Author Topic: WPScan and Gem Nokogiri [SOLVED]  (Read 12567 times)

drego85

  • Global Moderator
  • Full Member
  • *****
  • Posts: 128
    • View Profile
    • Andrea Draghetti
on: December 13, 2013, 03:03:15 PM
Hi Guys,
I'll tell you my story with WPScan and Nokogiri, I hope we can find a solution. :)

By starting WPScan gave me this error:

Quote
drego85@bb-machine:/~$ sudo wpscan
sh: 0: getcwd() failed: No such file or directory

[!] Warning: This tool is located in /opt/backbox/wpscan
Remember to give the full absolute path when specifying a file

wpscan.rb:154: odd number list for Hash
      show_progression: true,
                       ^
wpscan.rb:154: syntax error, unexpected ':', expecting '}'
      show_progression: true,
                       ^
wpscan.rb:154: Can't assign to true
wpscan.rb:155: syntax error, unexpected ':', expecting '='
      exclude_content:  wpscan_options.exclude_content_based
                      ^
wpscan.rb:156: syntax error, unexpected '}', expecting kEND
wpscan.rb:191: syntax error, unexpected ':', expecting ')'
          file: wpscan_options.enumerate_all_...
               ^
wpscan.rb:191: syntax error, unexpected ',', expecting kEND
wpscan.rb:193: syntax error, unexpected ')', expecting kEND
wpscan.rb:213: syntax error, unexpected ':', expecting ')'
          file: wpscan_options.enumerate_all_...
               ^
wpscan.rb:213: syntax error, unexpected ',', expecting kEND
wpscan.rb:215: syntax error, unexpected ')', expecting kEND
wpscan.rb:234: syntax error, unexpected ':', expecting ')'
          file: DATA_DIR + '/timthumbs.txt',
               ^
wpscan.rb:234: syntax error, unexpected ',', expecting kEND
wpscan.rb:236: syntax error, unexpected ')', expecting kEND
wpscan.rb:259: syntax error, unexpected ':', expecting ')'
          range: wpscan_options.enumerate_usernames_range,
                ^
wpscan.rb:260: syntax error, unexpected ':', expecting '='
          show_progression: false
                           ^
wpscan.rb:274: syntax error, unexpected ':', expecting ')'
        wp_users.output(margin_left: ' ' * 4)
                                    ^
wpscan.rb:274: syntax error, unexpected ')', expecting kEND
wpscan.rb:279: syntax error, unexpected ':', expecting ')'
...User.new(wp_target.uri, login: wpscan_options.username)
                              ^
wpscan.rb:279: syntax error, unexpected ')', expecting kEND
wpscan.rb:300: syntax error, unexpected ':', expecting ')'
                             show_progression: true,
                                              ^
wpscan.rb:300: Can't assign to true
wpscan.rb:301: syntax error, unexpected ':', expecting '='
                             verbose: wpscan_options.verbose)
                                     ^
wpscan.rb:301: syntax error, unexpected ')', expecting kEND
wpscan.rb:303: syntax error, unexpected ':', expecting ')'
        wp_users.output(show_password: true, margin_left: ' ' * 2)
                                      ^
wpscan.rb:303: Can't assign to true
        wp_users.output(show_password: true, margin_left: ' ' * 2)
                                            ^
wpscan.rb:303: syntax error, unexpected ':', expecting '='
        wp_users.output(show_password: true, margin_left: ' ' * 2)
                                                         ^
wpscan.rb:303: syntax error, unexpected ')', expecting kEND
wpscan.rb:315: syntax error, unexpected kRESCUE, expecting kEND
  rescue => e
        ^
wpscan.rb:327: syntax error, unexpected $end, expecting kEND

Now I have try to reinstall WPScan:

Quote
sudo apt-get install wpscan --reinstall

and it gave me error:

Quote
Lettura elenco dei pacchetti... Fatto
Generazione albero delle dipendenze      
Lettura informazioni sullo stato... Fatto
I seguenti pacchetti NUOVI saranno installati:
  wpscan
0 aggiornati, 1 installati, 0 da rimuovere e 0 non aggiornati.
È necessario scaricare 0 B/4940 kB di archivi.
Dopo quest'operazione, verranno occupati 5007 kB di spazio su disco.
Selezionato il pacchetto wpscan non precedentemente selezionato.
(Lettura del database... 263096 file e directory attualmente installati.)
Estrazione di wpscan (da .../wpscan_2.1-0backbox5_all.deb)...
Elaborazione dei trigger per desktop-file-utils...
Configurazione di wpscan (2.1-0backbox5)...
Extracting wpscan...
Installing Ruby Gems...
Fetching gem metadata from https://rubygems.org/.........
Fetching gem metadata from https://rubygems.org/..
Resolving dependencies...
Using addressable (2.3.5)
Using safe_yaml (0.9.7)
Using crack (0.4.1)
Using diff-lcs (1.2.5)
Using docile (1.1.1)
Using ffi (1.3.1)
Using mime-types (1.25.1)
Using ethon (0.5.10)
Using json (1.8.1)
Using mini_portile (0.5.2)
Using multi_json (1.8.2)
Installing nokogiri (1.6.0)
Gem::InstallError: nokogiri requires Ruby version >= 1.9.2.
An error occurred while installing nokogiri (1.6.0), and Bundler cannot
continue.
Make sure that `gem install nokogiri -v '1.6.0'` succeeds before bundling.
dpkg: errore nell'elaborare wpscan (--configure):
 il sottoprocesso vecchio script di post-installation ha restituito lo stato di errore 5
Si sono verificati degli errori nell'elaborazione:
 wpscan
E: Sub-process /usr/bin/dpkg returned an error code (1)

Ok, I have also tried:

Quote
sudo apt-get remove wpscan && sudo apt-get autoremove && sudo apt-get autoclean && sudo reboot

When the system is rebooted I installed WPScan, but it gave me the same error as before.

I think ...Should I install a newer version of Ruby!

The command "rvm list" reminds me that I have installed Ruby 1.8, and not the version 1.9.2 request.

Ok, I decided to install the latest version of Ruby!


Quote
sudo apt-get update
sudo apt-get install git make libcurl4-openssl-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
sudo apt-get install curl

\curl -sSL https://get.rvm.io | bash -s stable --ruby

source ~/.rvm/scripts/rvm

rvm autolibs enable
rvm requirements
rvm list
rvm --default use 2.0.0

Ok,
Now everything must go!


Quote
sudo apt-get install wpscan

.... .... ....

Quote
Gem::InstallError: nokogiri requires Ruby version >= 1.9.2.
An error occurred while installing nokogiri (1.6.0), and Bundler cannot
continue.
Make sure that `gem install nokogiri -v '1.6.0'` succeeds before bundling.

IS NOT POSSIBLE!  :o :o

Ok,
I can try install WPScan by GIT Repository in my HOME folder (It is bold, there is a reason)!

Quote
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test development

Beautiful, work everything!

But...

I can try install WPScan by GIT Repository in original folder /opt/backbox/wpscan:

Quote
cd /opt/backbox/
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test development

Disaster:

Quote
Installing nokogiri (1.6.0)
Gem::InstallError: nokogiri requires Ruby version >= 1.9.2.
An error occurred while installing nokogiri (1.6.0), and Bundler cannot
continue.
Make sure that `gem install nokogiri -v '1.6.0'` succeeds before bundling.
dpkg: errore nell'elaborare wpscan (--configure):
 il sottoprocesso vecchio script di post-installation ha restituito lo stato di errore 5
Si sono verificati degli errori nell'elaborazione:
 wpscan
E: Sub-process /usr/bin/dpkg returned an error code (1)

Why if I installed in the "original” folder Nokogiri goes wrong but if I install it in my home everything is fine?

Andrea

PS Sorry for my English...
« Last Edit: December 16, 2013, 10:15:20 AM by raffaele »

Andrea Draghetti
Personal Blog


weVeg

  • Hero Member
  • *****
  • Posts: 737
    • View Profile
Reply #1 on: December 13, 2013, 03:18:47 PM
Hi, have you checked that: "Make sure that `gem install nokogiri -v '1.6.0'` succeeds before bundling." ??
Other I don't know! I don't have this trouble, all works fine!
m2c

una voce libera è sempre liberatrice
under_r00t


drego85

  • Global Moderator
  • Full Member
  • *****
  • Posts: 128
    • View Profile
    • Andrea Draghetti
Reply #2 on: December 13, 2013, 04:40:54 PM
Hi, have you checked that: "Make sure that `gem install nokogiri -v '1.6.0'` succeeds before bundling." ??
Other I don't know! I don't have this trouble, all works fine!
m2c

Oh yeah, sorry I forgot, of course I checked! Nokogiri is installed!

Andrea Draghetti
Personal Blog


weVeg

  • Hero Member
  • *****
  • Posts: 737
    • View Profile
Reply #3 on: December 13, 2013, 07:08:57 PM
Oh yeah, sorry I forgot, of course I checked! Nokogiri is installed!
I was sure that you did it, but you know, sometimes happen to forget simple step =)
Bye!

una voce libera è sempre liberatrice
under_r00t


TH3CR4CK3R

  • Newbie
  • *
  • Posts: 13
    • View Profile
Reply #4 on: December 14, 2013, 06:05:06 AM
I have had this issue before. It seems to come from installing newer versions of ruby. The way I was able to "temp" fix it was to delete /usr/bin/ruby1.8   and  /usr/bin/ruby   ,, and replace them with soft links to /usr/bin/ruby1.9.1

then gems would install without issues for all tools.



ZEROF

  • Hero Member
  • *****
  • Posts: 1247
    • View Profile
    • Pen Tester
Reply #5 on: December 14, 2013, 06:34:59 PM
Hi all,

Wpscan was update in our repo, now all looks fine. Test it ;).


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*


raffaele

  • Administrator
  • Hero Member
  • *****
  • Posts: 507
    • View Profile
    • My Blog
Reply #6 on: December 14, 2013, 07:44:56 PM
In BackBox 3.x ruby1.8 is not necessary! Please remove it:

Code: [Select]
sudo apt-get purge ruby1.8

raffaele@backbox:~$ Get root or die tryin'


drego85

  • Global Moderator
  • Full Member
  • *****
  • Posts: 128
    • View Profile
    • Andrea Draghetti
Reply #7 on: December 16, 2013, 08:45:07 AM
Hi all,

Wpscan was update in our repo, now all looks fine. Test it ;).

Great job guys,
now work everything!

Quote
Configurazione di wpscan (2.2+git20131214-0backbox1)...
Installing Ruby Gems...
Fetching gem metadata from https://rubygems.org/.........
Fetching gem metadata from https://rubygems.org/..
Resolving dependencies...
Using ffi (1.9.3)
Using mime-types (1.25.1)
Using ethon (0.6.1)
Using json (1.8.1)
Using mini_portile (0.5.2)
Using nokogiri (1.6.1)
Using ruby-progressbar (1.3.2)
Using terminal-table (1.4.5)
Using typhoeus (0.6.6)
Using bundler (1.3.5)
Your bundle is complete!
Gems in the group test were not installed.
Use `bundle show [gemname]` to see where a bundled gem is installed.

Andrea Draghetti
Personal Blog