AppSecLive.org

Get the Source for sqlninja

Go to the sqlninja website and find the link to the Sourceforge repository. Get the most recent release which at this time is sqlninja-0.2.3-r1.tgz

Create the needed directories in fakeroot

Eventually, we'll use dir2lzm to make the module, so lets get the directories created that we need:

 # mkdir -p ./fakeroot/opt/owasp/
 # mkdir -p ./fakeroot/usr/bin
 # mkdir -p ./fakeroot/usr/share/applications
 # mkdir -p ./fakeroot/usr/share/pixmaps

Create and put the module's files into the fakeroot directory

Since we are getting Perl code which is interpreted, lets get the application file where it needs to go.

 # tar -xzvf sqlninja-0.2.3-r1.tgz -C fakeroot/opt/owasp/
 # mv fakeroot/opt/owasp/sqlninja-0.2.3-r1/ fakeroot/opt/owasp/sqlninja

Lets make sure we've got the necessary Perl modules for sqlninja by running it from its temporary location:

 # cd fakeroot/opt/owasp/sqlninja/
 # # ./sqlninja 

Seems that some module is missing...:
Can't locate Net/Pcap.pm in @INC (@INC contains: /usr/lib/perl5/5.8.8/i486-
linux-thread-multi /usr/lib/perl5/5.8.8 /usr/lib/perl5/site_perl/5.8.8/i486-
linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl 
/usr/lib/perl5/vendor_perl/5.8.8/i486-linux-thread-multi /usr/lib/perl5/vendor
_perl/5.8.8 /usr/lib/perl5/vendor_perl .) at (eval 5) line 2.

BEGIN failed--compilation aborted at (eval 5) line 2.

Yup. We're missing some modules. Lets fire up CPAN:

 # find / > /root/pre-cpan
 # perl -MCPAN -e shell
    [snip]
cpan> install Net::Packet
Running install for module Net::Packet
    [snip]
---- Unsatisfied dependencies detected during [G/GO/GOMOR/Net-Packet-
3.26.tar.gz] -----
    Bit::Vector
    Socket6
    Net::IPv6Addr
    Net::Write
    Class::Gomor
    Net::Pcap
    Net::Libdnet
Shall I follow them and prepend them to the queue
of modules we are processing right now? [yes] yes
    [snip]
---- Unsatisfied dependencies detected during [S/ST/STBEY/Bit-Vector-
6.4.tar.gz] -----
    Carp::Clan
Shall I follow them and prepend them to the queue
of modules we are processing right now? [yes] yes
    [snip]
---- Unsatisfied dependencies detected during [J/JJ/JJORE/Carp-Clan-6.00.tar.gz] -----
    Test::Exception
Shall I follow them and prepend them to the queue
of modules we are processing right now? [yes] yes
    [snip]
---- Unsatisfied dependencies detected during [A/AD/ADIE/Test-Exception-
0.27.tar.gz] -----
    Test::More
    Test::Builder
    Sub::Uplevel
    Test::Simple
    Test::Builder::Tester
Shall I follow them and prepend them to the queue
of modules we are processing right now? [yes] yes
    [snip]
---- Unsatisfied dependencies detected during [T/TM/TMONROE/Net-IPv6Addr-
0.2.tar.gz] -----
    Math::Base85
    Net::IPv4Addr
Shall I follow them and prepend them to the queue
of modules we are processing right now? [yes] yes
    [snip]
---- Unsatisfied dependencies detected during [G/GO/GOMOR/Net-Write-
1.04.tar.gz] -----
    Class::Gomor
    Net::Pcap
Shall I follow them and prepend them to the queue
of modules we are processing right now? [yes] yes
    [snip]
make: *** [test_dynamic] Error 2
  /usr/bin/make test -- NOT OK
Running make install
  make test had returned bad status, won't install without force
cpan> quit
Lockfile removed.

Crap. Looks like its failing at Net::Libdnet. Looking at the readme for that module, I see this:

This module depends on libdnet (http://libdnet.sourceforge.net/). Some 
complementary facilities are provided by libpcap and the Net::Pcap Perl 
module.

Time to get libdnet from its site. Lets grab that and go:

 # cd ~
 # mkdir build
 # cd build
 # wget http://prdownloads.sourceforge.net/libdnet/libdnet-1.11.tar.gz?download
--2009-05-03 16:44:27--  http://prdownloads.sourceforge.net/libdnet/libdnet-1.11.tar.gz?download
Resolving prdownloads.sourceforge.net... 216.34.181.59
    [snip]
 # wget http://libdnet.sourceforge.net/dnet_md5.txt
--2009-05-03 16:45:20--  http://libdnet.sourceforge.net/dnet_md5.txt
Resolving libdnet.sourceforge.net... 216.34.181.96
    [snip]
 # md5sum libdnet-1.11.tar.gz >> dnet_md5.txt
 # vi dnet_md5.txt
    [verify md5 sums match up]
 # tar -xzf libdnet-1.11.tar.gz
 # cd libdnet-1.11
 # ./configure
    [snip]
 # make
    [snip]
 # make install

That installed OK. Lets see if CPAN is happy now.

 # cd /root/fakeroot/opt/owasp/sqlninja
 # perl -MCPAN -e shell
    [snip]
cpan> install Net::Packet
Running install for module Net::Packet
    [snip]
---- Unsatisfied dependencies detected during [G/GO/GOMOR/Net-Packet-3.26.tar.gz] -----
    Net::Write
    Net::Pcap
    Net::Libdnet
Shall I follow them and prepend them to the queue
of modules we are processing right now? [yes] yes
    [snip]
---- Unsatisfied dependencies detected during [G/GO/GOMOR/Net-Write-
1.04.tar.gz] -----
    Net::Pcap
Shall I follow them and prepend them to the queue
of modules we are processing right now? [yes] yes
    [snip]
Failed 2/31 test scripts, 93.55% okay. 2/31 subtests failed, 93.55% okay.
make: *** [test_dynamic] Error 255
  /usr/bin/make test -- NOT OK
Running make install
  make test had returned bad status, won't install without force

 cpan> force install Net::Pcap
    [snip]
Pcap.c:2107: warning: passing argument 2 of 'Perl_newXS' discards qualifiers from pointer target type
make: *** [Pcap.o] Error 1
  /usr/bin/make  -- NOT OK
Running make test
  Can't test without successful make
Running make install
  make had returned bad status, install seems impossible

cpan> quit

And here's where I stopped. Unfortunately, I've got to get the release done tonight to get the iso to the duplicator in time for AppSec EU 2009 so this guy isn't going to make it. Sorry.