0x22bb
/
hacktricks
mirror of https://github.com/carlospolop/hacktricks.git
1
2
Fork 0
Code Releases Activity
hacktricks/pentesting/1521-1522-1529-pentesting-o.../oracle-pentesting-requireme...

110 lines
4.3 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<details>
<summary><strong>Support HackTricks and get benefits!</strong></summary>
Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
**Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
</details>
# Oracle Pentesting requirements installation
## Installation of tools (sqlplus) and needed libraries to use the oracle MSF modules
_(This installation guide was created for version 12.1.0.1.0, change that name for the version that you download)_
As root, create the directory `/opt/oracle`. Then download the [Oracle Instant Client](http://www.oracle.com/technetwork/database/features/instant-client/index-097480.html) packages for your version of Kali Linux. The packages you will need are:
* instantclient-basic-linux-12.1.0.1.0.zip
* instantclient-sqlplus-linux-12.1.0.1.0.zip
* instantclient-sdk-linux-12.1.0.1.0.zip
Unzip these under `/opt/oracle`, and you should now have a path called `/opt/oracle/instantclient_12_1/`. Next symlink the shared library that we need to access the library from oracle:
```
# ln libclntsh.so.12.1 libclntsh.so
# ls -lh libclntsh.so
lrwxrwxrwx 1 root root 17 Jun 1 15:41 libclntsh.so -> libclntsh.so.12.1
# ldconfig
```
You also need to configure the appropriate environment variables, add the following to either
* \~/.bashrc
* /etc/profile
```
export PATH=$PATH:/opt/oracle/instantclient_12_1
export SQLPATH=/opt/oracle/instantclient_12_1
export TNS_ADMIN=/opt/oracle/instantclient_12_1
export LD_LIBRARY_PATH=/opt/oracle/instantclient_12_1
export ORACLE_HOME=/opt/oracle/instantclient_12_1
```
Add Oracle libraries to ldconfig:
```
echo "/opt/oracle/instantclient_12_1/" >> /etc/ld.so.conf.d/99_oracle
```
If you have succeeded, you should be able to run `sqlplus` from a command prompt **(you may need to log out and log back in again)**:
```
sqlplus <username>/<password>@<ip_address>/<SID>;
```
### **Step TwoInstall Ruby Gem ruby-oci8**
_These steps are needed to use metasploit oracle modules_
**Install other OS dependencies:**
```
apt-get install libgmp-dev
```
**Compile and install ruby-oci8 (root)**
```
wget https://github.com/kubo/ruby-oci8/archive/ruby-oci8-2.1.8.zip
unzip ruby-oci8-2.1.8.zip
cd ruby-oci8-ruby-oci8-2.1.8/
```
```
make
make install
gem install ruby-oci8
```
Restart msfconsole (or restart the computer).
<details>
<summary><strong>Support HackTricks and get benefits!</strong></summary>
Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
**Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
</details>
View Git Blame Copy Permalink