110 lines
4.3 KiB
Markdown
110 lines
4.3 KiB
Markdown
|
||
|
||
<details>
|
||
|
||
<summary><strong>Support HackTricks and get benefits!</strong></summary>
|
||
|
||
Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||
|
||
Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||
|
||
Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||
|
||
**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
||
|
||
**Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
||
|
||
</details>
|
||
|
||
|
||
# Oracle Pentesting requirements installation
|
||
|
||
## Installation of tools (sqlplus) and needed libraries to use the oracle MSF modules
|
||
|
||
_(This installation guide was created for version 12.1.0.1.0, change that name for the version that you download)_
|
||
|
||
As root, create the directory `/opt/oracle`. Then download the [Oracle Instant Client](http://www.oracle.com/technetwork/database/features/instant-client/index-097480.html) packages for your version of Kali Linux. The packages you will need are:
|
||
|
||
* instantclient-basic-linux-12.1.0.1.0.zip
|
||
* instantclient-sqlplus-linux-12.1.0.1.0.zip
|
||
* instantclient-sdk-linux-12.1.0.1.0.zip
|
||
|
||
Unzip these under `/opt/oracle`, and you should now have a path called `/opt/oracle/instantclient_12_1/`. Next symlink the shared library that we need to access the library from oracle:
|
||
|
||
```
|
||
# ln libclntsh.so.12.1 libclntsh.so
|
||
# ls -lh libclntsh.so
|
||
lrwxrwxrwx 1 root root 17 Jun 1 15:41 libclntsh.so -> libclntsh.so.12.1
|
||
# ldconfig
|
||
```
|
||
|
||
You also need to configure the appropriate environment variables, add the following to either
|
||
|
||
* \~/.bashrc
|
||
* /etc/profile
|
||
|
||
```
|
||
export PATH=$PATH:/opt/oracle/instantclient_12_1
|
||
export SQLPATH=/opt/oracle/instantclient_12_1
|
||
export TNS_ADMIN=/opt/oracle/instantclient_12_1
|
||
export LD_LIBRARY_PATH=/opt/oracle/instantclient_12_1
|
||
export ORACLE_HOME=/opt/oracle/instantclient_12_1
|
||
```
|
||
|
||
Add Oracle libraries to ldconfig:
|
||
|
||
```
|
||
echo "/opt/oracle/instantclient_12_1/" >> /etc/ld.so.conf.d/99_oracle
|
||
```
|
||
|
||
If you have succeeded, you should be able to run `sqlplus` from a command prompt **(you may need to log out and log back in again)**:
|
||
|
||
```
|
||
sqlplus <username>/<password>@<ip_address>/<SID>;
|
||
```
|
||
|
||
### **Step Two — Install Ruby Gem ruby-oci8**
|
||
|
||
_These steps are needed to use metasploit oracle modules_
|
||
|
||
**Install other OS dependencies:**
|
||
|
||
```
|
||
apt-get install libgmp-dev
|
||
```
|
||
|
||
**Compile and install ruby-oci8 (root)**
|
||
|
||
```
|
||
wget https://github.com/kubo/ruby-oci8/archive/ruby-oci8-2.1.8.zip
|
||
unzip ruby-oci8-2.1.8.zip
|
||
cd ruby-oci8-ruby-oci8-2.1.8/
|
||
```
|
||
|
||
```
|
||
make
|
||
make install
|
||
gem install ruby-oci8
|
||
```
|
||
|
||
Restart msfconsole (or restart the computer).
|
||
|
||
|
||
<details>
|
||
|
||
<summary><strong>Support HackTricks and get benefits!</strong></summary>
|
||
|
||
Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||
|
||
Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||
|
||
Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||
|
||
**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
||
|
||
**Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
||
|
||
</details>
|
||
|
||
|