April 2007 Archives

I see lots of people finding me with the search terms 'metasploit ubuntu', so I'll post here about getting Metasploit 3.0 working under Ubuntu - my machine is a 7.04 box, freshly installed and with few extra packages yet. First of all, no ruby yet, so
sudo apt-get install ruby

That was insufficient, however:

mpatters@pkdick:~/src/framework-3.0$ ./msfconsole
./lib/rex/socket/ssl_tcp_server.rb:4:in `require': no such file to load -- openssl (LoadError)
from ./lib/rex/socket/ssl_tcp_server.rb:4
from ./lib/rex/socket/comm/local.rb:5:in `require'
from ./lib/rex/socket/comm/local.rb:5
from ./lib/rex/socket.rb:22:in `require'
from ./lib/rex/socket.rb:22
from ./lib/rex.rb:71:in `require'
from ./lib/rex.rb:71
from ./msfconsole:10:in `require'
from ./msfconsole:10
mpatters@pkdick:~/src/framework-3.0$

So, it's missing some libraries. A quick perusal of 'apt-cache search ruby' tells me that maybe what I want is the libopenssl-ruby package. I'd also seen something in the README about libreadline, and I see a ruby package for that too, so:
sudo apt-get install libreadline-ruby libopenssl-ruby
(looks like those are in the universe repository).

mpatters@pkdick:~/src/framework-3.0$ ./msfconsole
[poorly-wrapped logo elided]

=[ msf v3.0
+ -- --=[ 176 exploits - 104 payloads
+ -- --=[ 17 encoders - 5 nops
=[ 30 aux

msf >

And that looks to be about that. If you want msfweb though:

mpatters@pkdick:~/src/framework-3.0$ ./msfweb

[*] Starting msfweb v3.0 on http://127.0.0.1:55555/

./script/../config/boot.rb:18:in `require': no such file to load -- rubygems (LoadError)
from ./script/../config/boot.rb:18
from ./script/server:2:in `require'
from ./script/server:2
from ./msfweb:82:in `load'
from ./msfweb:82
mpatters@pkdick:~/src/framework-3.0$

That looks to require an apt-get install of rubygems (also in universe). You will then need to issue
sudo gem install -v=1.2.2 rails
(as msfweb suggested when I tried it again). It will ask about rake, activesupport, activerecord, actionpack, actionmailer, and actionwebservice, so let it install all those. After that, msfweb works as expected - I fired up a web browser on localhost and pointed it at http://localhost:55555, as the output from msfweb suggested, and away I went.

No guarantees that this installs every single library you might possibly need, but it at least gets you up and running.

Note that all of this will likely depend on enabling the universe repository in Ubuntu. If you don't know how to do that and can't figure it out, I can't help you - you're unlikely to be able to work metasploit anyway, sorry.

Update: for msfgui, one also needs libglade2-ruby and libgtk2-ruby.

Why are you all apparently so concerned about proving which is more or less secure - Windows, MacOS, Linux - and why? Why are you not concerned with just Fixing The Fine Problems (or even just Finding The Fine Problems For Somebody Else To Fix)? Why are you all wasting so much energy on this stupid argument of definitions?

It doesn't *solve* anything, beyond maybe proving that somebody's, er, brain, is bigger than somebody else's. (And even then, that doesn't solve anything either, it just pisses people off.)

Why aren't you happy simply finding problems - on whatever platform you choose, using whichever platform you choose? Why do you care what the "MacOS zealots" think? Yes, people who say things like "MacOS is invulnerable!!eleventyone11" are stupid. So what? Take it from somebody who is apparently smarter and wiser than you are, if you go around caring what all the stupid people around you think, you'll spend so much energy on that caring that you'll soon find yourself running out of energy to do the rest. You won't convince the zealots, you'll just waste your time and come across looking like a dickhead to boot. Remember, never argue with an idiot: somebody watching may not be able to tell the difference.

###EORANT

I got tired of the mushy feel of the Apple Pro keyboards I've been using, particularly on my G5 workstation at work. I convinced our hardware guy to order a Unicomp USB keyboard for me, with sweet buckling spring love, and so far I'm reasonably happy.

It doesn't feel exactly like a Model M (I know, I have several of those, one in my office for PCs), and it doesn't have the weight (ditto), but it's close enough. First thing I did was use doublecommand to map alt to Command, and vice versa - I can change the keycaps, I suppose, but I don't actually look at the keyboard when I type anyway, which is why I needed to change the mappings.

We'll see how it holds up under extended use, but I feel happier already. The one boourns was it has no onboard USB port, so I had to get another USB extender cable to use with my Mighty Mouse, and now I have an extra cable from the keyboard on my desk. (Apple, why do you ship keyboard extension cables that have notches in them so all you can use in them is your keyboards? A friend suggested it was because they're not rated for USB 2.0, which makes sense, but it's still a pissoff.)

If you like Model M keyboards, but don't want to give up the extra keys on an Apple, I can so far recommend this keyboard.

I applied 2007-004 to my iMac (17" lampshade) at work, no problems. So this evening I decided to apply it to my Powerbook.

Does its thing, reboot, and... spinning circle. I realized after 10 minutes that my external USB hard drive was going nuts (the 60gb internal drive doesn't go as far as it did 3 years ago), so I disconnected that and waited another 5 minutes. Following a friend's advice, I booted in verbose mode (command-V) after a power cycle, but this time the login window came up fine.

Per same friend, after my first login I was unable to log out again, and my volume and brightness keys did not work. Holding down Option while clicking the Apple menu, then choosing Log out, did the trick. Log back in, and keys work just fine.

Thanks a lot, Apple. Great update. Hopefully it fixes the problems it's meant to be fixing.

Update: not *so* bad then. My wife's 12" iBook (last-gen) worked fine, although my friend's identical machine had same behaviour as mine. Another friend's 15" MacBook Pro worked fine, although it rebooted twice, and another friend with a second-gen 12" iBook reported no problems. Still. Very distressing.

OK, this is a "well, DUH" for any reader with any technical ability, I'm sure, but I don't care. I became addicted to foreach in tcsh, but a lot of machines I admin want to use bash as the default shell, so I figured I should learn that. Problem is, I never can remember the equivalent of "foreach i (`echo *`)" when I want to do things to lots of files in cwd at once. So, here's one way to do it, for my own reference:

list=`echo *`
for file in $list
do
do_stuff_to $file here
done

Update - I could do it like this too:
for file in `echo *`
as Somebody pointed out. Generally that's better, but sometimes I might like to reuse $list too. Depends on situation.

Just posted to argus-info, posting here for some google-fu for anybody else who might be lost (I'll follow up if I get responses).

I'm trying to run argus against some tcpdump traces I grab from my tun device (PPPoE) on my FreeBSD gateway. I'm reasonably certain I'm doing things correctly, as argus operates correctly if I use tcpdump traces captured from fxp0 (my internal network interface), but it dumps core when I use traces from tun0.

For instance, I'm trying:
tcpdump -i fxp0 -s0 -w /nsm/traces/fullout.lpc
(or -i tun0)

Then:
argus -r fullout.lpc -w $ARGUSHOME/fullout.argus
which dumps core if the trace was captured from tun0.

Am I doing something stupid (this is not meant to work), missing something (an option?), or have I found something wrong? I'm playing with a tunnel device at home, and I can work around it by just looking
at all network traffic instead of what goes through the tunnel, but I'd rather just see traffic that's actually bound for or coming from addresses external to my home network. I get similar failure modes
using both 2.0.6 (from the FreeBSD ports tree) and 3.0 rc42 (built from source).

I experimented on a different machine at work with a bridge instead of a tunnel, and it seems to work just fine (although argus 3.0 seems to choke on some tcpdump traffic that 2.0.6 is happy with, which seems to be a separate issue).

*** Update: Carter Bullard says it should never ever dump core. So hopefully the fix will be easy, and no, I did nothing wrong apparently. I think the FreeBSD port has some issues then though, because a few of the ra tools dumped core on me too, for the only sin of forgetting command line arguments, as far as I can tell.

Full name: Rob Schremp.

Aliases: Robbie, Robimus Prime, Lady's Man, The Saviour, Jesu Schrempo.

Claim to fame: fancy stickwork in shootouts and exhibition games; being able to drive a kayak in the middle of a hockey arena; an unfortunate MySpace photo.

History: one year with the Mississauga Icedogs, traded to the London Knights. Two trips to the Memorial Cup with one win, an OHL scoring championship. 384 OHL points. Two Oilers training camps, one demotion back to juniors and one to the AHL. So far he's scored 16-34-50 in 67 AHL games, and been a healthy scratch for a handful.

Recent quotes:

Asked if it hurt to see "guys like Jacques and Pouliot and Stortini and those type of guys" get callups ahead of him, or if it was frustrating -

Those guys are good buddies of mine so obviously, seeing them have the opportunity, you're kind of... you're proud of them and you're happy for them... it's not a 'oh I should be there' kind of thing . . . One thing I did learn this year is you have to earn your callups . . . I've been a little bit inconsistent this year, so I don't think I was - maybe I didn't deserve to be called up or whatever . . . now that I've spent the whole year here, grasping the game, I think it's more beneficial than maybe being called up at the beginning of the year or halfway through the year and kind of struggling a bit, you know . . . I knew it would be quite an adjustment [from junior to the AHL] . . . the biggest part is maybe figuring out what you're going to struggle with and figuring it out as soon as you can.

Asked what he's been working on this year with Kelly Buchberger and other Oilers coaches: "Consistency, being more reliable in the defensive zone, that would be the main thing. Consistency and coming back in your own end." So defensive zone work was the focus? "No, just... learning how to play the professional game, coming in every night and perform, not have nights off."

Just after his first NHL regular season game: "First period was really fast, just kind of figuring it out a bit, and after that I felt better."

He had a missed shot, two faceoff wins and a faceoff loss and was evens in 4:58 of first-period icetime; his final totals were 13:50 of icetime in 17 shifts, with 5:01 coming in the third period. 6/12 = 50% in the faceoff circle, although Todd White owned him. 2 shots on goal, apparently a missed chance, and evens. For comparison, his buddy Pouliot played 15:13 and his analog Joffrey Lupul played 13:37. Pouliot, of course, gets PK time as well as PP, and Lupul's kept in the pressbox when his team's killing penalties.

"I didn't feel like I was behind at all . . . I felt faster out there [compared to pre-season]. I was pretty nervous out there, it was good though, positive nervous energy . . . I thought I did ok."

Obviously MacTavish agreed, given the icetime Schremp saw, so he'll likely dress against Calgary tomorrow as well. Coach had this to say, in addition to calling the pace of his play "marginally improved":
game "marginally" improved. "Maybe he could get a bit more efficient in terms of helping out, retrieving the pucks and so forth, but You get the sense that when he does get the puck that he's going to make a play with it, especially through the neutral zone . . . I thought he played ok."

Hardly a stunning debut, but that goes both ways: sometimes the rookies are Sidney Crosby, and sometimes they're Alexandre Daigle, but usually they're Rob Schremp and Marc Pouliot. We'll see more of this young man, and I suspect he'll get similar treatment - 10-15 minutes of icetime - until he proves to have earned more - or less. He'll get some power play time (winger on the second unit, I suspect, and I'd be surprised if that's not how he was played last night) because he's got a history there, and won't see the ice on the PK except by mistake, I'm sure. He's not the saviour some HFBoarders would have us believe, he's not the evil "me first" kind of guy other Internet wags would say, he's just another 20-something with something to prove - and he'll get the chance to prove it.

(Image: tsn.ca.)