Metasploit - Failed to load the OCI library: no such file to load -- oci8_loaderror: error: 'cannot load such file -- oci8-优快云博客

本文介绍如何在不同平台上安装Ruby-OCI8模块及Oracle Instant Client软件包，以便于通过Metasploit框架连接Oracle数据库。文章详细说明了下载、配置及安装步骤，并提供了解决常见问题的方法。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

Today, when I use oracle sql module (use auxiliary/admin/oracle/oracle_sql), metasplot console shows me “Failed to load the OCI library: no such file to load – oci8”.

Introduction

This page explains the way to install ruby-oci8 for Oracle Instant Client.

For Oracle Full Client, look at install-full-client. For Windows, look at install-binary-package unless you have a special need to compile ruby-oci8 by yourself.

Install Oracle Instant Client Packages

Donwload Instant Client Packages

Download the following packages from Oracle Technology Network.

Instant Client Package - Basic or Basic Lite
Instant Client Package - SDK
Instant Client Package - SQL*Plus

Note: use 32-bit packages for 32-bit ruby even though the OS is 64-bit.

UNIX zip packages

Unzip the packages as follows:

mkdir /opt
mkdir /opt/oracle
cd /opt/oracle
unzip path/to/instantclient-basic-OS-VERSION.zip
unzip path/to/instantclient-sdk-OS-VERSION.zip
unzip path/to/instantclient-sqlplus-OS-VERSION.zip

If /opt/oracle/instantclient12_1/libclntsh.so is not found, make a symbolic link to link the library.

cd /opt/oracle/instantclient12_1
ln -s libclntsh.so.12.1 libclntsh.so

For example:

$ LD_LIBRARY_PATH=/opt/oracle/instantclient_12_1
$ export LD_LIBRARY_PATH

Installation

If you get a problem in the following steps, look at platform-specific-issues and report-installation-issue.

gem package

Run the following command.

gem install ruby-oci8

If you get a problem, look at platform-specific-issues and report-installation-issue.

tar.gz package

Download the latest tar.gz package from download page.

gzip -dc ruby-oci8-VERSION.tar.gz | tar xvf -
cd ruby-oci8-VERSION
make
make install

Metasploit - Exploit Oracle Database

Now, we can connect target oracle database with Metasploit.

msf auxiliary(oracle_sql) > show options 

Module options (auxiliary/admin/oracle/oracle_sql):

Name    Current Setting          Required  Description
----    ---------------          --------  -----------
DBPASS  TIGER                    yes       The password to authenticate with.
DBUSER  SCOTT                    yes       The username to authenticate with.
RHOST                            yes       The Oracle host.
RPORT   1521                     yes       The TNS port.
SID     ORCL                     yes       The sid to authenticate with.
SQL     select * from v$version  no        The SQL to execute.

msf auxiliary(oracle_sql) > set RHOST 8.8.8.8
RHOST => 8.8.8.8
msf auxiliary(oracle_sql) > run

[*] Sending statement: 'select * from v$version'...
[-] ORA-12170: TNS:Connect timeout occurred
[*] Auxiliary module execution completed