Sunday, August 28, 2016

Running WPScan on Cygwin

Interesting. It's been 5 years since I last posted anything on this blog, how time flies.


Anyway, my buddy MY and I recently had to run WPScan to test some WordPress sites, but we were not able to load up Kali VMs on our Windows machines due to some constraints. So we had to improvise, and tried running WPScan on Windows using Cygwin. It was not pretty, and it took a lot of googling, troubleshooting and ruby gem debugging before we could get WPScan to run properly.
We decided to release our troubleshooting steps and the error messages, in the hopes that this might help other pentesters.

MY and I solved the issue pretty much the same way, but he did it with Cygwin x64, while I did my testing on Cygwin x86; so the steps to fix the issue are virtually identical. The steps listed below are from my testing with Cygwin x86.


First, we assumed that you have installed ruby and curl on Cygwin.

Ruby version:

pentester@mytester /cygdrive/c/test/wpscan-master
$ ruby --version
ruby 2.2.5p319 (2016-04-26 revision 54774) [i386-cygwin]

My username is "pentester", so you need to modify the directory path appropriately later on. I downloaded WPScan as a ZIP archive from https://github.com/wpscanteam/wpscan and expanded it in the C:\test directory.

Problem 1 when we tried to run WPScan.

pentester@mytester /cygdrive/c/test/wpscan-master
$ ruby wpscan.rb
[ERROR] cannot load such file -- bundler/setup


1) OK. Classic dependency issues. Let's download bundler to help solve the problem.

pentester@mytester /cygdrive/c/test/wpscan-master
$ gem install bundler
Fetching: bundler-1.12.5.gem (100%)
Successfully installed bundler-1.12.5
Parsing documentation for bundler-1.12.5
Installing ri documentation for bundler-1.12.5
Done installing documentation for bundler after 12 seconds
1 gem installed


2) Let's see what's the missing dependencies.

pentester@mytester /cygdrive/c/test/wpscan-master
$ ruby wpscan.rb
Could not find gem 'typhoeus (>= 1.0.0)' in any of the gem sources listed in your Gemfile or available on this machine.
Run `bundle install` to install missing gems.

pentester@mytester /cygdrive/c/test/wpscan-master


3) Let's use bundler to help solve the problem. Note that in the default environment, bundler is installed in your user's home directory.

pentester@mytester /cygdrive/c/test/wpscan-master
$ ~/bin/bundle install
Fetching gem metadata from https://rubygems.org/
Fetching version metadata from https://rubygems.org/
Resolving dependencies...
Installing addressable 2.4.0
Installing safe_yaml 1.0.4
Installing diff-lcs 1.2.5
Installing docile 1.1.5
Installing ffi 1.9.14 with native extensions

Gem::Ext::BuildError: ERROR: Failed to build gem native extension.

    /usr/bin/ruby.exe -r ./siteconf20160826-1832-1qlwdrs.rb extconf.rb
checking for ffi.h... *** extconf.rb failed ***
Could not create Makefile due to some reason, probably lack of necessary
libraries and/or headers.  Check the mkmf.log file for more details.  You may
need configuration options.

Provided configuration options:
        --with-opt-dir
        --without-opt-dir
        --with-opt-include
        --without-opt-include=${opt-dir}/include
        --with-opt-lib
        --without-opt-lib=${opt-dir}/lib
        --with-make-prog
        --without-make-prog
        --srcdir=.
        --curdir
        --ruby=/usr/bin/$(RUBY_BASE_NAME)
        --with-ffi_c-dir
        --without-ffi_c-dir
        --with-ffi_c-include
        --without-ffi_c-include=${ffi_c-dir}/include
        --with-ffi_c-lib
        --without-ffi_c-lib=${ffi_c-dir}/lib
        --with-libffi-config
        --without-libffi-config
        --with-pkg-config
        --without-pkg-config
/usr/share/ruby/2.2.0/mkmf.rb:456:in `try_do': The compiler failed to generate an executable file. (RuntimeError)
You have to install development tools first.
        from /usr/share/ruby/2.2.0/mkmf.rb:587:in `try_cpp'
        from /usr/share/ruby/2.2.0/mkmf.rb:1060:in `block in have_header'
        from /usr/share/ruby/2.2.0/mkmf.rb:911:in `block in checking_for'
        from /usr/share/ruby/2.2.0/mkmf.rb:351:in `block (2 levels) in postpone'
        from /usr/share/ruby/2.2.0/mkmf.rb:321:in `open'
        from /usr/share/ruby/2.2.0/mkmf.rb:351:in `block in postpone'
        from /usr/share/ruby/2.2.0/mkmf.rb:321:in `open'
        from /usr/share/ruby/2.2.0/mkmf.rb:347:in `postpone'
        from /usr/share/ruby/2.2.0/mkmf.rb:910:in `checking_for'
        from /usr/share/ruby/2.2.0/mkmf.rb:1059:in `have_header'
        from extconf.rb:16:in `
' extconf failed, exit code 1 Gem files will remain installed in /home/pentester/.gem/ruby/gems/ffi-1.9.14 for inspection. Results logged to /home/pentester/.gem/ruby/extensions/x86-cygwin/ffi-1.9.14/gem_make.out Installing hashdiff 0.3.0 Installing json 2.0.2 with native extensions Gem::Ext::BuildError: ERROR: Failed to build gem native extension. /usr/bin/ruby.exe -r ./siteconf20160826-1832-15plk7k.rb extconf.rb creating Makefile make "DESTDIR=" clean rm -f rm -f generator.so *.o *.bak mkmf.log .*.time make "DESTDIR=" gcc -I. -I/usr/include/ruby-2.2.0 -I/usr/include/ruby-2.2.0/ruby/backward -I/usr/include/ruby-2.2.0 -I. -DJSON_GENERATOR -ggdb -O2 -pipe -Wimplicit-function-declaration -o generator.o -c generator.c rm -f generator.so gcc -shared -o generator.so generator.o -L. -L/usr/lib -L. -fstack-protector -Wl,--export-all-symbols -Wl,--enable-auto-image-base,--enable-auto-import -lruby220 -lpthread -lgmp -ldl -lcrypt /usr/lib/gcc/i686-pc-cygwin/4.9.3/../../../../i686-pc-cygwin/bin/ld: cannot find -lgmp collect2: error: ld returned 1 exit status Makefile:254: recipe for target 'generator.so' failed make: *** [generator.so] Error 1 make failed, exit code 2 Gem files will remain installed in /home/pentester/.gem/ruby/gems/json-2.0.2 for inspection. Results logged to /home/pentester/.gem/ruby/extensions/x86-cygwin/json-2.0.2/gem_make.out Installing mini_portile2 2.1.0 Installing pkg-config 1.1.7 Installing rspec-support 3.5.0 Installing ruby-progressbar 1.8.1 Installing simplecov-html 0.10.0 Installing terminal-table 1.6.0 Installing yajl-ruby 1.2.1 with native extensions Gem::Ext::BuildError: ERROR: Failed to build gem native extension. /usr/bin/ruby.exe -r ./siteconf20160826-1832-1kwy2vo.rb extconf.rb creating Makefile make "DESTDIR=" clean rm -f rm -f yajl.so *.o *.bak mkmf.log .*.time make "DESTDIR=" gcc -I. -I/usr/include/ruby-2.2.0 -I/usr/include/ruby-2.2.0/ruby/backward -I/usr/include/ruby-2.2.0 -I. -ggdb -O2 -pipe -Wimplicit-function-declaration -Wall -funroll-loops -o yajl.o -c yajl.c yajl.c: In function ‘yajl_status_to_string’: yajl.c:61:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl.c: In function ‘yajl_alloc’: yajl.c:105:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl.c: In function ‘yajl_reset_parser’: yajl.c:110:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl.c: In function ‘yajl_free’: yajl.c:119:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl.c: In function ‘yajl_parse’: yajl.c:128:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl.c: In function ‘yajl_parse_complete’: yajl.c:140:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl.c: In function ‘yajl_get_error’: yajl.c:147:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl.c: In function ‘yajl_get_bytes_consumed’: yajl.c:154:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl.c: In function ‘yajl_free_error’: yajl.c:162:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ gcc -I. -I/usr/include/ruby-2.2.0 -I/usr/include/ruby-2.2.0/ruby/backward -I/usr/include/ruby-2.2.0 -I. -ggdb -O2 -pipe -Wimplicit-function-declaration -Wall -funroll-loops -o yajl_alloc.o -c yajl_alloc.c yajl_alloc.c: In function ‘yajl_set_default_alloc_funcs’: yajl_alloc.c:64:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ gcc -I. -I/usr/include/ruby-2.2.0 -I/usr/include/ruby-2.2.0/ruby/backward -I/usr/include/ruby-2.2.0 -I. -ggdb -O2 -pipe -Wimplicit-function-declaration -Wall -funroll-loops -o yajl_buf.o -c yajl_buf.c yajl_buf.c: In function ‘yajl_buf_alloc’: yajl_buf.c:78:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_buf.c: In function ‘yajl_buf_free’: yajl_buf.c:85:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_buf.c: In function ‘yajl_buf_append’: yajl_buf.c:96:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_buf.c: In function ‘yajl_buf_clear’: yajl_buf.c:102:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_buf.c: In function ‘yajl_buf_data’: yajl_buf.c:107:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_buf.c: In function ‘yajl_buf_len’: yajl_buf.c:112:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_buf.c: In function ‘yajl_buf_truncate’: yajl_buf.c:119:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ gcc -I. -I/usr/include/ruby-2.2.0 -I/usr/include/ruby-2.2.0/ruby/backward -I/usr/include/ruby-2.2.0 -I. -ggdb -O2 -pipe -Wimplicit-function-declaration -Wall -funroll-loops -o yajl_encode.o -c yajl_encode.c yajl_encode.c: In function ‘yajl_string_encode2’: yajl_encode.c:99:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_encode.c: In function ‘yajl_string_encode’: yajl_encode.c:52:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_encode.c: In function ‘yajl_string_decode’: yajl_encode.c:201:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ gcc -I. -I/usr/include/ruby-2.2.0 -I/usr/include/ruby-2.2.0/ruby/backward -I/usr/include/ruby-2.2.0 -I. -ggdb -O2 -pipe -Wimplicit-function-declaration -Wall -funroll-loops -o yajl_ext.o -c yajl_ext.c yajl_ext.c: In function ‘rb_yajl_parser_parse’: yajl_ext.c:471:17: warning: variable ‘stat’ set but not used [-Wunused-but-set-variable] yajl_status stat; ^ gcc -I. -I/usr/include/ruby-2.2.0 -I/usr/include/ruby-2.2.0/ruby/backward -I/usr/include/ruby-2.2.0 -I. -ggdb -O2 -pipe -Wimplicit-function-declaration -Wall -funroll-loops -o yajl_gen.o -c yajl_gen.c yajl_gen.c: In function ‘yajl_gen_alloc2’: yajl_gen.c:132:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_gen.c: In function ‘yajl_gen_alloc’: yajl_gen.c:71:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_gen.c: In function ‘yajl_gen_free’: yajl_gen.c:139:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_gen.c: In function ‘yajl_gen_integer’: yajl_gen.c:211:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_gen.c: In function ‘yajl_gen_double’: yajl_gen.c:231:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_gen.c: In function ‘yajl_gen_number’: yajl_gen.c:241:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_gen.c: In function ‘yajl_gen_string’: yajl_gen.c:254:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_gen.c: In function ‘yajl_gen_null’: yajl_gen.c:264:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_gen.c: In function ‘yajl_gen_bool’: yajl_gen.c:276:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_gen.c: In function ‘yajl_gen_map_open’: yajl_gen.c:289:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_gen.c: In function ‘yajl_gen_map_close’: yajl_gen.c:303:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_gen.c: In function ‘yajl_gen_array_open’: yajl_gen.c:315:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_gen.c: In function ‘yajl_gen_array_close’: yajl_gen.c:328:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_gen.c: In function ‘yajl_gen_get_buf’: yajl_gen.c:338:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_gen.c: In function ‘yajl_gen_clear’: yajl_gen.c:344:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ gcc -I. -I/usr/include/ruby-2.2.0 -I/usr/include/ruby-2.2.0/ruby/backward -I/usr/include/ruby-2.2.0 -I. -ggdb -O2 -pipe -Wimplicit-function-declaration -Wall -funroll-loops -o yajl_lex.o -c yajl_lex.c yajl_lex.c: In function ‘yajl_lex_alloc’: yajl_lex.c:130:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_lex.c: In function ‘yajl_lex_realloc’: yajl_lex.c:141:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_lex.c: In function ‘yajl_lex_free’: yajl_lex.c:149:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_lex.c: In function ‘yajl_lex_lex’: yajl_lex.c:673:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_lex.c: In function ‘yajl_lex_error_to_string’: yajl_lex.c:708:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_lex.c: In function ‘yajl_lex_get_error’: yajl_lex.c:718:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_lex.c: In function ‘yajl_lex_current_line’: yajl_lex.c:723:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_lex.c: In function ‘yajl_lex_current_char’: yajl_lex.c:728:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_lex.c: In function ‘yajl_lex_peek’: yajl_lex.c:748:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ gcc -I. -I/usr/include/ruby-2.2.0 -I/usr/include/ruby-2.2.0/ruby/backward -I/usr/include/ruby-2.2.0 -I. -ggdb -O2 -pipe -Wimplicit-function-declaration -Wall -funroll-loops -o yajl_parser.o -c yajl_parser.c yajl_parser.c: In function ‘yajl_render_error_string’: yajl_parser.c:126:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ yajl_parser.c: In function ‘yajl_do_parse’: yajl_parser.c:449:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ gcc -I. -I/usr/include/ruby-2.2.0 -I/usr/include/ruby-2.2.0/ruby/backward -I/usr/include/ruby-2.2.0 -I. -ggdb -O2 -pipe -Wimplicit-function-declaration -Wall -funroll-loops -o yajl_version.o -c yajl_version.c yajl_version.c: In function ‘yajl_version’: yajl_version.c:6:1: warning: visibility attribute not supported in this configuration; ignored [-Wattributes] } ^ rm -f yajl.so gcc -shared -o yajl.so yajl.o yajl_alloc.o yajl_buf.o yajl_encode.o yajl_ext.o yajl_gen.o yajl_lex.o yajl_parser.o yajl_version.o -L. -L/usr/lib -L. -fstack-protector -Wl,--export-all-symbols -Wl,--enable-auto-image-base,--enable-auto-import -lruby220 -lpthread -lgmp -ldl -lcrypt /usr/lib/gcc/i686-pc-cygwin/4.9.3/../../../../i686-pc-cygwin/bin/ld: cannot find -lgmp collect2: error: ld returned 1 exit status Makefile:254: recipe for target 'yajl.so' failed make: *** [yajl.so] Error 1 make failed, exit code 2 Gem files will remain installed in /home/pentester/.gem/ruby/gems/yajl-ruby-1.2.1 for inspection. Results logged to /home/pentester/.gem/ruby/extensions/x86-cygwin/yajl-ruby-1.2.1/gem_make.out Using bundler 1.12.5 Installing crack 0.4.3 An error occurred while installing ffi (1.9.14), and Bundler cannot continue. Make sure that `gem install ffi -v '1.9.14'` succeeds before bundling. pentester@mytester /cygdrive/c/test/wpscan-master $


4) If the ffi gem installation failed, you are probably missing some Cygwin modules like me. Run your Cygwin setup again, and install the following modules:
  • libcurl-devel
  • libcurl4
  • ruby-devel


5) Let's run bundler again.

pentester@mytester /cygdrive/c/test/wpscan-master
$ ~/bin/bundle install
Fetching gem metadata from https://rubygems.org/
Fetching version metadata from https://rubygems.org/
Resolving dependencies...
Using addressable 2.4.0
Using safe_yaml 1.0.4
Using diff-lcs 1.2.5
Using docile 1.1.5
Installing ffi 1.9.14 with native extensions
Using hashdiff 0.3.0
Installing json 2.0.2 with native extensions
Using mini_portile2 2.1.0
Using pkg-config 1.1.7
Using rspec-support 3.5.0
Using ruby-progressbar 1.8.1
Using simplecov-html 0.10.0
Using terminal-table 1.6.0
Installing yajl-ruby 1.2.1 with native extensions
Using bundler 1.12.5
Using crack 0.4.3
Installing ethon 0.9.0
Installing nokogiri 1.6.8 with native extensions
Installing rspec-core 3.5.2
Installing rspec-expectations 3.5.0
Installing rspec-mocks 3.5.0
Installing simplecov 0.12.0
Installing webmock 2.1.0
Installing typhoeus 1.1.0
Installing rspec-its 1.2.0
Installing rspec 3.5.0
Bundle complete! 10 Gemfile dependencies, 26 gems now installed.
Use `bundle show [gemname]` to see where a bundled gem is installed.
Post-install message from webmock:

  WebMock 2.0 has some breaking changes. Please check the CHANGELOG: https://goo.gl/piDGLu



pentester@mytester /cygdrive/c/test/wpscan-master
$ ~/bin/bundle install
Fetching gem metadata from https://rubygems.org/
Fetching version metadata from https://rubygems.org/
Resolving dependencies...
Using addressable 2.4.0
Using safe_yaml 1.0.4
Using diff-lcs 1.2.5
Using docile 1.1.5
Installing ffi 1.9.14 with native extensions
Using hashdiff 0.3.0
Installing json 2.0.2 with native extensions
Using mini_portile2 2.1.0
Using pkg-config 1.1.7
Using rspec-support 3.5.0
Using ruby-progressbar 1.8.1
Using simplecov-html 0.10.0
Using terminal-table 1.6.0
Installing yajl-ruby 1.2.1 with native extensions
Using bundler 1.12.5
Using crack 0.4.3
Installing ethon 0.9.0
Installing nokogiri 1.6.8 with native extensions
Installing rspec-core 3.5.2
Installing rspec-expectations 3.5.0
Installing rspec-mocks 3.5.0
Installing simplecov 0.12.0
Installing webmock 2.1.0
Installing typhoeus 1.1.0
Installing rspec-its 1.2.0
Installing rspec 3.5.0
Bundle complete! 10 Gemfile dependencies, 26 gems now installed.
Use `bundle show [gemname]` to see where a bundled gem is installed.
Post-install message from webmock:

  WebMock 2.0 has some breaking changes. Please check the CHANGELOG: https://goo.gl/piDGLu


pentester@mytester /cygdrive/c/test/wpscan-master
$


6) Success! Let's try to run WPScan again.

pentester@mytester /cygdrive/c/test/wpscan-master
$ ruby wpscan.rb
[ERROR] Could not open library 'libcurl': No such file or directory.
Could not open library 'cyglibcurl.dll': No such file or directory.
Could not open library 'libcurl.so.4': No such file or directory.
Could not open library 'cyglibcurl.so.4.dll': No such file or directory

pentester@mytester /cygdrive/c/test/wpscan-master
$


7) After debugging and tracing through the gem dependencies, we found that the ethon gem is not opening the right libcurl library for Cygwin. You need to modify the following gem file (note the user home directory):
C:\cygwin\home\pentester\.gem\ruby\gems\ethon-0.9.0\lib\ethon\curls\settings.rb: line 6

Original:
6:    ffi_lib ['libcurl', 'libcurl.so.4']

Modified:
6:    ffi_lib ['libcurl', 'libcurl.so.4', 'libcurl-4.dll']


8) libcurl library problem solved! Let's try to run WPScan again.

pentester@mytester /cygdrive/c/test/wpscan-master
$ ruby wpscan.rb
/home/pentester/.gem/ruby/gems/ffi-1.9.14/lib/ffi/types.rb:69:in `find_type': unable to resolve type 'time_t' (TypeError)
        from /home/pentester/.gem/ruby/gems/ffi-1.9.14/lib/ffi/library.rb:535:in `find_type'
        from /home/pentester/.gem/ruby/gems/ffi-1.9.14/lib/ffi/struct.rb:332:in `find_type'
        from /home/pentester/.gem/ruby/gems/ffi-1.9.14/lib/ffi/struct.rb:326:in `find_field_type'
        from /home/pentester/.gem/ruby/gems/ffi-1.9.14/lib/ffi/struct.rb:368:in `array_layout'
        from /home/pentester/.gem/ruby/gems/ffi-1.9.14/lib/ffi/struct.rb:278:in `layout'
        from /home/pentester/.gem/ruby/gems/ethon-0.9.0/lib/ethon/curls/classes.rb:49:in `'
        from /home/pentester/.gem/ruby/gems/ethon-0.9.0/lib/ethon/curls/classes.rb:44:in `'
        from /home/pentester/.gem/ruby/gems/ethon-0.9.0/lib/ethon/curls/classes.rb:2:in `'
        from /home/pentester/.gem/ruby/gems/ethon-0.9.0/lib/ethon/curls/classes.rb:1:in `'
        from /home/pentester/.gem/ruby/gems/ethon-0.9.0/lib/ethon/curl.rb:28:in `require'
        from /home/pentester/.gem/ruby/gems/ethon-0.9.0/lib/ethon/curl.rb:28:in `'
        from /home/pentester/.gem/ruby/gems/ethon-0.9.0/lib/ethon/curl.rb:13:in `'
        from /home/pentester/.gem/ruby/gems/ethon-0.9.0/lib/ethon/curl.rb:8:in `'
        from /home/pentester/.gem/ruby/gems/ethon-0.9.0/lib/ethon.rb:15:in `require'
        from /home/pentester/.gem/ruby/gems/ethon-0.9.0/lib/ethon.rb:15:in `'
        from /home/pentester/.gem/ruby/gems/typhoeus-1.1.0/lib/typhoeus.rb:2:in `require'
        from /home/pentester/.gem/ruby/gems/typhoeus-1.1.0/lib/typhoeus.rb:2:in `'
        from /cygdrive/c/test/wpscan-master/lib/environment.rb:35:in `require'
        from /cygdrive/c/test/wpscan-master/lib/environment.rb:35:in `'
        from /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:54:in `require'
        from /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:54:in `require'
        from /cygdrive/c/test/wpscan-master/lib/common/common_helper.rb:52:in `'
        from /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:54:in `require'
        from /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:54:in `require'
        from /cygdrive/c/test/wpscan-master/lib/wpscan/wpscan_helper.rb:3:in `'
        from /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:54:in `require'
        from /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:54:in `require'
        from wpscan.rb:8:in `
' pentester@mytester /cygdrive/c/test/wpscan-master $


9) We get variable type issues now. Let's try to update all the gems.

pentester@mytester /cygdrive/c/test/wpscan-master
$ gem update --system
Updating rubygems-update
Fetching: rubygems-update-2.6.6.gem (100%)
Successfully installed rubygems-update-2.6.6
Parsing documentation for rubygems-update-2.6.6
Installing ri documentation for rubygems-update-2.6.6
Installing darkfish documentation for rubygems-update-2.6.6
Done installing documentation for rubygems-update after 68 seconds
Parsing documentation for rubygems-update-2.6.6
Done installing documentation for rubygems-update after 0 seconds
Installing RubyGems 2.6.6
RubyGems 2.6.6 installed
Parsing documentation for rubygems-2.6.6
Installing ri documentation for rubygems-2.6.6

=== 2.6.6 / 2016-06-22

Bug fixes:

* Sort installed versions to make sure we install the latest version when
  running `gem update --system`. As a one-time fix, run
  `gem update --system=2.6.6`. Pull request #1601 by David Radcliffe.

=== 2.6.5 / 2016-06-21

Minor enhancements:

* Support for unified Integer in Ruby 2.4. Pull request #1618
  by SHIBATA Hiroshi.
* Update vendored Molinillo to 0.5.0 for performance improvements.
  Pull request #1638 by Samuel Giddins.

Bug fixes:

* Raise an explicit error if Signer#sign is called with no certs. Pull
  request #1605 by Daniel Berger.
* Update `update_bundled_ca_certificates` utility script for directory
  nesting. Pull request #1583 by James Wen.
* Fix broken symlink support in tar writer (+ fix broken test). Pull
  request #1578 by Cezary Baginski.
* Remove extension directory before (re-)installing. Pull request #1576
  by Jeremy Hinegardner.
* Regenerate test CA certificates with appropriate extensions. Pull
  request #1611 by rhenium.
* Rubygems does not terminate on failed file lock when not superuser. Pull
  request #1582 by Ellen Marie Dash.
* Fix tar headers with a 101 character name. Pull request #1612 by Pawel
  Tomulik.
* Add Gem.platform_defaults to allow implementations to override defaults.
  Pull request #1644 by Charles Oliver Nutter.
* Run Bundler tests on TravisCI. Pull request #1650 by Samuel Giddins.

=== 2.6.4 / 2016-04-26

Minor enhancements:

* Use Gem::Util::NULL_DEVICE instead of hard coded strings. Pull request #1588
  by Chris Charabaruk.
* Use File.symlink on MS Windows if supported. Pull request #1418
  by Nobuyoshi Nakada.

Bug fixes:

* Redact uri password from error output when gem fetch fails. Pull request
  #1565 by Brian Fletcher.
* Suppress warnings. Pull request #1594 by Nobuyoshi Nakada.
* Escape user-supplied content served on web pages by `gem server` to avoid
  potential XSS vulnerabilities. Samuel Giddins.

=== 2.6.3 / 2016-04-05

Minor enhancements:

* Lazily calculate Gem::LoadError exception messages. Pull request #1550
  by Aaron Patterson.
* New fastly cert. Pull request #1548 by David Radcliffe.
* Organize and cleanup SSL certs. Pull request #1555 by James Wen.
* [RubyGems] Make deprecation message for paths= more helpful. Pull
  request #1562 by Samuel Giddins.
* Show default gems when using "gem list". Pull request #1570 by Luis
  Sagastume.

Bug fixes:

* Stub ordering should be consistent regardless of how cache is populated.
  Pull request #1552 by Aaron Patterson.
* Handle cases when the @@stubs variable contains non-stubs. Pull request
  #1558 by Per Lundberg.
* Fix test on Windows for inconsistent temp path. Pull request #1554 by
  Hiroshi Shirosaki.
* Fix `Gem.find_spec_for_exe` picks oldest gem. Pull request #1566 by
  Shinichi Maeshima.
* [Owner] Fallback to email and userid when owner email is missing. Pull
  request #1569 by Samuel Giddins.
* [Installer] Handle nil existing executable. Pull request #1561 by Samuel
  Giddins.
* Allow two digit version numbers in the tests. Pull request #1575 by unak.

=== 2.6.2 / 2016-03-12

Bug fixes:

* Fix wrong version of gem activation for bin stub. Pull request #1527 by
  Aaron Patterson.
* Speed up gem activation failures. Pull request #1539 by Aaron Patterson.
* Fix platform sorting in the resolver. Pull request #1542 by Samuel E.
  Giddins.
* Ensure we unlock the monitor even if try_activate throws. Pull request
  #1538 by Charles Oliver Nutter.


=== 2.6.1 / 2016-02-28

Bug fixes:

* Ensure `default_path` and `home` are set for paths. Pull request #1513
  by Aaron Patterson.
* Restore but deprecate support for Array values on `Gem.paths=`. Pull
  request #1514 by Aaron Patterson.
* Fix invalid gem file preventing gem install from working. Pull request
  #1499 by Luis Sagastume.

=== 2.6.0 / 2016-02-26

Minor enhancements:

* RubyGems now defaults the `gem push` to the gem's "allowed_push_host"
  metadata setting.  Pull request #1486 by Josh Lane.
* Update bundled Molinillo to 0.4.3. Pull request #1493 by Samuel E. Giddins.
* Add version option to gem open command. Pull request #1483 by Hrvoje
  Šimic.
* Feature/add silent flag. Pull request #1455 by Luis Sagastume.
* Allow specifying gem requirements via env variables. Pull request #1472
  by Samuel E. Giddins.

Bug fixes:

* RubyGems now stores `gem push` credentials under the host you signed-in for.
  Pull request #1485 by Josh Lane.
* Move `coding` location to first line. Pull request #1471 by SHIBATA
  Hiroshi.
* [PathSupport] Handle a regexp path separator. Pull request #1469 by
  Samuel E. Giddins.
* Clean up the PathSupport object. Pull request #1094 by Aaron Patterson.
* Join with File::PATH_SEPARATOR in Gem.use_paths. Pull request #1476 by
  Samuel E. Giddins.
* Handle when the gem home and gem path arent set in the config file. Pull
  request #1478 by Samuel E. Giddins.
* Terminate TimeoutHandler. Pull request #1479 by Nobuyoshi Nakada.
* Remove redundant cache. Pull request #1482 by Eileen M. Uchitelle.
* Freeze `Gem::Version@segments` instance variable. Pull request #1487 by
  Ben Dean.
* Gem cleanup is trying to uninstall gems outside GEM_HOME and reporting
  an error after it tries. Pull request #1353 by Luis Sagastume.
* Avoid duplicated sources. Pull request #1489 by Luis Sagastume.
* Better description for quiet flag. Pull request #1491 by Luis Sagastume.
* Raise error if find_by_name returns with nil. Pull request #1494 by
  Zoltán Hegedüs.
* Find_files only from loaded_gems when using gemdeps. Pull request #1277
  by Michal Papis.

=== 2.5.2 / 2016-01-31

Bug fixes:

* Fix memoization of Gem::Version#prerelease? Pull request #1125 by Matijs van
  Zuijlen.
* Handle trailing colons in GEM_PATH, by Damien Robert.
* Improve the Gemfile `gemspec` method, fixing #1204 and #1033. Pull request
  #1276 by Michael Papis.
* Warn only once when a gemspec license is invalid. Pull request #1414 by Samuel
  E. Giddins.
* Check for exact constants before using them, fixing Ruby bug #11940. Pull
  request #1438 by Nobuyoshi Nakada.
* Fix building C extensions on Ruby 1.9.x on Windows. Pull request #1453 by Marie
  Markwell.
* Handle symlinks containing ".." correctly. Pull request #1457 by Samuel E.
  Giddins.

Minor enhancements:

* Add `--no-rc` flag, which skips loading `.gemrc`. Pull request #1329 by Luis
  Sagastume.
* Allow basic auth to be excluded from `allowed_push_host`. By Josh Lane.
* Add `gem list --exact`, which finds gems by string match instead of regex. Pull
  request #1344 by Luis Sagastume.
* Suggest alternatives when gem license is unknown. Pull request #1443 by Samuel
  E. Giddins.
* Print a useful error if a binstub expects a newer version of a gem than is
  installed. Pull request #1407 by Samuel E. Giddins.
* Allow the (supported) s3:// scheme to be used with `--source`. Pull request
  #1416 by Dave Adams.
* Add `--[no-]post-install-message` to `install` and `update`. Pull request #1162
  by Josef Šimánek.
* Add `--host` option to `yank`, providing symmetry with `pull`. Pull request
  #1361 by Mike Virata-Stone.
* Update bundled Molinillo to 0.4.1. Pull request #1452 by Samuel E. Giddins.
* Allow calling `build` without '.gemspec'. Pull request #1454 by Stephen
  Blackstone.
* Add support for `source` option on gems in Gemfile. Pull request #1355 by
  Michael Papis.
* Function correctly when string literals are frozen on Ruby 2.3. Pull request
  #1408 by Samuel E. Giddins.

=== 2.5.1 / 2015-12-10

Bug fixes:

* Ensure platform sorting only uses strings. Affected binary installs on Windows.
  Issue #1369 reported by Ryan Atball (among others).
  Pull request #1375 by Samuel E. Giddins.
* Revert PR #1332. Unable to reproduce, and nil should be impossible.
* Gem::Specification#to_fullpath now returns .rb extensions when such a file
  exists.  Pull request #1114 by y-yagi.
* RubyGems now handles Net::HTTPFatalError instead of crashing.  Pull
  request #1314 by Samuel E. Giddins.
* Updated bundled Molinillo to 0.4.0.  Pull request #1322, #1396 by Samuel E.
  Giddins.
* Improved performance of spec loading by reducing likelihood of loading the
  complete specification.  Pull request #1373 by Aaron Patterson.
* Improved caching of requirable files  Pull request #1377 by Aaron Patterson.
* Fixed activation of gems with development dependencies.  Pull request #1388
  by Samuel E. Giddins.
* RubyGems now uses the same Molinillo vendoring strategy as Bundler.  Pull
  request #1397 by Samuel E. Giddins.
* Fixed documentation of Gem::Requirement.parse.  Pull request #1398 by
  Juanito Fatas.
* RubyGems no longer warns when a prerelease gem has prerelease dependencies.
  Pull request #1399 by Samuel E. Giddins.
* Fixed Gem::Version documentation example.  Pull request #1401 by Guilherme
  Goettems Schneider.
* Updated documentation links to https://.  Pull request #1404 by Suriyaa
  Kudo.
* Fixed double word typo.  Pull request #1411 by Jake Worth.

=== 2.5.0 / 2015-11-03

Major enhancements:

* Added the Gem::Licenses class which provides a set of standard license
  identifiers as set by spdx.org. This is now used by the
  Gem::Specification#license attribute to try to standardize (though not
  enforce) licenses set by gem authors.

  Pull request #1249 by Kyle Mitchell.

Minor enhancements:

* Use Molinillo as the resolver library.  This is the same resolver as used by
  Bundler.  Pull request #1189 by Samuel E. Giddins.
* Add `--skip=gem_name` to Pristine command.  Pull request #1018 by windwiny.
* The parsed gem dependencies file is now available via Gem.gemdeps following
  Gem.use_gemdeps.  Pull request #1224 by Hsing-Hui Hsu, issue #1213 by
  Michal Papis.
* Moved description attribute to recommended for Gem::Specification.
  Pull request #1046 by Michal Papis
* Moved `Gem::Indexer#abbreviate` and `#sanitize` to `Gem::Specification`.
  Pull request #1145 by Arthur Nogueira Neves
* Cache Gem::Version segments for `#bump` and `#release`.
  Pull request #1131 by Matijs van Zuijlen
* Fix edge case in `levenshtein_distance` for comparing longer strings.
  Pull request #1173 by Richard Schneeman
* Remove duplication from List#to_a, improving from O(n^2) to O(n) time.
  Pull request #1200 by Marc Siegel.
* Gem::Specification.add_specs is deprecated and will be removed from version
  3.0 with no replacement.  To add specs, install the gem, then reset the
  cache.
* Gem::Specification.add_spec is deprecated and will be removed from version
  3.0 with no replacement.  To add specs, install the gem, then reset the
  cache.
* Gem::Specification.remove_spec is deprecated and will be removed from version
  3.0 with no replacement.  To remove specs, uninstall the gem, then reset the
  cache by calling Gem::Specification.reset.
* Call Array#compact before calling Array#uniq for minor speed improvement in
  the Gem::Specification#files method.
  Pull request #1253 by Marat Amerov.
* Use stringio instead of custom String classes.
  Pull request #1250 by Petr Skocik.
* Use URI#host instead of URI#hostname to retain backwards compatibility with
  Ruby 1.9.2 and earlier in util library.
  Pull request #1288 by Joe Rafaniello.
* Documentation update for gem sources.
  Pull request #1324 by Ilya Vassilevsky.
* Documentation update for required_ruby_version.
  Pull request #1321 by Matt Patterson.
* Documentation update for gem update.
  Pull request #1306 by Tim Blair.
* Emit a warning on SRV resolve failure.
  Pull request #1023 by Ivan Kuchin.
* Allow duplicate dependencies between runtime and development.
  Pull request #1032 by Murray Steele.
* The gem env command now shows the user installation directory.
  Pull request #1343 by Luis Sagastume.
* The Gem::Platform#=== method now treats a nil cpu arch the same as 'universal'.
  Pull request #1356 by Daniel Berger.
* Improved memory performance in Gem::Specification.traverse.  Pull request
  #1188 by Aaron Patterson.
* RubyGems packages now support symlinks.  Pull request #1209 by Samuel E.
  Giddins.
* RubyGems no longer outputs mkmf.log if it does not exist.  Pull request
  #1222 by Andrew Hooker.
* Added Bitrig platform.  Pull request #1233 by John C. Vernaleo.
* Improved error message for first-time RubyGems developers.  Pull request
  #1241 by André Arko
* Improved performance of Gem::Specification#load with cached specs.  Pull
  request #1297 by Samuel E. Giddins.
* Gem::RemoteFetcher allows users to set HTTP headers.  Pull request #1363 by
  Agis Anastasopoulos.

Bug fixes:

* Fixed Rake homepage url in example for Gem::Specification#homepage.
  Pull request #1171 by Arthur Nogueira Neves
* Don't crash if partially uninstalled gem can't be found.
  Pull request #1283 by Cezary Baginski.
* Test warning cleanup.
  Pull request #1298 by Samuel E. Giddins.
* Documentation fix for GemDependencyAPI.
  Pull request #1308 by Michael Papis.
* Fetcher now ignores ENOLCK errors in single threaded environments. This
  handles an issue with gem installation on NFS as best we can. Addresses
  issue #1176 by Ryan Moore.
  Pull request #1327 by Daniel Berger.
* Fix some path quoting issues in the test suite.
  Pull request #1328 by Gavin Miller.
* Fix NoMethodError in running ruby processes when gems are uninstalled.
  Pull request #1332 by Peter Drake.
* Fixed a potential NoMethodError for gem cleanup.
  Pull request #1333 by Peter Drake.
* Fixed gem help bug.
  Issue #1352 reported by bogem, pull request #1357 by Luis Sagastume.
* Remove temporary directories after tests finish.  Pull request #1181 by
  Nobuyoshi Nokada.
* Update links in RubyGems documentation.  Pull request #1185 by Darío Hereñú.
* Prerelease gem executables can now be run.  Pull request #1186 by Samuel E.
  Giddins.
* Updated RubyGems travis-ci ruby versions.  Pull request #1187 by Samuel E.
  Giddins.
* Fixed release date of RubyGems 2.4.6.  Pull request #1190 by Frieder
  Bluemle.
* Fixed bugs in gem activation.  Pull request #1202 by Miklós Fazekas.
* Fixed documentation for `gem list`.  Pull request #1228 by Godfrey Chan.
* Fixed #1200 history entry.  Pull request #1234 by Marc Siegel.
* Fixed synchronization issue when resetting the Gem::Specification gem list.
  Pull request #1239 by Samuel E. Giddins.
* Fixed running tests in parallel.  Pull request #1257 by SHIBATA Hiroshi.
* Fixed running tests with `--program-prefix` or `--program-suffix` for ruby.
  Pull request #1258 by Shane Gibbs.
* Fixed Gem::Specification#to_yaml.  Pull request #1262 by Hiroaki Izu.
* Fixed taintedness of Gem::Specification#raw_require_paths.  Pull request
  #1268 by Sam Ruby.
* Fixed sorting of platforms when installing gems.  Pull request #1271 by
  nonsequitur.
* Use `--no-document` over deprecated documentation options when installing
  dependencies on travis.  Pull request #1272 by takiy33.
* Improved support for IPv6 addresses in URIs.  Pull request #1275 by Joe
  Rafaniello.
* Spec validation no longer crashes if a file does not exist.  Pull request
  #1278 by Samuel E. Giddins.
* Gems can now be installed within `rescue`.  Pull request #1282 by Samuel E.
  Giddins.
* Increased Diffie-Hellman key size for tests for modern OpenSSL.  Pull
  request #1290 by Vít Ondruch.
* RubyGems handles invalid config files better.  Pull request #1367 by Agis
  Anastasopoulos.

=== 2.4.8 / 2015-06-08

Bug fixes:

* Tightened API endpoint checks for CVE-2015-3900


------------------------------------------------------------------------------

RubyGems installed the following executables:
        /usr/bin/gem

Ruby Interactive (ri) documentation was installed. ri is kind of like man
pages for ruby libraries. You may access it like this:
  ri Classname
  ri Classname.class_method
  ri Classname#instance_method
If you do not wish to install this documentation in the future, use the
--no-document flag, or set it as the default in your ~/.gemrc file. See
'gem help env' for details.

RubyGems system software updated

pentester@mytester /cygdrive/c/test/wpscan-master
$


10) Let's try to run WPScan again, and we get a Winsock library issue this time.

pentester@mytester /cygdrive/c/test/wpscan-master
$ ruby wpscan.rb
[ERROR] Could not open library 'ws2_32': No such file or directory.
Could not open library 'cygws2_32.dll': No such file or directory


11) After more debugging and tracing through the gem dependencies, we found that the ethon gem is not opening the right Winsock library for Cygwin. The original code is meant to use Windows's Winsock library if the environment is Windows. You need to modify the following gem file (note the user home directory):
C:\cygwin\home\pentester\.gem\ruby\gems\ethon-0.9.0\lib\ethon\curls\functions.rb: line 55 to 59

Original:
55:        if Curl.windows?
56:            base.ffi_lib 'ws2_32'
57:        else
58:            base.ffi_lib ::FFI::Library::LIBC
59:        end

Modified:
55:#        if Curl.windows?
56:#            base.ffi_lib 'ws2_32'
57:#        else
58:            base.ffi_lib ::FFI::Library::LIBC
59:#        end


12) Let's try to run WPScan again, and success!

pentester@mytester /cygdrive/c/test/wpscan-master
$ ruby wpscan.rb
_______________________________________________________________
        __          _______   _____
        \ \        / /  __ \ / ____|
         \ \  /\  / /| |__) | (___   ___  __ _ _ __
          \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
           \  /\  /  | |     ____) | (__| (_| | | | |
            \/  \/   |_|    |_____/ \___|\__,_|_| |_|

        WordPress Security Scanner by the WPScan Team
                       Version 2.9.1
          Sponsored by Sucuri - https://sucuri.net
   @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
_______________________________________________________________


Examples :

-Further help ...
ruby wpscan.rb --help

-Do 'non-intrusive' checks ...
ruby wpscan.rb --url www.example.com

-Do wordlist password brute force on enumerated users using 50 threads ...
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50

-Do wordlist password brute force on the 'admin' username only ...
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin

-Enumerate installed plugins ...
ruby wpscan.rb --url www.example.com --enumerate p

-Enumerate installed themes ...
ruby wpscan.rb --url www.example.com --enumerate t

-Enumerate users ...
ruby wpscan.rb --url www.example.com --enumerate u

-Enumerate installed timthumbs ...
ruby wpscan.rb --url www.example.com --enumerate tt

-Use a HTTP proxy ...
ruby wpscan.rb --url www.example.com --proxy 127.0.0.1:8118

-Use a SOCKS5 proxy ... (cURL >= v7.21.7 needed)
ruby wpscan.rb --url www.example.com --proxy socks5://127.0.0.1:9000

-Use custom content directory ...
ruby wpscan.rb -u www.example.com --wp-content-dir custom-content

-Use custom plugins directory ...
ruby wpscan.rb -u www.example.com --wp-plugins-dir wp-content/custom-plugins

-Update the DB ...
ruby wpscan.rb --update

-Debug output ...
ruby wpscan.rb --url www.example.com --debug-output 2>debug.log

See README for further information.


[!] No argument supplied

pentester@mytester /cygdrive/c/test/wpscan-master
$


12) Let's try to update WPScan to make sure that curl is working. Success again!

pentester@mytester /cygdrive/c/test/wpscan-master
$ ruby wpscan.rb --update
_______________________________________________________________
        __          _______   _____
        \ \        / /  __ \ / ____|
         \ \  /\  / /| |__) | (___   ___  __ _ _ __
          \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
           \  /\  /  | |     ____) | (__| (_| | | | |
            \/  \/   |_|    |_____/ \___|\__,_|_| |_|

        WordPress Security Scanner by the WPScan Team
                       Version 2.9.1
          Sponsored by Sucuri - https://sucuri.net
   @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
_______________________________________________________________

[i] Updating the Database ...
[i] Update completed.

pentester@mytester /cygdrive/c/test/wpscan-master
$


After that, we were able to get WPScan running on our Cygwin environment.

That's all folk! Hope that this guide will be useful to future pentesters out there.

-- DD and MY

2 comments:

Unknown said...

Thannnnnnnnnnnnnnnnk you very much for this tutorial... I've been looking for for a long time


./THANKS ^_^
./THANKS :D
./THANKS (:
./THANKS :v

Ukat Hidayat said...

can you share tutorial this with video