Uniscan:可加载库和 perl 二进制文件不匹配 [英] Uniscan: loadable library and perl binaries are mismatched
问题描述
Uniscan 是一种用于扫描网站的工具,它包含在 kali linux 和其他渗透测试发行版中.我曾经每周使用它来测试我的应用程序,但在对我的 linux 工具进行了一些更新后,现在运行它时出现以下错误:
Uniscan is a tool for scanning websites which comes in kali linux and other pen tests distros. I used to use it weekly to test my applications but after some updates of my linux tools it is now giving the following error when I run it:
xs/Moose.c: 可加载库和 perl 二进制文件不匹配(得到握手密钥 0xdb00080,需要 0xdb80080)
xs/Moose.c: loadable library and perl binaries are mismatched (got handshake key 0xdb00080, needed 0xdb80080)
我当前的 perl 版本是 5.24.0.我在某处读到如果我降级 perl 版本可以绕过这个问题,但我没有找到它应该降级到哪个版本,我还尝试了我的包管理器缓存中可用的所有版本,没有工作,它实际上改变了 .c 得到握手不匹配的文件.我还尝试将 Uniscan 更新到最新版本 (6.3.1),但也没有.
My current perl version is 5.24.0. I read somewhere that this problem can be bypassed if I downgrade perl version but I didn't found to which version it should be downgraded, I also tried all versions that are available at my package manager cache, none worked, it actually changed the .c file that got the handshake mismatch. I also tried updating Uniscan to the most recent version (6.3.1), also nothing.
无论如何,有谁知道如何解决这个问题?提前致谢.
Anyway, does anyone know how to solve this? Thanks in advance.
推荐答案
此错误消息来自 perl 解释器的 Perl_xs_handshake 函数.来自评论:
This error message is coming from the perl interpreter's Perl_xs_handshake function. From a comment:
实现各种 XS_*_BOOTCHECK 宏,它们被添加到 .c由 ExtUtils::ParseXS 生成的文件,以检查模块是否已构建with 与正在运行的 perl 二进制兼容.
implement the various XS_*_BOOTCHECK macros, which are added to .c files by ExtUtils::ParseXS, to check that the perl the module was built with is binary compatible with the running perl.
简而言之,这意味着 Moose perl 模块是针对不兼容版本的 perl 解释器构建的(即降级 perl 是一种可能的选择,但这有其自己的一套问题).
In short, this means that the Moose perl module is built against an incompatible version of the perl interpreter (i.e. downgrading perl is a possible option, but this has its own set of issues).
Moose 是一个面向对象的 perl 扩展框架.一些发行版预先构建它并将其作为单独的包包含在发行版中是很常见的(例如,在 fedora 下,有一个 perl-Moose fedora 包).
Moose is an object oriented extension framework for perl. It's common enough that some distros pre-build it and include it in the distro as a separate package (e.g. Under fedora, there is a perl-Moose fedora package).
但是,Moose 也可以作为 CPAN 包使用.
But, Moose is also available as a CPAN package.
因此,如果您的发行版 (kali) 设置正确,那么事情应该自己处理(他们没有).也就是说,如果kali升级了perl,他们应该重建各种perl模块包(Moose就是其中之一).
So, if your distro (kali) was set up correctly, things should take care of themselves (which they didn't). That is, if kali upgraded perl, they should have rebuilt the various perl module packages (Moose being one of them).
或者... Moose 从未从发行版安装,而是从CPAN安装(例如作为其他东西的一部分).
Or ... Moose was never installed from the distro, but was installed from CPAN (e.g. as part of something else).
另一种方法是调用 cpan 并下载、重建、并从那里安装 Moose 包.
Another way to go is to invoke cpan and download, rebuild, and install the Moose package from there.
要查找的一件事是找到当前 Moose 的安装位置(例如 /usr/lib64/... 或 /usr/local/lib64/... 等)通过执行 perldoc -lm Moose.这可能有助于配置 cpan 以安装目录.
One thing to look for is to find the place where the current Moose is installed (e.g. /usr/lib64/... or /usr/local/lib64/..., etc.) by doing perldoc -lm Moose. This may help with configuring cpan as to install directories.
更新:
我不知道如何使用 cpan 单独重建 Moose,我尝试了cpan Moose"(使用 -c、-m,也尝试使用 -g 下载和安装,没有成功)所以我运行了一个 cpan-u 更新所有已安装的模块.之后问题依旧.
I couldn't find out how to use cpan to rebuild Moose alone, I tried "cpan Moose" (with -c, -m, also tried to download and install using -g, none worked) so I ran a cpan -u to update all installed modules. After that the problem persists.
有两种类型的包:distro 包(例如 kali 包)和 CPAN 包.如果从 发行版 安装了给定的 perl 模块,cpan 不太可能尝试更新它.我们需要做的是让cpan安装它(来自CPAN).
There are two types of packages: distro packages (e.g. kali packages) and CPAN packages. If a given perl module has been installed from the distro, it is unlikely that cpan will try to update it. What we'll need to do is to get cpan to install it (from CPAN).
当我使用cpan时,我通常会使用/full_path_to/perl -MCPAN -e shell.我使用完整路径的原因是我安装了多个不同的 perl 版本.有关为什么我拥有这些 [并且必须 拥有它们] 的背景,请参阅我的回答 https://serverfault.com/questions/741186/cpan-is-using-old-perl-version-to-install-modules/741216#741216
When I use cpan, I usually do /full_path_to/perl -MCPAN -e shell. The reason I use a full path is that I have multiple different perl versions installed. For background as to why I have these [and had to have them], see my answer https://serverfault.com/questions/741186/cpan-is-using-old-perl-version-to-install-modules/741216#741216
之后,在提示符下,我通常会执行类似install Moose 的操作.它将寻找包依赖项,我通常对所有都说是.
After that, at the prompt, I usually do something like install Moose. It will look for package dependencies and I usually say yes to all.
cpan 允许几种不同的安装模式".值得注意的是,在系统范围内安装(即您是 sudo 用户)或安装到 $HOME 目录下的子目录.这允许非 root 用户安装 CPAN 模块,即使本地系统管理员不允许安装到 /usr/lib64/...
cpan allows a few different install "modes". Notably, installing system-wide (i.e. you are a sudo user) or installing to a subdirectory under your $HOME directory. This allows a non-root user to install a CPAN module even if the local sysadmin won't allow the install to /usr/lib64/...
查看$HOME/.cpan 特别感兴趣的是$HOME/.cpan/CPAN/MyConfig.pm.在该文本文件中,查找安装相关信息:'make_install_make_command' =>q[sudo/usr/bin/make].它可能有也可能没有 sudo .还有一些其他类似的选项(mbuild_install_build_command).如果他们没有 sudo,您可以手动编辑文件.
Look in $HOME/.cpan Of particular interest is $HOME/.cpan/CPAN/MyConfig.pm. In that text file, look for the install related information: 'make_install_make_command' => q[sudo /usr/bin/make]. It may or may not have the sudo on it. There are a few other similar options in there (mbuild_install_build_command). If they don't have sudo on them, you can hand edit the file.
我们稍后会回到这个话题.但是,首先要做的是在 strace 下运行 uniscan.无论事物如何配置、版本化等,这都将记录正在发生的事情.这是一个脚本,其中包含我为 strace 推荐的选项:
We'll get back to this in a bit. But, the first thing to do is to run uniscan under strace. No matter how things are configured, versioned, etc. this will record what is going on. Here's a script with the options I'd recommend for strace:
strace -ttt -i -f -ff -etrace=all -o /anyplace/log/whatever.spysys \
-eread=0,1,2,3,4,5,6,7,8,9,10 -ewrite=0,1,2,3,4,5,6,7,8,9,10 \
-eread=11,12,13,14,15,16,17,18,19,20,21 \
-ewrite=11,12,13,14,15,16,17,18,19,20,21 \
-eread=22,23,24,25,26,27,28,29,30,31,32 \
-ewrite=22,23,24,25,26,27,28,29,30,31,32 \
-eread=33,34,35,36,37,38,39,40,41,42,43 \
-ewrite=33,34,35,36,37,38,39,40,41,42,43 \
-eread=44,45,46,47,48,49,50,51,52,53,54 \
-ewrite=44,45,46,47,48,49,50,51,52,53,54 \
-eread=55,56,57,58,59,60,61,62,63,64,65 \
-ewrite=55,56,57,58,59,60,61,62,63,64,65 \
-eread=66,67,68,69,70,71,72,73,74,75,76 \
-ewrite=66,67,68,69,70,71,72,73,74,75,76 \
-eread=77,78,79,80,81,82,83,84,85,86,87 \
-ewrite=77,78,79,80,81,82,83,84,85,86,87 \
-eread=88,89,90,91,92,93,94,95,96,97,98 \
-ewrite=88,89,90,91,92,93,94,95,96,97,98 -eread=99 -ewrite=99 -x \
/usr/bin/whatever
将 /anyplace/... 替换为适合您系统的内容.将 /usr/bin/whatever 替换为失败的 uniscan 命令.如果您通常以 root 身份运行 uniscan,您可以在 strace 前加上 sudo
Replace the /anyplace/... with something suitable for your system. Replace /usr/bin/whatever with the uniscan command that is failing. If you normally run uniscan as root, you can prefix strace with sudo
请注意,这些 strace 选项会生成 lot 的输出,但它们不会遗漏任何有价值的东西.最终,uniscan 命令将中止 [正如您已经遇到的那样],但是现在,strace 输出将有原因.
Note that these options to strace generate a lot of output but they don't leave anything of value out. Eventually, the uniscan command will abort [as you've already been experiencing], but, now, the strace output will have the reason why.
具体来说,通过筛选日志输出,您可以找到失败的 Moose.so 的确切完整路径.也就是说,perl 将打开一个与 Moose 相关的文件(成功),然后很快将失败消息输出到 stderr.moose 文件可能在 /usr/lib64/... 或者它可能在一些完全陌生的地方,比如 /usr/local/lib64/... 或者,甚至陌生人,/usr/lib64/uniscan/lib/Moose/....但是,这现在告诉我们在哪里我们想要重建和安装 moose.
Specifically, by sifting through the log output, you can find the exact full path of the failing Moose.so. That is, perl will open a Moose related file (successfully) and soon thereafter output the failure message to stderr. The moose file might be in /usr/lib64/... or it might be in some totally strange place like /usr/local/lib64/... or, even stranger, /usr/lib64/uniscan/lib/Moose/.... But, this now tells us where we want to rebuild and install moose to.
注意:您可能已经注意到,我的原始答案在语法方面[迂腐地]进行了编辑,但是,实质上是为了取代我对使用find的建议[我没有不赞成].
Note: As you may have noticed, my original answer got edited [pedantically] for grammar, but, materially to replace my recommendation for using find [which I didn't approve of].
无论如何,要匹配 cpan 和 strace 的东西.当您使用 cpan 时,它可能运行在安装到 $HOME/..."模式下,IIRC 是默认模式.因此,如果是这种情况(即检查 MyConfig.pm),您可能会在您的主目录下而不是所需的系统范围目录下找到更新的包.因此,为了帮助验证这一点,请执行 find $HOME -name '*Moose*' 并查看结果.
Anyway, to match up the cpan and strace stuff. When you used cpan, it may have run in the "install to $HOME/..." mode, which, IIRC is the default. So, if that were the case (i.e. check MyConfig.pm), you may find the updated packages under your home directory rather than the desired system-wide directories. So, to help verify this, do find $HOME -name '*Moose*' and see what comes up.
因此,根据 strace 文件名,文件上的时间戳应该与您执行 cpan 命令的时间相匹配.但是,我打赌他们不会.
So, based on the strace filenames, the timestamps on the files should match up with the time that you did your cpan commands. But, I'm betting they won't.
在$HOME/.cpan 下有一个子目录$HOME/.cpan/build.这是 cpan 命令下载和存储包文件的地方.它还在那里构建包.如果您对 cpan 的调用涉及到 Moose,那么那里应该有一些 *Moose* 文件和目录.
Under $HOME/.cpan there is a subdirectory $HOME/.cpan/build. This is where the cpan command downloads and stores the package files. It also builds the packages there. If your invocation of cpan touched on Moose, there should be some *Moose* files and directories there.
每当我遇到坏"包 IIRC 时,我都会将它从 $HOME/.cpan/build(以及一些依赖包)中删除,然后执行 install 再次.东西会被重新下载、重建和重新安装.
Whenever I've had a "bad" package, IIRC, I just removed it from $HOME/.cpan/build (and some of the dependent packages) and then did install again. Things get redownloaded, rebuilt, and reinstalled.
从 strace 我们现在知道使用了哪个 perl 解释器(可能是 /usr/bin/perl),它在那里得到了驼鹿文件来自.moose 文件应位于 @INC 目录之一下.如果是这样,很好.如果没有,这意味着 uniscan 的包装器"脚本正在为 Moose 设置非标准路径,这就是执行 strace 的原因:确认与否.
From the strace we now know which perl interpreter was used (probably /usr/bin/perl), where it got the moose file from. The moose file should be under one of the @INC directories. If so, fine. If not, this means that the "wrapper" script for uniscan is setting up a non-standard path for Moose, which is the reason to do the strace: to confirm this or not.
然后,根据需要修复 MyConfig.pm.如果缺少 sudo,那可能就是您所需要的.然后,只需执行安装 Moose.
Then, fix the MyConfig.pm if needed. If it was missing sudo, that may be all you need. Then, just do install Moose.
如果需要,您可以先删除 $HOME/.cpan/build.
You could remove $HOME/.cpan/build first if you wanted.
这篇关于Uniscan:可加载库和 perl 二进制文件不匹配的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
