Metasploit and the Pcaprub wrapper

Metasploit (i love you) is, it goes without saying, the penetration testing framework of choice of a wide spectrum of professionals (and script-kiddies).

One of the reasons is that everything works “out of the box”, kind of a plug and play evil hacker toolbox.

But playing with it in Backtrack I found that some of the dependencies are not installed, in particular the Pcap wrapper.

msf auxiliary(ipidseq) > run

[-] Auxiliary failed: RuntimeError Pcaprub is not available
[-] Call stack:
[-] (eval):65:in `run_host'
[-] /opt/metasploit3/msf3/lib/msf/core/auxiliary/scanner.rb:114:in `join'
[-] /opt/metasploit3/msf3/lib/msf/core/auxiliary/scanner.rb:114:in `run'
[*] Auxiliary module execution completed

This is really an annoyance if you take into account that several auxiliary modules make use of the Pcap library.

Fortunately, get this working is really easy, just locate the external/pcaprub directory under the framework root dir and compile/install this ruby module.

root@bt:/pentest/exploits/framework3/external/pcaprub# ls
LICENSE README extconf.rb pcaprub.c test_pcaprub.rb

ruby extconf.rb && make
checking for pcap_open_live() in -lpcap... yes
checking for pcap_setnonblock() in -lpcap... yes
creating Makefile
cc -I. -I. -I/usr/lib/ruby/1.8/i486-linux -I. -D_FILE_OFFSET_BITS=64 -fPIC -fno-strict-aliasing -g -g -O2 -fPIC -c pcaprub.c
cc -shared -o pcaprub.o -L. -L/usr/lib -L. -Wl,-Bsymbolic-functions -rdynamic -Wl,-export-dynamic -lruby1.8 -lpcap -lpcap -lpthread -ldl -lcrypt -lm -lc

root@bt:/pentest/exploits/framework3/external/pcaprub# make install
/usr/bin/install -c -m 0755 /usr/local/lib/site_ruby/1.8/i486-linux

And there you go! Keep exploiting! :)


5 thoughts on “Metasploit and the Pcaprub wrapper

  1. Weird, I am running BT5 and this does not fix the problem. BT5 defaults to use ruby 1.9.2 for some reason, while the metasploit included in it uses 1.8. So when you compile with the above method, you compile the pcaprub shared library and install it into the 1.9.2 path and msploit doesn’t find it still.

    Basically when using BT5 anyone reading should update their ruby using alternatives:

    # update-alternatives –config ruby
    When asked, I choose option 0 (ruby1.8 in auto mode). Then the above method works to fix metasploit.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s