EvilSaint Wordmark

Installing Oracle Tools For Pentesting

6 Oct 2021, 9:45 a.m.
3 Dec 2021, 10:33 a.m.
05:32 minutes

Oracle Database penetration testing can often be an area where young testers, find themselves underprepared. Oracle Database technology spans back over several decades and some of the penetration testing tools used have funky dependencies, and often need specific configuration steps. In this tutorial, I will outline the steps to get your virtual machine ready to test our code.

    Oracle Tool Setup

    ODAT

    Can install from Apt repository’s

    apt-get install odat

    Or we can install the latest version off of Github

    Install the following dependencies 

    sudo apt-get install libaio1 python3-dev alien python3-pip

    Download ODAT (https://github.com/quentinhardy/odat)

    git clone https://github.com/quentinhardy/odat.git

    Install dependency

    pip3 install cx_Oracle --upgrade

    Test if all is good:

    python3 -c 'import cx_Oracle'

    This command should just return without errors.

    Install some python libraries:

    sudo apt-get install python3-scapy
sudo pip3 install colorlog termcolor pycrypto passlib python-libnmap
sudo pip3 install argcomplete
sudo activate-global-python-argcomplete3

    Download and install the development version of pyinstaller (http://www.pyinstaller.org/) for python 3.

    python setup.py install

    or install through pip:

    pip3 install pyinstaller

    Run ODAT:

    python3 odat.py -h

    SQLPlus

    Install the Oracle Client Libraries for Kali Linux from the following URL

    https://www.oracle.com/database/technologies/instant-client/downloads.html

    At the time of writing the URL for my version of Kali was found on this page

    https://www.oracle.com/database/technologies/instant-client/linux-x86-64-downloads.html

    Base package

    cd /tmp
wget https://download.oracle.com/otn_software/linux/instantclient/213000/instantclient-basic-linux.x64-21.3.0.0.0.zip
sudo mkdir /opt/oracle
sudo unzip instantclient-basic-linux.x64-21.3.0.0.0.zip -d /opt/oracle

    SQL Plus

    cd /tmp
wget https://download.oracle.com/otn_software/linux/instantclient/213000/instantclient-sqlplus-linux.x64-21.3.0.0.0.zip
sudo unzip instantclient-sqlplus-linux.x64-21.3.0.0.0.zip -d /opt/oracle

    SDK

    cd /tmp
wget https://download.oracle.com/otn_software/linux/instantclient/213000/instantclient-sdk-linux.x64-21.3.0.0.0.zip
sudo unzip instantclient-sdk-linux.x64-21.3.0.0.0.zip -d /opt/oracle

    Files will look similar to

    └─$ ls -l /opt/oracle/instantclient_21_3 
total 248776
-rwxr-xr-x 1 root root     42144 Jul 27 13:18 adrci
-rw-r--r-- 1 root root      5780 Jul 27 13:18 BASIC_LICENSE
-rw-r--r-- 1 root root      1634 Jul 27 13:18 BASIC_README
-rwxr-xr-x 1 root root     59528 Jul 27 13:18 genezi
-rw-r--r-- 1 root root       342 Jul 27 13:18 glogin.sql
lrwxrwxrwx 1 root root        21 Sep  5 10:30 libclntshcore.so -> libclntshcore.so.21.1
lrwxrwxrwx 1 root root        21 Sep  5 10:30 libclntshcore.so.12.1 -> libclntshcore.so.21.1
lrwxrwxrwx 1 root root        21 Sep  5 10:30 libclntshcore.so.18.1 -> libclntshcore.so.21.1
lrwxrwxrwx 1 root root        21 Sep  5 10:30 libclntshcore.so.19.1 -> libclntshcore.so.21.1
lrwxrwxrwx 1 root root        21 Sep  5 10:30 libclntshcore.so.20.1 -> libclntshcore.so.21.1
-rwxr-xr-x 1 root root   8108520 Jul 27 13:18 libclntshcore.so.21.1
lrwxrwxrwx 1 root root        17 Sep  5 10:30 libclntsh.so -> libclntsh.so.21.1
lrwxrwxrwx 1 root root        17 Sep  5 10:30 libclntsh.so.10.1 -> libclntsh.so.21.1
lrwxrwxrwx 1 root root        17 Sep  5 10:30 libclntsh.so.11.1 -> libclntsh.so.21.1
lrwxrwxrwx 1 root root        17 Sep  5 10:30 libclntsh.so.12.1 -> libclntsh.so.21.1
lrwxrwxrwx 1 root root        17 Sep  5 10:30 libclntsh.so.18.1 -> libclntsh.so.21.1
lrwxrwxrwx 1 root root        17 Sep  5 10:30 libclntsh.so.19.1 -> libclntsh.so.21.1
lrwxrwxrwx 1 root root        17 Sep  5 10:30 libclntsh.so.20.1 -> libclntsh.so.21.1
-rwxr-xr-x 1 root root  83460712 Jul 27 13:18 libclntsh.so.21.1
-rwxr-xr-x 1 root root   7118328 Jul 27 13:18 libnnz21.so
lrwxrwxrwx 1 root root        15 Sep  5 10:30 libocci.so -> libocci.so.21.1
lrwxrwxrwx 1 root root        15 Sep  5 10:30 libocci.so.10.1 -> libocci.so.21.1
lrwxrwxrwx 1 root root        15 Sep  5 10:30 libocci.so.11.1 -> libocci.so.21.1
lrwxrwxrwx 1 root root        15 Sep  5 10:30 libocci.so.12.1 -> libocci.so.21.1
lrwxrwxrwx 1 root root        15 Sep  5 10:30 libocci.so.18.1 -> libocci.so.21.1
lrwxrwxrwx 1 root root        15 Sep  5 10:30 libocci.so.19.1 -> libocci.so.21.1
lrwxrwxrwx 1 root root        15 Sep  5 10:30 libocci.so.20.1 -> libocci.so.21.1
-rwxr-xr-x 1 root root   2374192 Jul 27 13:18 libocci.so.21.1
-rwxr-xr-x 1 root root 142713392 Jul 27 13:18 libociei.so
-r-xr-xr-x 1 root root    153584 Jul 27 13:18 libocijdbc21.so
-rwxr-xr-x 1 root root    116104 Jul 27 13:18 liboramysql.so
-rwxr-xr-x 1 root root   1710024 Jul 27 13:18 libsqlplusic.so
-rwxr-xr-x 1 root root   1613888 Jul 27 13:18 libsqlplus.so
drwxr-xr-x 3 root root      4096 Jul 27 13:18 network
-rw-r--r-- 1 root root   5053911 Jul 27 13:18 ojdbc8.jar
drwxr-xr-x 5 root root      4096 Jul 27 13:18 sdk
-rw-r--r-- 1 root root      5780 Jul 27 13:18 SDK_LICENSE
-rw-rw-r-- 1 root root      1628 Jul 27 13:18 SDK_README
-rwxr-xr-x 1 root root     25104 Jul 27 13:18 sqlplus
-rw-r--r-- 1 root root      5780 Jul 27 13:18 SQLPLUS_LICENSE
-rw-r--r-- 1 root root      1642 Jul 27 13:18 SQLPLUS_README
-rw-r--r-- 1 root root   1790635 Jul 27 13:18 ucp.jar
-rwxr-xr-x 1 root root    235904 Jul 27 13:18 uidrvci
-rw-r--r-- 1 root root     74603 Jul 27 13:18 xstreams.jar

    Make sure that libclntsh.so is symlinked

    cd /opt/oracle/instantclient_21_3
ls -lh libclntsh.so                                                                                                                                                   2 
lrwxrwxrwx 1 root root 17 Sep  5 10:30 libclntsh.so -> libclntsh.so.21.1
# ln libclntsh.so.21.1 libclntsh.so

    Configure Dynamic Run Timer Linker

    sudo ldconfig

    Put the following into ~/.bashrc

    export PATH=$PATH:/opt/oracle/instantclient_21_3
export SQLPATH=/opt/oracle/instantclient_21_3
export TNS_ADMIN=/opt/oracle/instantclient_21_3
export LD_LIBRARY_PATH=/opt/oracle/instantclient_21_3
export ORACLE_HOME=/opt/oracle/instantclient_21_3

    Insert the path for our “instantclient” libraries into a file in the /etc/ld.so.conf folder so the system knows where to load them. 

    echo "/opt/oracle/instantclient_21_3/" >> /etc/ld.so.conf.d/99_oracle

    Re-load the bash profle

    bash

    We should now be able to run 

    sqlplus

    Oscanner

    If not already installed 

    sudo apt-get install oscanner

    TNSCmd10g

    If not already installed

    sudo apt-get install tnscmd10g

    Metasploit

    cd /tmp
wget https://github.com/kubo/ruby-oci8/archive/refs/tags/ruby-oci8-2.2.9.zip
wget https://github.com/kubo/ruby-oci8/archive/refs/tags/ruby-oci8-2.1.8.zip # Oracle 9i.
wget https://github.com/kubo/ruby-oci8/archive/refs/tags/ruby-oci8-2.0.6.zip # Oracle 8
unzip ruby-oci8-2.2.9.zip
cd ruby-oci8-ruby-oci8-2.2.9/

    Install dependencies for us to make the gem

    sudo apt-get install libgmp-dev

    Make and install the GEM

    sudo make
sudo make install
sudo gem install ruby-oci8
    Making A YouTube Scraper
    Using Steampipe on AWS

    Captcha: What's the standard TCP port of the following service?

    captcha

    0 comments