Comments (25)
I've not tried installing on Kali, but you could try simply removing the huffman line from the Gemfile, and except for a few scenarios/modules that use that library SecGen should otherwise work.
from secgen.
Hi DreadnaughtSec, I’ve had no problems
With a fresh install of 16.04 over the past couple of weeks so long as you sudo apt- get update / sudo apt-get upgrade and ensure 16.04 is up to date in every possible way before installing the required packages for the SecGen to run. I don’t use the provided vagrant as this now has issues instead I use version 2.2.6. Once this has installed
Run all the commands provided in the instructions. Ruby 2.5.7 October 2019 release is working for me. I would recommend running it in a VM to ensure you can revert back without damaging your bare metal machine. An OVA file with 16.04 in its configured dev state to the point
where the system is
Mature with appropriate old repos that are not available anymore or at least harder to get would be good. But when it comes to updating the dev machine again it would need a lot of maintenance. I’m currently studying at university and over the past month or so I’ve been looking at upgrading the gems in the bundle
Install to support the 18.04 LTS. I’m finishing off some of end of semester modules in the next few weeks but after this I will certainly be actively reviewing code systematically to ensure if they’re any issues there here to shared with fellow SecGen users. Let me know how you get on.
from secgen.
Please read my comment above just after @cliffe comment this way I can help you get a base reading for the system via the test. From the minimal output you provide here it also seems like bundle install error might be causing you a problem which suggests ruby is looking for the Braille.git
cd in to SecGen directory and bundle install again see if it throws any errors, do a bundle update.
If none of this works I would highly recommend if in an VM to revert back snapshot or if bare metal to back to square one “fresh install” and follow the installation steps it outlines on the main SecGen page precisely, without going off and doing any extra commands only change vagrant to version to 2.2.6 in the already stated command. Never use sudo commands unless stated in the installation as this can sometimes cause problems.
When you do the pull of the files to your Ubuntu box just use
git clone https:// SecGen link not sudo.
When updating Ubuntu only do sudo apt-update and apt-get upgrade that’s all I needed.
from secgen.
I'm having the same issues. Have you been able to fix it?
from secgen.
i have the same issue,
from secgen.
that worked like a charm, thanks
from secgen.
that worked like a charm, thanks
What kali version are you using for SecGen? Im having trouble with alot of gems when running bundle install and wonder where to find the needed installations for kali.
from secgen.
that worked like a charm, thanks
What kali version are you using for SecGen? Im having trouble with alot of gems when running bundle install and wonder where to find the needed installations for kali.
I use kali linux version 2019.1, and i use ruby version 2.6.3, and add # into 'huffman' packages line in GemFile
from secgen.
Sorry for reopening the thread, but this I think this is a problem that prevents installation in general in current Debian based distributions.
I'm trying to install it in a Ruby Docker container based in Debian Buster and it gives the same error. The PriorityQueue library dates back to 2009, so maybe it is related to backward compatibility with newer versions of Ruby.
Should in this case Huffman gem be removed from master and its dependent modules/scenarios be updated? I can take a look at it if you give me some hints.
from secgen.
The latest build still won't install on kali 2019 or 2020. You can make a good amount of progress by downgrading Ruby to 2.6.3 with gem update --system 2.6.3
but things like ruby-dev are stuck at 2.7+1 due to the repos. I'm curious as to what platform Cliffe is building this on so I can spin up a VM and get it working. I don't expect a fix from the Ruby devs any time soon.
With Ruby 2.6.3 and ruby-dev 2.7+1, you can get it to finish bundle install
by commenting out digest-whirlpool, packetfu, and huffman. But at that point, hardly any of the pre-built scenarios build.
from secgen.
@DreadnaughtSec I just set this up on Ubuntu 20.04 I did this by uninstalling ruby and then using Ruby Version Manager (RVM) https://rvm.io/ I setup a 2.6.5 environment and got bundle to complete the install minus the huffman module. It still fails.
from secgen.
@firewallzer0 Yea I went the RVM route as well. Ruby 2.6.3 had the best results, but it was only able to build out the default scenario. Everything other scenario fails to build. I've given up on using SecGen until either the Author updates it to run on a current Ruby version, or the Ruby devs fix their latest updates.
from secgen.
Thanks for sharing. FYI we are using Ubuntu 16.04 and everything is working, with minimal effort. At some stage it would be great to get dependencies sorted for other distros and versions.
from secgen.
Reopening since its still an issue affecting various distros
from secgen.
16.04 might work for an existing installation that has a thorough apt cache built up. But it you install a fresh 16.04 then check the apt policy for things like ruby-dev you can't get roll back far enough to get things working 100%. I would definitely put the blame on the Ruby devs as opposed to you. The more I look into it, there are numerous cases around certain functions not working in 2.7 and their devs basically went "ok wtvr". Several of those functions are required for SecGen to work properly.
Would it be possible to get a ova uploaded somewhere of a Ubuntu 16.04 with a base secgen clone?
from secgen.
Thompslu,
So I took another crack at it. Here are the results:
[edit: this is a fresh 16.04 install]
sudo apt-get update
sudo apt-get upgrade
sudo apt-get full-upgrade
reboot
wget https://releases.hashicorp.com/vagrant/2.2.6/vagrant_2.2.6_x86_64.deb
sudo apt-get install ./vagrant_2.2.6_x86_64.deb
sudo apt-get install ruby-dev zlib1g-dev liblzma-dev build-essential patch virtualbox ruby-bundler imagemagick libmagickwand-dev exiftool libpq-dev libcurl4-openssl-dev libxml2-dev graphviz graphviz-dev libpcap0.8-dev git
cd /opt
sudo git clone https://github.com/cliffe/SecGen
sudo mkdir -p /home/user/bin
sudo cp -r ./SecGen /home/user/bin/
cd /home/user/bin/SecGen
bundle install
sudo mkdir ./projects
sudo chmod 777 ./projects
ruby secgen.rb run
success
flawed_fortress_1 fails to build:
Running tests for unrealirc_3281_backdoor
FAILED: Port 6667 is closed at 172.16.0.5 (in_the_wild)!
Post provision tests contained failures!
Post provision tests contained failures!
/usr/lib/ruby/2.3.0/net/http.rb:882:in `rescue in block in connect': Failed to open TCP connection to 172.16.0.5:80 (No route to host - connect(2) for "172.16.0.5" port 80) (Errno::EHOSTUNREACH)
from /usr/lib/ruby/2.3.0/net/http.rb:879:in `block in connect'
from /usr/lib/ruby/2.3.0/timeout.rb:91:in `block in timeout'
from /usr/lib/ruby/2.3.0/timeout.rb:101:in `timeout'
from /usr/lib/ruby/2.3.0/net/http.rb:878:in `connect'
from /usr/lib/ruby/2.3.0/net/http.rb:863:in `do_start'
from /usr/lib/ruby/2.3.0/net/http.rb:852:in `start'
from /usr/lib/ruby/2.3.0/net/http.rb:474:in `get_response'
from /usr/lib/ruby/2.3.0/net/http.rb:456:in `get'
from /home/user/bin/SecGen/projects/SecGen20200522_112949/lib/post_provision_test.rb:62:in `test_html_returned_content'
from /home/user/bin/SecGen/projects/SecGen20200522_112949/puppet/in_the_wild/modules/moinmoin_195/secgen_test/moinmoin_195.rb:13:in `test_module'
from /home/user/bin/SecGen/projects/SecGen20200522_112949/lib/post_provision_test.rb:34:in `run'
from /home/user/bin/SecGen/projects/SecGen20200522_112949/puppet/in_the_wild/modules/moinmoin_195/secgen_test/moinmoin_195.rb:17:in `<main>'
Running tests for unrealirc
FAILED: Port 6667 is closed at 172.16.0.5 (in_the_wild)!
Post provision tests contained failures!
Running tests for samba
FAILED: Port 139 is closed at 172.16.0.5 (in_the_wild)!
Post provision tests contained failures!
from secgen.
Try adding --no-tests
Which prevents post-provisioning tests from running.
from secgen.
Does vagrant download the VM and start to provision after creation of random SecGen scenario? Could you please give me the exact command you're trying to use to start the initial scenario.
Can you test this command for me to see what output you get for this : -
ruby secgen.rb --scenario scenarios/tests/all_bases.xml run
This just gives me an idea to see if you can get base boxes running in the first instance. This just gives me a starting point to see if its configured correctly.
regards
thompslu
from secgen.
from secgen.
So I went through similar steps to @DreadnaughtSec without the full upgrade option. Starting with a fresh image of Ubuntu 16.04.6
sudo apt-get install open-vm-tools -y
sudo apt-get update
sudo apt-get upgrade -y
reboot
sudo apt-get update
sudo apt-get upgrade -y
sudo apt autoremove
wget https://releases.hashicorp.com/vagrant/2.2.6/vagrant_2.2.6_x86_64.deb
sudo apt-get install ./vagrant_2.2.6_x86_64.deb
sudo apt-get install ruby-dev zlib1g-dev liblzma-dev build-essential patch virtualbox ruby-bundler imagemagick libmagickwand-dev exiftool libpq-dev libcurl4-openssl-dev libxml2-dev graphviz graphviz-dev libpcap0.8-dev git
cd /opt
sudo git clone https://github.com/cliffe/SecGen #Sudo needed for cloning into /opt
mkdir ~/bin
cp -r ./SecGen ~/bin
cd ~/bin/SecGen
bundle install
mkdir ./projects
chmod 777 ./projects
ruby secgen.rb run
Timed out while waiting for the machine to boot. This means that
Vagrant was unable to communicate with the guest machine within
the configured ("config.vm.boot_timeout" value) time period.
If you look above, you should be able to see the error(s) that
Vagrant had when attempting to connect to the machine. These errors
are usually good hints as to what may be wrong.
If you're using a custom box, make sure that networking is properly
working and you're able to connect to the machine. It is a common
problem that networking isn't setup properly in these boxes.
Verify that authentication configurations are also setup properly,
as well.
If the box appears to be booting properly, you may want to increase
the timeout ("config.vm.boot_timeout") value.
Non-zero exit status...
Error provisioning VMs, destroying VMs and exiting SecGen.
Next I tried: ruby secgen.rb --scenario scenarios/tests/all_bases.xml run
Ran into an issue that the virtual machine had entered an invalid state "paused"
I was looking at the machine at the time through virtualbox gui and saw that 64bit virtualization was not supported. I have dealt with that error before with nested VMs.
What happened is that I had not enabled virtualization within the VM. So I shutdown the VM and enabled the setting "Virtualize Intel VT x/EPT or AMD-V/RVI" setting on the virtual machine (Using VMware Workstation 14) For Virtualbox this would be the VTx/AMD-V Acceleration setting
Then I reran the command ruby secgen.rb --scenario scenarios/tests/all_bases.xml run
Running post-provision tests...
VMs created.
Completed in 38m 14s
So I guess it's working? I have 6 VMs that were created and are still running.
Now when I run: ruby secgen.rb run
I get a VM that was spun up successfully.
from secgen.
Hi firewallzer0 Yes that’s correct , you have six (6)default state base boxes that are un-provisioned ready for which ever scenarios you choose to run, there may be a few tweaks here and their such as version specific software that you may need to sort but until you run the scenario you want you won’t know what exactly you need . Definitely like you say making sure the x64 virtualisation option is selected helps as the x64 box will not hang on vagrant.
By any chance did you follow the nullbyte tutorial for installation? Always ensure you check this official repo every so often for any updates, issues or installation instructions.
Regards
thomplsu
from secgen.
priority_queue.c:820:4: note: in expansion of macro ‘rb_funcall’
rb_funcall(Qnil, id_format, 4, rb_str_new2("NODE%i -> NODE%i;\n"),
the 3rd value was wrong, it should be 3 (change 4 ->3)
from secgen.
I had the same issue as @teminvictus while installing today on MX Linux 19.3. Removing huffman from the Gemfile did provide a workaround.
from secgen.
Here's a modified Gemfile fixing all the issues with current Debian based Ruby installations (tested with Kali Linux 2021.1 and Ubuntu 20.04). I created an override for all packages responsible for the build failing. As I'm no Ruby developer that might break a thing or two because I took the liberty to not rename the packages failing but instead forking them and modifying what was missing or broken. Not sure if this is the code of conduct with Ruby though ;).
index ff1ed012..2de89e01 100644
--- a/Gemfile
+++ b/Gemfile
@@ -23,12 +23,13 @@ gem 'process_helper'
gem 'ovirt-engine-sdk'
gem 'duplicate'
gem 'smbhash'
-gem 'digest-whirlpool'
+gem 'digest-whirlpool', :git => "https://github.com/fgosew/ruby-digest-whirlpool"
gem 'digest-siphash'
gem 'scrypt'
gem 'braille', :git => "http://github.com/nicanor/braille.git"
gem 'bases'
-gem 'huffman'
+gem 'priority_queue', :git => "https://github.com/fgosew/priority_queue"
+gem 'huffman', :git => "https://github.com/fgosew/huffman"
gem 'ruby-graphviz'
gem 'rsa'
gem 'gpgmeh'
from secgen.
Here's a modified Gemfile fixing all the issues with current Debian based Ruby installations (tested with Kali Linux 2021.1 and Ubuntu 20.04). I created an override for all packages responsible for the build failing. As I'm no Ruby developer that might break a thing or two because I took the liberty to not rename the packages failing but instead forking them and modifying what was missing or broken. Not sure if this is the code of conduct with Ruby though ;).
index ff1ed012..2de89e01 100644 --- a/Gemfile +++ b/Gemfile @@ -23,12 +23,13 @@ gem 'process_helper' gem 'ovirt-engine-sdk' gem 'duplicate' gem 'smbhash' -gem 'digest-whirlpool' +gem 'digest-whirlpool', :git => "https://github.com/fgosew/ruby-digest-whirlpool" gem 'digest-siphash' gem 'scrypt' gem 'braille', :git => "http://github.com/nicanor/braille.git" gem 'bases' -gem 'huffman' +gem 'priority_queue', :git => "https://github.com/fgosew/priority_queue" +gem 'huffman', :git => "https://github.com/fgosew/huffman" gem 'ruby-graphviz' gem 'rsa' gem 'gpgmeh'
That's great! Ideally you would also submit pull requests to upstream to work towards getting the issues resolved in the original gems. Thanks for your efforts!
from secgen.
Related Issues (20)
- General Help Questions HOT 1
- Jboss vuln should put it's flag in /home/jboss HOT 1
- Awk sudo priv escalation vuln has wrong path for awk HOT 2
- [new feature] Zip file option for everyone can read permissions
- Some lab sheets refer to root:toor, need updating to kali:kali HOT 1
- Sudo priv escalation involving sudo -l requires the user's password
- XFCE vuln should conflict with all kde bases
- Make this instruction more clear HOT 1
- Metadata for all HTTP-based modules should have the type "webapp" added HOT 1
- [Proxmox] Sometimes Firefox starts with a blank/black screen
- Scenario SSE 4: load the correct disable_aslr module
- glpi not installing required apache/php config
- Add support for Debian 12 Bookworm
- Remove mention of how modules are marked from lab sheets
- Fix scenarios not currently working on Proxmox
- Test distcc vuln in post-exploitation lab
- Metadata for nostromo needs updating
- Add Pwnspoof
- Enhancing the project to run in AWS
- gitlist in sub-directory
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from secgen.