Metasploit - Failed to load the OCI library: no such file to load -- oci8

Today, when I use oracle sql module (use auxiliary/admin/oracle/oracle_sql), metasplot console shows me “Failed to load the OCI library: no such file to load – oci8”.

---

Introduction

This page explains the way to install ruby-oci8 for Oracle Instant Client.

For Oracle Full Client, look at install-full-client. For Windows, look at install-binary-package unless you have a special need to compile ruby-oci8 by yourself.

---

Install Oracle Instant Client Packages

Donwload Instant Client Packages

---

Download the following packages from Oracle Technology Network.

• Instant Client Package - Basic or Basic Lite
• Instant Client Package - SDK
• Instant Client Package - SQL*Plus

Note: use 32-bit packages for 32-bit ruby even though the OS is 64-bit.

UNIX zip packages

---

Unzip the packages as follows:

mkdir /opt
mkdir /opt/oracle
cd /opt/oracle
unzip path/to/instantclient-basic-OS-VERSION.zip
unzip path/to/instantclient-sdk-OS-VERSION.zip
unzip path/to/instantclient-sqlplus-OS-VERSION.zip

If /opt/oracle/instantclient12_1/libclntsh.so is not found, make a symbolic link to link the library.

cd /opt/oracle/instantclient12_1
ln -s libclntsh.so.12.1 libclntsh.so

For example:

$ LD_LIBRARY_PATH=/opt/oracle/instantclient_12_1
$ export LD_LIBRARY_PATH

---

Installation

If you get a problem in the following steps, look at platform-specific-issues and report-installation-issue.

gem package

---

Run the following command.

gem install ruby-oci8

If you get a problem, look at platform-specific-issues and report-installation-issue.

tar.gz package

---

Download the latest tar.gz package from download page.

gzip -dc ruby-oci8-VERSION.tar.gz | tar xvf -
cd ruby-oci8-VERSION
make
make install

---

Metasploit - Exploit Oracle Database

Now, we can connect target oracle database with Metasploit.

msf auxiliary(oracle_sql) > show options 

Module options (auxiliary/admin/oracle/oracle_sql):

Name    Current Setting          Required  Description
----    ---------------          --------  -----------
DBPASS  TIGER                    yes       The password to authenticate with.
DBUSER  SCOTT                    yes       The username to authenticate with.
RHOST                            yes       The Oracle host.
RPORT   1521                     yes       The TNS port.
SID     ORCL                     yes       The sid to authenticate with.
SQL     select * from v$version  no        The SQL to execute.

msf auxiliary(oracle_sql) > set RHOST 8.8.8.8
RHOST => 8.8.8.8
msf auxiliary(oracle_sql) > run

[*] Sending statement: 'select * from v$version'...
[-] ORA-12170: TNS:Connect timeout occurred
[*] Auxiliary module execution completed

1. http://www.rubydoc.info/gems/ruby-oci8/file/docs/install-instant-client.md
2. http://leonjza.github.io/blog/2014/08/17/kali-linux-oracle-support/