AppSecLive.org

Get the binaries for Ruby

I'm making this module for Metasploit3 so it will have more then the plain vanilla Ruby installed. Metasploit3 needs a lot of different modules so I decided to use some pre-made binaries from a distro to speed things up a bit.

• First I tried SLAX - not even a Ruby module
• Next I tried Slackware - had Ruby but not all the modules
• Ubuntu had all the modules (and that was the distro I was using while creating this so why not)

According to the Metasploit docs, you need several .deb packages to meet the requirements for Metasploit3. I've added to that list other modules I found missing after creating the first of several Ruby modules and testing them against Metasploit3's svn trunk.

Another nice thing is that aptitude (a Debian package management tool) includes a download only command. Here's what you need to get all the .deb packages for Metasploit3:

 $ mkdir temp/ruby4metasploit
 $ cd temp/ruby4metasploit
 $ aptitude download ruby libruby rdoc libyaml-ruby libzlib-ruby libopenssl-ruby libdl-ruby libreadline-ruby libiconv-ruby rubygems libgtk2-ruby 
 libglade2-ruby ruby1.8 libruby1.8 rdoc libopenssl-ruby1.8 libreadline-ruby1.8 libgtk2-ruby1.8 libglade2-ruby1.8 libpango1-ruby libpango1-ruby1.8
 libglib2-ruby libglib2-ruby1.8 libgdk-pixbuf2-ruby libgdk-pixbuf2-ruby1.8 libatk1-ruby libatk1-ruby1.8

Combine the binary packages in a single directory

Since we're doing this from many binaries, we'll need to make individual .lzm modules from the .deb files then combine all the .lzm modules into a single module. You could do this one at a time doing the following for each .deb package

1. ./deb2lzm package-1.deb package-1.lzm
2. ./lzm2dir package-1.lzm fakeroot/

And replete this for every package. You'd end up will your fakeroot directory filled with the combined contents of all those .lzm modules. An easier way to do this is with a bit of shell scripting:

 $ for i in `ls -1 temp/ruby4metasploit/*.deb`
> do
> ./deb2lzm $i $i.lzm
> ./lzm2dir $i.lzm fakeroot/
> done

Or you can do it as a 1 liner:

for i in `ls -1 temp/ruby4metasploit/*.deb`; do ./deb2lzm $i $i.lzm; ./lzm2dir $i.lzm fakeroot/; done

When you get done, you'll have the contents of all those packages combined in fakeroot and you'll have the individual .deb and .lzm packages in ./temp/ruby4metasploit/. Beauty!

Create a module from the Slackware package

This is the easy part.

 # ./dir2lzm fakeroot/ ruby-1.8.1-p111.lzm

Test the new modules

SLAX will allow you to add modules to a running system. Before going on, you should install the module and make sure it works like expected. Check out the page Add modules to a running system [PAGE NOT MADE] to see how to do this. Since I had to do a make install before I created the module, I used a freshly booted Live CD to test the module. Verify that Ruby works as expected:

#  ruby --version
ruby 1.8.6 (2007-09-24 patchlevel 111) [x86_64-linux]

If everything goes as expected, you'll need to add this module to the ISO image.

Add the modules to the ISO build directory

Also cake

 $ cp -i ruby-1.8.1-p111.lzm ../contents/slax/base/
 $ chmod 775 ../contents/slax/base/ruby-1.8.1-p111.lzm

This assumes your Ruby module was moved into your working directory. See Creating the base Live CD from SLAX (Create a Working Directory section)

Clean up and archive

Once you've got a working module, lets clean up a bit.

 $ $ mkdir ./completed_modules/ruby
 $ mv ruby-1.8.1-p111.lzm ./completed_modules/ruby/
 $ mv temp/ruby4metasploit./completed_modules/ruby/
 $ rm -rf ./temp/*