LIBRARY_PATH=/opt/oracle/instantclient_10_2/ make sudo make install
And at the end testing:
ruby -r oci8 -e 'OCI8.new("scott", "tiger", nil).exec("select * from emp")'
By now you should be able to use Oracle client, Rubi’s OCI8 and finally Metasploit Oracle exploits.
In continue you can find some common errors, following with a solution.
*** /usr/local/lib/site_ruby/1.9.2/oci8.rb:23:in `require’: no such file to load — oci8lib_191
gedit /usr/local/lib/site_ruby/1.9.2/oci8.rb &
change line 23 to “require ‘i486-linux/oci8lib_192’”
*** Warning: NLS_LANG is not set. fallback to US-ASCII.
export NLS_LANG=AMERICAN_AMERICA.WE8ISO8859P15
*** /msf3/data/msfweb/vendor/rails/activesupport/lib/active_support/dependencies.rb:443:in `load_missing_constant’
gem install ruby-oci8
*** require ‘oci8’ LoadError: no such file to load – oci8lib_191 from / usr/local/lib/site_ruby/1.9.2/oci8.rb: 40:
gedit /opt/metasploit/scripts/setenv.sh &
add to RUBYLIB the “/opt/metasploit/ruby/lib/ruby/site_ruby/1.9. 2/i686-linux:/usr/local/lib/site_ruby/1.9.2/”
P.S. You should be able to see environment variables (appendix 1) and files (appendix 2)
Related Video: