A quick post to share with you my feedback about an issue I faced after a SET (“Social Engineering Toolkit“) upgrade to the latest version (5.0.3). SET is a wonderful tool that you must master. Â I’m using SET on a EC2 instance because it does not interfere with my other IP addresses and I can enable all ports without any issue (nothing else is running on this instance). Note that Amazon has a specific policy to make pentesting from their infrastructure, have a look here).
My current environment is:
- Ubuntu 12.04-LST (fully patched)
- SET 5.0.2 (installed from the git repository)
- Metasploit 4.6
After the SET upgrade, I faced the following error when launching Metasploit from SET (full error dumped to allow the Google crawler to do its job)
set:phishing> Setup a listener [yes|no]:yes /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `fastlib_original_require': no such file to load -- active_support/concern (LoadError) from /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `require' from /opt/metasploit/apps/pro/msf3/lib/msf/core/module_manager/cache.rb:4 from /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `fastlib_original_require' from /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `require' from /opt/metasploit/apps/pro/msf3/lib/msf/core/module_manager.rb:27 from /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `fastlib_original_require' from /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `require' from /opt/metasploit/apps/pro/msf3/lib/msf/core/framework.rb:66 from /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `fastlib_original_require' from /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `require' from /opt/metasploit/apps/pro/msf3/lib/msf/core.rb:34 from /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `fastlib_original_require' from /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `require' from /opt/metasploit/apps/pro/msf3/lib/msf/ui/console/driver.rb:2 from /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `fastlib_original_require' from /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `require' from /opt/metasploit/apps/pro/msf3/lib/msf/ui/console.rb:11 from /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `fastlib_original_require' from /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `require' from /opt/metasploit/apps/pro/msf3/lib/msf/ui.rb:11 from /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `fastlib_original_require' from /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `require' from /opt/metasploit/apps/pro/msf3//msfconsole:136
Metasploit was running fine when started manually from the command line. Google found a thread on a forum about the same kind of problem. The suggestion was to setup the right environment for Metasploit using the setenv.sh script. Note: Be sure to execute the script using ‘source‘ otherwise a new shell will be spawned and closed immediately without changing your environment:
# source /opt/metasploit/scripts/setenv.sh
# se-toolkit
Same issue, I tried to load ‘active_support/concern’ manually, it worked:
# ruby
require('active_support/concern')
^D
#
Finally, I upgraded the installed Ruby gems with the following command:
#Â gem update `gem list | cut -d ' ' -f 1`
And the problem was solved! Don’t ask me why, I did not dive into the code and I’m not a Ruby guru it worked for me. If you are facing the same problem, think about upgrading your Gems. Just sharing…
Here is my list of installed Gems:
# gem list *** LOCAL GEMS *** actionmailer (3.2.13, 3.2.11) actionpack (3.2.13, 3.2.11) activemodel (3.2.13, 3.2.11) activerecord (3.2.13, 3.2.11) activeresource (3.2.13, 3.2.11) activesupport (3.2.13, 3.2.11) acts_as_list (0.2.0, 0.1.5) arel (4.0.0, 3.0.2) authlogic (3.3.0, 3.1.0) bigdecimal (1.1.0) bson (1.8.5, 1.6.4) bson_ext (1.6.1) builder (3.2.0, 3.0.4) bundler (1.3.5, 1.1.2) carrierwave (0.8.0, 0.7.0) chunky_png (1.2.8, 1.2.6) coderay (1.0.9, 1.0.8) compass (0.12.2) daemons (1.1.9, 1.1.8) erubis (2.7.0) eventmachine (0.12.10) formtastic (2.2.1, 2.1.1) fssm (0.2.10, 0.2.9) hike (1.2.2, 1.2.1) i18n (0.6.4, 0.6.1) ice_cube (0.10.0, 0.9.1) io-console (0.3) journey (1.0.4) jquery-rails (2.2.1, 2.1.3) json (1.7.7, 1.6.6, 1.6.5, 1.5.4) kaminari (0.14.1, 0.14.0) libv8 (3.16.14.1, 3.11.8.17 x86_64-linux, 3.3.10.4 x86_64-linux) liquid (2.5.0, 2.3.0) mail (2.5.3, 2.4.4) method_source (0.8.1) mime-types (1.22) minitest (4.7.2, 2.5.1) msgpack (0.4.6 ruby) multi_json (1.7.2, 1.5.0) nokogiri (1.5.2 ruby) pg (0.13.2 ruby) polyglot (0.3.3) pry (0.9.12, 0.9.10) rack (1.4.5, 1.4.1 ruby) rack-cache (1.2) rack-ssl (1.3.3, 1.3.2) rack-test (0.6.2) rails (3.2.13, 3.2.11) railties (3.2.13, 3.2.11) rake (10.0.4, 10.0.3, 0.9.2.2) rdoc (4.0.1, 3.12, 3.9.4) ref (1.0.4) robots (0.10.1) sass (3.2.7, 3.2.1) slop (3.4.4, 3.3.3) sprockets (2.9.2, 2.2.2) state_machine (1.2.0, 1.1.2) therubyracer (0.9.10) thin (1.3.1) thor (0.18.1, 0.16.0) tilt (1.3.7, 1.3.3) treetop (1.4.12) tzinfo (0.3.37, 0.3.35)
RT @xme: [/dev/random] Fixing SET 5.0.3 & Metasploit 4.6.0 http://t.co/7EO6atETnn