Problem with ruby/gems

[mjoyce014]

I always run into issues with ruby versioning and gems and was wondering if perhaps you could help me understand this issue.

I am using BT5RC3 from Blackhat.

I git pulled the repository and ruby shank.rb leaves me with this:

root@bt:~/shank# ruby shank.rb -x
shank.rb:22:in require': no such file to load -- packetfu (LoadError) from shank.rb:22:in

'

Oh yea, I say to myself, I gotta install packetfu:

root@bt:~/shank# gem install packetfu
Successfully installed packetfu-1.1.5
1 gem installed
Installing ri documentation for packetfu-1.1.5...
Installing RDoc documentation for packetfu-1.1.5...

I try again:

root@bt:~/shank# ruby shank.rb -x
shank.rb:22:in require': no such file to load -- packetfu (LoadError) from shank.rb:22:in

'

I noticed it said that ruby version 1.9 was required. Here is my ruby -v
root@bt:~/shank# ruby -v
ruby 1.9.2dev (2010-07-02) [i486-linux]

Are my gems getting put in another installation of ruby or something? Do you know why this is happening?

[mjoyce014]

Just to give more information, I have tried it with 'ruby shank.rb' and 'ruby1.9.2 shank.rb'

here is gem env:

root@bt:~/shank# gem env
RubyGems Environment:

• RUBYGEMS VERSION: 1.3.7
• RUBY VERSION: 1.9.2 (2010-07-02 patchlevel -1) [i486-linux]
• INSTALLATION DIRECTORY: /var/lib/gems/1.9.2/gems
• RUBY EXECUTABLE: /usr/bin/ruby1.9.2
• EXECUTABLE DIRECTORY: /var/lib/gems/1.9.2/gems/bin
• RUBYGEMS PLATFORMS:
  • ruby
  • x86-linux
• GEM PATHS:
  • /var/lib/gems/1.9.2/gems
• GEM CONFIGURATION:
  • :update_sources => true
  • :verbose => true
  • :benchmark => false
  • :backtrace => false
  • :bulk_threshold => 1000
• REMOTE SOURCES:
  • http://rubygems.org/

Which makes me think the gems are being installed with the /usr/bin/ruby1.9.2 installation.

Here is the gem list:

root@bt:~/shank# gem list

*** LOCAL GEMS ***

addressable (2.2.8, 2.2.6)
ansi (1.4.3, 1.4.2)
bindata (1.4.5)
bundle (0.0.1)
bundler (1.1.5)
daemons (1.1.9)
data_objects (0.10.8)
dm-core (1.2.0)
dm-do-adapter (1.2.0)
dm-migrations (1.2.0)
dm-sqlite-adapter (1.2.0)
do_sqlite3 (0.10.8)
em-websocket (0.3.8)
erubis (2.7.0)
eventmachine (0.12.10)
jsmin (1.0.1)
json (1.7.5, 1.6.5)
librex (0.0.68, 0.0.65)
msfrpc-client (1.0.1)
msgpack (0.4.7)
packetfu (1.1.5)
parseconfig (1.0.2, 0.5.2)
rack (1.4.1)
rack-protection (1.2.0)
rex (1.0.2)
sinatra (1.3.2)
sqlite3 (1.3.5)
term-ansicolor (1.0.7)
thin (1.4.1)
tilt (1.3.3)
root@bt:~/shank#

I can see it there... I know I am using the same ruby executable that RubyGems is using. Maybe gem is installing gems in the wrong spot?

[justfalter]

I haven't messed around with the ruby environment on BT5, myself, so it could be that there are some "particulars" that go with the platform...

There are several components to rubygems, but you can sometimes have partial installs of rubygems if the install failed, at some point. I'd first recommend uninstalling packetfu, and then reinstalling it:

gem uninstall packetfu
gem install packetfu

One way to verify that a gem is installed is using the "gem which" command like so:

gem which packetfu

This should tell you where rubygems found packetfu.rb in the ruby lib search path.

The following command will print out the entire ruby lib search path... Could you give me the output of:

ruby -rpp -e "pp $:"

Amongst all the paths, you should see something along the lines of

/var/lib/gems/1.9.2/gems/packetfu-1.1.5/lib

If you don't see it there, then try loading rubygems first. This shouldn't be necessary under versions of ruby 1.9.x... but, you never know:

ruby -rrubygems -rpp -e "pp $:"

If it suddenly shows up, then that would mean that you need to specify "-rrubygems" when you want to run shank.

Finally, you're bouncing between "ruby" and "ruby1.9.2" ... It's possible that /usr/bin/ruby is symlinked to ruby1.9.2... If it's not, then you could be installing your gems in one environment, and running ruby in another. Typically, if you see "ruby1.9.2" as a bin, you'll also see "gem1.9.2" ... Do you get different output if you run:

gem1.9.2 list

?

[pwndizzle]

I'm also experiencing the same issue in BT5R3.

'gem list', shows PacketFu as installed, as does, 'gem which packetfu'.

The path is: /root/.gem/ruby/1.9.2/gems/packetfu-1.1.5/lib/packetfu.rb

I was getting this error:

./shank.rb:22:in require': no such file to load -- packetfu (LoadError) from ./shank.rb:22:in

'

I was able to fix this running:

gem install --user-install packetfu

I then got the following error:

shank.rb:25:in require': no such file to load -- rest_client (LoadError) from shank.rb:25:in

'

To fix this I ran:

gem install --user-install rest-client

Now I receive the error:

/root/.gem/ruby/1.9.2/gems/packetfu-1.1.5/lib/packetfu/utils.rb:92:in whoami?': uninitialized constant PacketFu::Capture (NameError) from shank.rb:120:ininitialize'
from shank.rb:284:in new' from shank.rb:284:in

'

Looking at the shank code, line 120 calls PacketFu:
@packetfu_conf = PacketFu::Config.new(PacketFu::Utils.whoami?(:iface => @interface)).config

I'm no ruby expert so not sure where to go from here. Any other suggestions would be much appreciated.

Also I'm running shank.rb from within the Beef directory using the command 'ruby shank.rb 192.168.1.0/24'.

[mjoyce014]

So following owndizzle's instructions I did the following:

gem1.9.2 install --user-install packetfu
gem1.9.2 install --user-install rest-client

and finally** ruby1.9.2 shank.rb 192.168.1.0/24**

Which leaves me with the same error:

root@bt:~/shank#** ruby1.9.2 shank.rb 192.168.1.0/24**
/root/.gem/ruby/1.9.2/gems/packetfu-1.1.5/lib/packetfu/utils.rb:92:in whoami?': uninitialized constant PacketFu::Capture (NameError) from shank.rb:120:ininitialize'
from shank.rb:284:in new' from shank.rb:284:in

'

So I do
gem1.8 install --user-install packetfu
gem1.8 install --user-install rest-client
Then I attempt to execute:

ruby1.8 shank.rb 192.168.1.0/24
Which leaves me with this:

shank.rb:349: undefined (?...) sequence: /\A(?

HTTP/\d+.\d+ +200.Content-type: *text/html.?\r?\n\r?\n)(?.*)/

Now I know shank needs ruby1.9.x but I figured I would give it a shot

This command: gem1.9.2 which packetfu
yields this:

/root/.gem/ruby/1.9.2/gems/packetfu-1.1.5/lib/packetfu.rb

This command: ruby1.9.2 -rpp -e "pp $:"
yields this:
["/root/.gem/ruby/1.9.2/gems/bundler-1.1.5/bin",
"/root/.gem/ruby/1.9.2/gems/bundler-1.1.5/lib",
"/root/.gem/ruby/1.9.2/gems/xml-simple-1.1.1/lib",
"/root/.gem/ruby/1.9.2/gems/typhoeus-0.3.3/lib",
* "/root/.gem/ruby/1.9.2/gems/packetfu-1.1.5/lib",*
* "/root/.gem/ruby/1.9.2/gems/rest-client-1.6.7/bin",*
* "/root/.gem/ruby/1.9.2/gems/rest-client-1.6.7/lib",*
"/root/.gem/ruby/1.9.2/gems/watobo-0.9.8.724/bin",
"/root/.gem/ruby/1.9.2/gems/watobo-0.9.8.724/lib",
"/root/.gem/ruby/1.9.2/gems/mime-types-1.17.2/lib",
"/usr/local/lib/site_ruby/1.9.2",
"/usr/local/lib/site_ruby/1.9.2/i486-linux",
"/usr/local/lib/site_ruby",
"/usr/lib/ruby/vendor_ruby/1.9.2",
"/usr/lib/ruby/vendor_ruby/1.9.2/i486-linux",
"/usr/lib/ruby/vendor_ruby",
"/usr/lib/ruby/1.9.2",
"/usr/lib/ruby/1.9.2/i486-linux"]

So basically I am stuck at the same spot pwndizzle is. The gems are working, but for some reason the script isnt

[justfalter]

myjoyce014,

Packetfu's capture/injection capabilities are only made available if you also have pcaprub installed.

Try

gem1.9.2 install --user-install pcaprub

That should resolve the "uninitialized constant PacketFu::Capture" issue. Try that and let us know how it goes.

Mike

[mjoyce014]

Thank the lord it works!

root@bt:~/shank# ./shank.rb 192.168.0.1/23
poison
poison

poison
poison
poison
poison
poison
poison

root@bt:~/shank# ./autorun.rb

DEFAULT USER/PASSWORD: beef/beef

[11:03:55][] Browser Exploitation Framework (BeEF)
[11:03:55] | Version 0.4.3.6-alpha
[11:03:55] | Website http://beefproject.com
[11:03:55] | Run 'beef -h' for basic help.
[11:03:55] |_ Run 'git pull' to update to the latest revision.
[11:03:56][] Resetting the database for BeEF.
[11:03:56][] BeEF is loading. Wait a few seconds...
[11:03:57][] 8 extensions loaded:
[11:03:57] | Demos
[11:03:57] | Events
[11:03:57] | Autoloader
[11:03:57] | Admin UI
[11:03:57] | XSSRays
[11:03:57] | Proxy
[11:03:57] | Requester
[11:03:57] |_ Console
[11:03:57][] 114 modules enabled.
[11:03:57][] 2 network interfaces were detected.
[11:03:57][+] running on network interface: 127.0.0.1
[11:03:57] | Hook URL: http://127.0.0.1:3000/hook.js
[11:03:57] |_ UI URL: http://127.0.0.1:3000/ui/panel
[11:03:57][+] running on network interface: 192.168.1.71
[11:03:57] | Hook URL: http://192.168.1.71:3000/hook.js
[11:03:57] |_ UI URL: http://192.168.1.71:3000/ui/panel
[11:03:57][] RESTful API key: 3bd962a0bada47419f1df349f20c3a69312a53f3
[11:03:57][] HTTP Proxy: http://127.0.0.1:6789
[11:03:57][*] BeEF server started (press control+c to stop)

So, a little FYI for everyone on BT5

logged in as root type this:

gem1.9.2 install --user-install rest-client
gem1.9.2 install --user-install packetfu
gem1.9.2 install --user-install pcaprub

and it should work :)

Why not make a Gemfile.lock so bundle install can handle this crap?

[pwndizzle]

pcaprub was the missing piece of the puzzle.

It now works fine for me too, issue resolved.