In this blogpost I will cover the installation of a base Ruby base environment for the use in developing and testing Metasploit modules, exploits and scripts. The instruction will be based on a Backtrack 4 base system since it has most of the dependencies already setup for many of the components that will be installed but it can easily be modified for use in any Ubuntu based Linux distro.
The first step is to make sure we are running the latest version of all packages on the system this is very easily done by using the aptitude package manager from a terminal to update our package database and upgrade all necessary packages. The command will be as follows running as root:
aptitude update && aptitude upgrade
Once it finishes and we have all of the current packages upgraded we install the Git distributed version control system by running the following command as root:
aptitude install git-core
Once Git is install we will install the Ruby Version Manager this will allow us to have on our system different version of Ruby each with it own gem repository and allow us to change, update and manage the different version by using one single tool. We will install RVM using the script they provide for installation by running the following command:
bash < <( curl http://rvm.beginrescueend.com/releases/rvm-install-head )
Once it is finished open your .bashrc file in your favorite text editor and add the following lines to the end of the file
# Load RVM sourceif [[ -s "/usr/local/rvm/scripts/rvm" ]] ; then source "/usr/local/rvm/scripts/rvm" ; fi# Enable Tab Completion in RVM[[ -r /usr/local/rvm//scripts/completion ]] && source /usr/local/rvm/scripts/completion
Save and close the file, next we run the following command to load the source to be able to use RVM:
source /usr/local/rvm/scripts/rvm
Now we will install 2 versions of Ruby, Ruby 1.8.7 and 1.9.1
rvm install 1.9.1rvm install 1.8.7
Even do you can install several versions at the same time I prefer to install one by one as shown in the commands above. you can test if the version switching is working by running the following command:
rvm 1.9.1ruby -vrvm 1.8.7ruby -v
Each time we invoke the ruby interpreter with the version command switch we should see that the version changed. Next we need to install the necessary ruby gems into each of the gem repositories of each one of the ruby versions we achieve this with the rvm command.
rvm gem install hpricotrvm gem install sqlite3-rubyrvm gem install pgrvm gem install wirblervm gem install mysql
Once all gems are installed we set Ruby 1.9.1 as our default version with the following command:
rvm 1.9.1 --default
Now that we have our base ruby environment we can use, we can proceed to configure some global configuration parameters for the Interactive Ruby Shell also known as IRB. The IRB allow us ti interact directly with the ruby interpreter allowing us to test and validate commands and API calls. The following steps are optional and are not required and you can take what ever part of the following configuration better meets your personal style and needs. First we need to create the file:
touch ~/.irbrc
This file will be read by the IRB every time we run it. IRB can be invoked from the regular bash shell, from inside msfconsole and from inside a Meterpreter shell. The libraries and method loaded will depend on from where you run the irb command, you can load this libraries from inside the .irbrc file but for simplicity I will only cover some general settings and code that can later be expanded on as the skill level on ruby an the framework progresses. For a bit more information on IRB visit: http://ruby-doc.org/docs/ProgrammingRuby/html/irb.html
Let start by adding a line that will let us know that the .irbrc file is loaded:
puts "Loaded ~/.irbrc"
Next we will make sure that Ruby gems are always loaded when working inside IRB:
require 'rubygems'
Next we load the Wirble library so we can have syntax coloring, history and tab autocompletion inside the IRB:
require 'wirble'
Lets add IRB's own tab autocompletion since in my experience I have found it to be faster and differentiates methods depending of the object type in Ruby 1.9.1:
require 'irb/completion' Now we load a initialize Wirble:
Wirble.initWirble.colorize
Next we add auto indentation for IRB:
IRB.conf[:AUTO_INDENT] = true Next to simplify the enumeration of methods when we want to do a quick look at what we can do with an object we modify the object class and add a method call local_methods to aid in this so we add:
class Object# get all the methods for an object that aren't basic methods from Objectdef local_methods(methods - Object.instance_methods).sortendend
Our file should now look like this:
puts "Loaded ~/.irbrc"# Load Lobrariesrequire 'rubygems'require 'wirble'require 'irb/completion'# Enable Indentation in irbIRB.conf[:AUTO_INDENT] = true# Enable Syntax ColoringWirble.initWirble.colorize# get all the methods for an object that aren't basic methods from Objectclass Objectdef local_methods(methods - Object.instance_methods).sortendend
Now there is nothing more to do than to start coding and testing our code, I hope that you find this tips useful in your adventures coding for Metasploit in Ruby.
