Pentesting

Oracle Pentesting requirements installation

Installation of tools (sqlplus) and needed libraries to use the oracle MSF modules

(This installation guide was created for version 12.1.0.1.0, change that name for the version that you download)

As root, create the directory /opt/oracle. Then download the Oracle Instant Client packages for your version of Kali Linux. The packages you will need are:

  • instantclient-basic-linux-12.1.0.1.0.zip

  • instantclient-sqlplus-linux-12.1.0.1.0.zip

  • instantclient-sdk-linux-12.1.0.1.0.zip

Unzip these under /opt/oracle, and you should now have a path called /opt/oracle/instantclient_12_1/. Next symlink the shared library that we need to access the library from oracle:

# ln libclntsh.so.12.1 libclntsh.so
# ls -lh libclntsh.so
lrwxrwxrwx 1 root root 17 Jun 1 15:41 libclntsh.so -> libclntsh.so.12.1
# ldconfig

You also need to configure the appropriate environment variables, add the following to either

  • ~/.bashrc

  • /etc/profile

export PATH=$PATH:/opt/oracle/instantclient_12_1
export SQLPATH=/opt/oracle/instantclient_12_1
export TNS_ADMIN=/opt/oracle/instantclient_12_1
export LD_LIBRARY_PATH=/opt/oracle/instantclient_12_1
export ORACLE_HOME=/opt/oracle/instantclient_12_1

Add Oracle libraries to ldconfig:

echo "/opt/oracle/instantclient_12_1/" >> /etc/ld.so.conf.d/99_oracle

If you have succeeded, you should be able to run sqlplus from a command prompt (you may need to log out and log back in again):

sqlplus <username>/<password>@<ip_address>/<SID>;

Step Two — Install Ruby Gem ruby-oci8

These steps are needed to use metasploit oracle modules

Install other OS dependencies:

apt-get install libgmp-dev

Compile and install ruby-oci8 (root)

wget https://github.com/kubo/ruby-oci8/archive/ruby-oci8-2.1.8.zip
unzip ruby-oci8-2.1.8.zip
cd ruby-oci8-ruby-oci8-2.1.8/
make
make install
gem install ruby-oci8

Restart msfconsole (or restart the computer).