LinuxÏ°²×°MetasploitÆƽâOracleµÇ¼Óû§ÃûÃÜÂë

by:vitter@safechina.net
blog.securitycn.net
×î½üÔÚ¸ãoracle£¬Ò»Ð©Ð¡¶«Î÷¼Ç¼һÏ¡£
MetasploitÊÇÒ»¸öºÜºÃµÄ¹¥»÷¹¤¾ß°ü£¬µ±È»ÎÒÃÇÕâ´Î²»ÊǽéÉÜÕâ¸ö¹¤¾ß°üµÄ£¬Ö÷ÒªÊÇ´óÅ£MCдÁ˺ܶàoracleµÄ¹¤¾ß£¬ÔÚ×î½ü»á¾­³£Óá£ÎÒÖ÷Òª»áÓõ½¾­µä¹¤¾ßtnscmdÒÆÖ²µ½MSFÖеÄС¹¤¾ß£¨²»ÈçplµÄºÃÓã¬Ã»»»ÐУ¬¿´½á¹ûºÜÀÛ£©£¬sid_bruteºÍlogin_brute£¬ÓõÄ×î¶àµÄ»¹ÊDZ©Á¦ÆƽâoracleÓû§ÃûºÍÃÜÂëµÄlogin_brute¡£ÏÂÃæ¾Í˵ÏÂÔõô°²×°ºÍʹÓã¬Ö÷ÒªÊÇ°²×°£¬ÒòΪÓÐЩÐèҪעÒâµÄ¶«Î÷£¬Çë×¢ÒâбÌå×Ö¡£
1¡¢ÏÈ×°gcc±àÒë»·¾³ £¨ÎÒÓõÄserver±È½Ï²Ò£¬×îС°²×°£¬ÏµÍ³Ò²ÀÏ£¬FC2¡££©
rpm -ivh cpp-3.3.3-7.i386.rpm
rpm -ivh glibc-kernheaders-2.4-8.44.i386.rpm
rpm -ivh glibc-headers-2.3.3-27.i386.rpm
rpm -ivh glibc-devel-2.3.3-27.i386.rpm
rpm -ivh binutils-2.15.90.0.3-5.i386.rpm
rpm -ivh gcc-3.3.3-7.i386.rpm
2¡¢°²×°oracle¿Í»§¶Ë
ÏÂÔØ£ºhttp://www.oracle.com/technology/software/tech/oci/instantclient/htdocs/linuxsoft.html
rpm°ü°²×°±È½ÏÊ¡ÊÂ,µ±È»ÄãÒ²¿ÉÒÔÏÂÔØѹËõ°ü°²×°£¬°´ÕÕ˵Ã÷À´×°¼´¿É¡£
rpm -ivh oracle-instantclient11.1-basic-11.1.0.7.0-1.i386.rpm oracle-instantclient11.1-devel-11.1.0.7.0-1.i386.rpm oracle- instantclient11.1-sqlplus-11.1.0.7.0-1.i386.rpm
×°Íêºó£¬Ö´ÐÐÏÂÃæ2ÌõÃüÁͬʱÉèÖÃÔÚ»·¾³±äÁ¿À¼ÓÈëµ½/etc/profile×îºó¼´¿É£º
LD_LIBRARY_PATH=/usr/lib/oracle/11.1/client/lib/
export LD_LIBRARY_PATH
3¡¢×°ruby
ÏÂÔØ£ºhttp://www.ruby-lang.org/en/downloads/
tar zxvf ruby-1.8.5-p231.tar.bz2   #£¨Õâ¸ö×¢ÒâÏ£¬²»Òª×°1.9µÄ°æ±¾£¬·ñÔò»á³öÏÖMSF²»ÄܶÁCSVÎļþµÄÎÊÌâ,±¨NameError uninitialized constant CSV::Reader´íÎó£©
cd ruby-1.8.5-p231
./configure
make && make install
4¡¢×°ruby-oci8
°²×°ËµÃ÷£ºhttp://ruby-oci8.rubyforge.org/en/InstallForInstantClient.html
ÏÂÔØ£ºhttp://rubyforge.org/projects/ruby-oci8/
Õâ¸öruby-oci8-1.0.6°æ±¾»òÕß ruby-oci8-2.0.0¶¼¿ÉÒÔ¡£
°²×°Ç°ÒªÈ·ÈÏ»·¾³±äÁ¿£¬¼´sqlplusÄÜÕý³£ÔËÐоͿɣº
LD_LIBRARY_PATH=/usr/lib/oracle/10.2.0.3/client/lib
export LD_LIBRARY_PATH
tar zxvf ruby-oci8-2.0.0.tar.gz
cd ruby-oci8-2.0.0
make
make install
5¡¢×°ruby-dbi
ÏÂÔØ£ºhttp://rubyforge.org/frs/?group_id=234
ÓÃd