Review therubyracer gem

[bcoles]

Review the use of therubyracer gem. This gem is required to use the v8 JavaScript engine on Linux.

The latest version breaks BeEF on Kali Rolling, but not Kali 1.6.

Using an outdated version of the gem reportedly breaks BeEF on other systems.

At the moment, the gem is only installed if the system is Linux.

The use of this gem needs to be reviewed. This may require replacing the gem with something else.

Given that BeEF no longer supports Windows, and requires nodejs for the autorun rule engine, the libv8 gem may be a viable alternative.

[bcoles]

Related:

• This is needed for BeEF to work on Ubuntu Trusty 64bit ruby-1.9.3-p448 (... #1045
• beef crashes after recent update #1046
• Beef doesn't run in Kali Rolling [18-03-2016] #1249
• The Gemfile specifies an absolutely ancient version of therubyracer #1374
• Beef starting error, possibly not beef but rvm/ruby related... #1377
• Problem runing ./beef on kali linux rolling #1395
• Beef not running : After All gem file the rubyracer #1396
• beef depends on a currently broken module #1428
• fix gemfile; closes #1428 #1429
• There was an error while trying to load the gem 'uglifier' #1433
• There was an error while trying to load the gem 'uglifier' #1502
• There was an error while trying to load the gem 'uglifier' #1504
• beef does not start #1540
• beef do not work property #1545
• cant start beef #1547

[ignisf]

Hello, consider https://github.com/discourse/mini_racer, too

[bcoles]

Bump

[bcoles]

• Kali 2018
  • therubyracer 1.12.2 SUCCESS
  • therubyracer 1.12.3 FAIL
• Fedora 27
  • therubyracer 1.12.2 FAIL
  • therubyracer 1.12.3 SUCCESS
• Parrot Security 3.11
  • therubyracer 1.12.2 SUCCESS
  • therubyracer 1.12.3 FAIL
• Kali 1.0.6
  • therubyracer 1.12.2 SUCCESS
  • therubyracer 1.12.3 SUCCESS
• Linux Mint 18
  • therubyracer 1.12.2 SUCCESS
  • therubyracer 1.12.3 SUCCESS

[RegH3x]

I get a segmentation Fault on a raspberri pi with debian image:

Linux raspberrypi 4.14.30-v7 Debian 9.4.

This is caused by gem therubyracer. I tried with therubyracer 0.12.2 and 0.12.3. Tried with latest libv8 armv7 available (libv8-3.16.14.19-armv7l-linux) but nothing works. I am not able to start beef in this environment.

 /var/lib/gems/2.3.0/gems/therubyracer-0.12.2/lib/v8/function.rb:13: [BUG] Segmentation fault at 0x22be34
ruby 2.3.3p222 (2016-11-21) [arm-linux-gnueabihf]

/var/lib/gems/2.3.0/gems/therubyracer-0.12.2/lib/v8/function.rb:13: [BUG] Segmentation fault at 0x22be34
ruby 2.3.3p222 (2016-11-21) [arm-linux-gnueabihf]

-- Control frame information -----------------------------------------------
c:0034 p:---- s:0162 e:000161 CFUNC  :Call
c:0033 p:0027 s:0157 e:000156 BLOCK  /var/lib/gems/2.3.0/gems/therubyracer-0.12.2/lib/v8/function.rb:13
c:0032 p:0006 s:0155 e:000154 BLOCK  /var/lib/gems/2.3.0/gems/therubyracer-0.12.2/lib/v8/error.rb:84 [FINISH]
c:0031 p:---- s:0151 e:000150 CFUNC  :TryCatch
c:0030 p:0017 s:0148 E:000040 METHOD /var/lib/gems/2.3.0/gems/therubyracer-0.12.2/lib/v8/error.rb:83
c:0029 p:0033 s:0145 E:000018 BLOCK  /var/lib/gems/2.3.0/gems/therubyracer-0.12.2/lib/v8/function.rb:13
c:0028 p:0028 s:0142 e:000141 METHOD /var/lib/gems/2.3.0/gems/therubyracer-0.12.2/lib/v8/context.rb:206
c:0027 p:0011 s:0138 E:0026d8 METHOD /var/lib/gems/2.3.0/gems/therubyracer-0.12.2/lib/v8/function.rb:11
c:0026 p:0021 s:0133 e:000132 BLOCK  /var/lib/gems/2.3.0/gems/therubyracer-0.12.2/lib/v8/function.rb:19
c:0025 p:0023 s:0131 e:000130 BLOCK  /var/lib/gems/2.3.0/gems/therubyracer-0.12.2/lib/v8/context.rb:248 [FINISH]
c:0024 p:---- s:0129 e:000128 CFUNC  :HandleScope
c:0023 p:0017 s:0126 E:002568 BLOCK  /var/lib/gems/2.3.0/gems/therubyracer-0.12.2/lib/v8/context.rb:245 [FINISH]
c:0022 p:---- s:0124 e:000123 CFUNC  :Locker
c:0021 p:0045 s:0121 E:00253c METHOD /var/lib/gems/2.3.0/gems/therubyracer-0.12.2/lib/v8/context.rb:244
c:0020 p:0022 s:0117 e:000116 METHOD /var/lib/gems/2.3.0/gems/therubyracer-0.12.2/lib/v8/context.rb:204
c:0019 p:0011 s:0113 E:002514 METHOD /var/lib/gems/2.3.0/gems/therubyracer-0.12.2/lib/v8/function.rb:18
c:0018 p:0022 s:0109 e:000107 BLOCK  /var/lib/gems/2.3.0/gems/execjs-2.7.0/lib/execjs/ruby_racer_runtime.rb:45
c:0017 p:0008 s:0105 e:000104 BLOCK  /var/lib/gems/2.3.0/gems/execjs-2.7.0/lib/execjs/ruby_racer_runtime.rb:75 [FINISH]
c:0016 p:---- s:0102 e:000101 CFUNC  :Locker
c:0015 p:0025 s:0099 E:000ae8 METHOD /var/lib/gems/2.3.0/gems/execjs-2.7.0/lib/execjs/ruby_racer_runtime.rb:73
c:0014 p:0009 s:0094 E:000ab8 METHOD /var/lib/gems/2.3.0/gems/execjs-2.7.0/lib/execjs/ruby_racer_runtime.rb:43
c:0013 p:0085 s:0089 e:000087 METHOD /var/lib/gems/2.3.0/gems/uglifier-4.1.10/lib/uglifier.rb:216
c:0012 p:0084 s:0080 e:000079 METHOD /var/lib/gems/2.3.0/gems/uglifier-4.1.10/lib/uglifier.rb:168
c:0011 p:0019 s:0072 e:000071 METHOD /var/lib/gems/2.3.0/gems/uglifier-4.1.10/lib/uglifier.rb:132
c:0010 p:0045 s:0067 e:000066 METHOD /home/user/beef/extensions/admin_ui/api/handler.rb:22
c:0009 p:0198 s:0057 e:000056 METHOD /home/user/beef/extensions/admin_ui/api/handler.rb:54
c:0008 p:0201 s:0042 e:000041 METHOD /home/user/beef/extensions/admin_ui/api/handler.rb:96 [FINISH]
c:0007 p:---- s:0035 e:000034 CFUNC  :call
c:0006 p:0025 s:0031 e:000030 BLOCK  /home/user/beef/core/api.rb:154 [FINISH]
c:0005 p:---- s:0026 e:000025 CFUNC  :each
c:0004 p:0086 s:0023 e:000022 METHOD /home/user/beef/core/api.rb:150
c:0003 p:0093 s:0014 e:000013 METHOD /home/user/beef/core/main/server.rb:88
c:0002 p:0922 s:0010 E:000bd8 EVAL   ./beef:155 [FINISH]
c:0001 p:0000 s:0002 E:000aa0 (none) [FINISH]
-- Ruby level backtrace information ----------------------------------------
./beef:155:in `<main>'
.....

[bcoles]

Thanks @RegH3x .

Unfortunately your issue is likely related to therubyracer. I believe someone did get BeEF working on a Raspberry Pi many years ago. You could try rolling back to a 0.11.x version. You'll probably need to roll back the version of uglifier too.

Apart from that, you're probably on your own.

[RegH3x]

@bcoles You show me the way! I had to rollback until beef 4.5.0 to make it work.

This is how to go in case you are on raspberri and having issue with 'therubyracer':

Install Beef 0.4.5.0 and change line on 'eventmachine' to match latest updated version.
'therubyracer' should be the latest 0.12.3

$ wget https://github.com/beefproject/beef/archive/beef-0.4.5.0.tar.gz && tar xvf beef-0.4.5.0.tar.gz && cat beef-beef-0.4.5.0/Gemfile | egrep 'rubyracer|eventmachine'

$ cd beef-beef-0.4.5.0
$ vi Gemfile
	gem "eventmachine", "1.2.5"

$ bundle update
$ bundle install

$ ./beef

In this case uglifier is at version 2.2.1.
Thanks @bcoles .

[bcoles]

@RegH3x I'm glad you got it working. However, that version of BeEF is very old. It won't identify modern browsers. It will still hook them, but identifying the correct browser and version is kind of important for a lot of functionality.

[bcoles]

It appears latest Kali 2018 and Parrot both support Ruby 2.5 and therubyracer 1.12.3. This is nice, however therubyracer should still be reviewed, as 1.12.3 is still ancient.

[skapyth]

Downgrading (and not upgrading) the "therubyracer" from 1.12.3 to 1.12.2 within Gemfile, worked for me in Kali Rolling with ruby 2.3.3

[bcoles]

@skapyth sounds about right. This is why the use of this gem needs to be reviewed. It's a mess. Strange that you're using Ruby 2.3 though. Kali ships with Ruby 2.5.1.

[bcoles]

Bump

[ignisf]

OK, as far as I can see, beef only needs therubyracer to provide a JS runtime for execjs. Why don't you just remove it and rely on the nodejs runtime (just having nodejs installed on the system is sufficient for execjs to automagically use it)?

[ignisf]

Strange that you're using Ruby 2.3 though. Kali ships with Ruby 2.5.1.

The gemfile is locked to Ruby 2.3

[bcoles]

@ignisf the .ruby-version is locked to 2.3.0, but that shouldn't make a difference as Kali does not ship with Ruby 2.3.