Uniscan:可加载库和 perl 二进制文件不匹配 [英] Uniscan: loadable library and perl binaries are mismatched
问题描述
Uniscan 是一种用于扫描网站的工具,它包含在 kali linux 和其他渗透测试发行版中.我曾经每周使用它来测试我的应用程序,但在对我的 linux 工具进行了一些更新后,现在运行它时出现以下错误:
Uniscan is a tool for scanning websites which comes in kali linux and other pen tests distros. I used to use it weekly to test my applications but after some updates of my linux tools it is now giving the following error when I run it:
xs/Moose.c: 可加载库和 perl 二进制文件不匹配(得到握手密钥 0xdb00080,需要 0xdb80080)
xs/Moose.c: loadable library and perl binaries are mismatched (got handshake key 0xdb00080, needed 0xdb80080)
我当前的 perl 版本是 5.24.0
.我在某处读到如果我降级 perl 版本可以绕过这个问题,但我没有找到它应该降级到哪个版本,我还尝试了我的包管理器缓存中可用的所有版本,没有工作,它实际上改变了 .c
得到握手不匹配的文件.我还尝试将 Uniscan 更新到最新版本 (6.3.1),但也没有.
My current perl version is 5.24.0
. I read somewhere that this problem can be bypassed if I downgrade perl version but I didn't found to which version it should be downgraded, I also tried all versions that are available at my package manager cache, none worked, it actually changed the .c
file that got the handshake mismatch. I also tried updating Uniscan to the most recent version (6.3.1), also nothing.
无论如何,有谁知道如何解决这个问题?提前致谢.
Anyway, does anyone know how to solve this? Thanks in advance.
推荐答案
此错误消息来自 perl 解释器的 Perl_xs_handshake
函数.来自评论:
This error message is coming from the perl interpreter's Perl_xs_handshake
function. From a comment:
实现各种 XS_*_BOOTCHECK 宏,它们被添加到 .c由 ExtUtils::ParseXS 生成的文件,以检查模块是否已构建with 与正在运行的 perl 二进制兼容.
implement the various XS_*_BOOTCHECK macros, which are added to .c files by ExtUtils::ParseXS, to check that the perl the module was built with is binary compatible with the running perl.
简而言之,这意味着 Moose
perl 模块是针对不兼容版本的 perl 解释器构建的(即降级 perl
是一种可能的选择,但这有其自己的一套问题).
In short, this means that the Moose
perl module is built against an incompatible version of the perl interpreter (i.e. downgrading perl
is a possible option, but this has its own set of issues).
Moose
是一个面向对象的 perl 扩展框架.一些发行版预先构建它并将其作为单独的包包含在发行版中是很常见的(例如,在 fedora 下,有一个 perl-Moose
fedora 包).
Moose
is an object oriented extension framework for perl. It's common enough that some distros pre-build it and include it in the distro as a separate package (e.g. Under fedora, there is a perl-Moose
fedora package).
但是,Moose
也可以作为 CPAN
包使用.
But, Moose
is also available as a CPAN
package.
因此,如果您的发行版 (kali) 设置正确,那么事情应该自己处理(他们没有).也就是说,如果kali升级了perl
,他们应该重建各种perl模块包(Moose
就是其中之一).
So, if your distro (kali) was set up correctly, things should take care of themselves (which they didn't). That is, if kali upgraded perl
, they should have rebuilt the various perl module packages (Moose
being one of them).
或者... Moose
从未从发行版安装,而是从CPAN
安装(例如作为其他东西的一部分).
Or ... Moose
was never installed from the distro, but was installed from CPAN
(e.g. as part of something else).
另一种方法是调用 cpan
并下载、重建、并从那里安装 Moose
包.
Another way to go is to invoke cpan
and download, rebuild, and install the Moose
package from there.
要查找的一件事是找到当前 Moose
的安装位置(例如 /usr/lib64/...
或 /usr/local/lib64/...
等)通过执行 perldoc -lm Moose
.这可能有助于配置 cpan
以安装目录.
One thing to look for is to find the place where the current Moose
is installed (e.g. /usr/lib64/...
or /usr/local/lib64/...
, etc.) by doing perldoc -lm Moose
. This may help with configuring cpan
as to install directories.
更新:
我不知道如何使用 cpan 单独重建 Moose,我尝试了cpan Moose"(使用 -c、-m,也尝试使用 -g 下载和安装,没有成功)所以我运行了一个 cpan-u 更新所有已安装的模块.之后问题依旧.
I couldn't find out how to use cpan to rebuild Moose alone, I tried "cpan Moose" (with -c, -m, also tried to download and install using -g, none worked) so I ran a cpan -u to update all installed modules. After that the problem persists.
有两种类型的包:distro 包(例如 kali 包)和 CPAN
包.如果从 发行版 安装了给定的 perl 模块,cpan
不太可能尝试更新它.我们需要做的是让cpan
安装它(来自CPAN
).
There are two types of packages: distro packages (e.g. kali packages) and CPAN
packages. If a given perl module has been installed from the distro, it is unlikely that cpan
will try to update it. What we'll need to do is to get cpan
to install it (from CPAN
).
当我使用cpan
时,我通常会使用/full_path_to/perl -MCPAN -e shell
.我使用完整路径的原因是我安装了多个不同的 perl 版本.有关为什么我拥有这些 [并且必须 拥有它们] 的背景,请参阅我的回答 https://serverfault.com/questions/741186/cpan-is-using-old-perl-version-to-install-modules/741216#741216
When I use cpan
, I usually do /full_path_to/perl -MCPAN -e shell
. The reason I use a full path is that I have multiple different perl versions installed. For background as to why I have these [and had to have them], see my answer https://serverfault.com/questions/741186/cpan-is-using-old-perl-version-to-install-modules/741216#741216
之后,在提示符下,我通常会执行类似install Moose
的操作.它将寻找包依赖项,我通常对所有都说是.
After that, at the prompt, I usually do something like install Moose
. It will look for package dependencies and I usually say yes to all.
cpan
允许几种不同的安装模式".值得注意的是,在系统范围内安装(即您是 sudo
用户)或安装到 $HOME 目录下的子目录.这允许非 root 用户安装 CPAN 模块,即使本地系统管理员不允许安装到 /usr/lib64/...
cpan
allows a few different install "modes". Notably, installing system-wide (i.e. you are a sudo
user) or installing to a subdirectory under your $HOME directory. This allows a non-root user to install a CPAN module even if the local sysadmin won't allow the install to /usr/lib64/...
查看$HOME/.cpan
特别感兴趣的是$HOME/.cpan/CPAN/MyConfig.pm
.在该文本文件中,查找安装相关信息:'make_install_make_command' =>q[sudo/usr/bin/make]
.它可能有也可能没有 sudo
.还有一些其他类似的选项(mbuild_install_build_command
).如果他们没有 sudo
,您可以手动编辑文件.
Look in $HOME/.cpan
Of particular interest is $HOME/.cpan/CPAN/MyConfig.pm
. In that text file, look for the install related information: 'make_install_make_command' => q[sudo /usr/bin/make]
. It may or may not have the sudo
on it. There are a few other similar options in there (mbuild_install_build_command
). If they don't have sudo
on them, you can hand edit the file.
我们稍后会回到这个话题.但是,首先要做的是在 strace
下运行 uniscan
.无论事物如何配置、版本化等,这都将记录正在发生的事情.这是一个脚本,其中包含我为 strace
推荐的选项:
We'll get back to this in a bit. But, the first thing to do is to run uniscan
under strace
. No matter how things are configured, versioned, etc. this will record what is going on. Here's a script with the options I'd recommend for strace
:
strace -ttt -i -f -ff -etrace=all -o /anyplace/log/whatever.spysys \
-eread=0,1,2,3,4,5,6,7,8,9,10 -ewrite=0,1,2,3,4,5,6,7,8,9,10 \
-eread=11,12,13,14,15,16,17,18,19,20,21 \
-ewrite=11,12,13,14,15,16,17,18,19,20,21 \
-eread=22,23,24,25,26,27,28,29,30,31,32 \
-ewrite=22,23,24,25,26,27,28,29,30,31,32 \
-eread=33,34,35,36,37,38,39,40,41,42,43 \
-ewrite=33,34,35,36,37,38,39,40,41,42,43 \
-eread=44,45,46,47,48,49,50,51,52,53,54 \
-ewrite=44,45,46,47,48,49,50,51,52,53,54 \
-eread=55,56,57,58,59,60,61,62,63,64,65 \
-ewrite=55,56,57,58,59,60,61,62,63,64,65 \
-eread=66,67,68,69,70,71,72,73,74,75,76 \
-ewrite=66,67,68,69,70,71,72,73,74,75,76 \
-eread=77,78,79,80,81,82,83,84,85,86,87 \
-ewrite=77,78,79,80,81,82,83,84,85,86,87 \
-eread=88,89,90,91,92,93,94,95,96,97,98 \
-ewrite=88,89,90,91,92,93,94,95,96,97,98 -eread=99 -ewrite=99 -x \
/usr/bin/whatever
将 /anyplace/...
替换为适合您系统的内容.将 /usr/bin/whatever
替换为失败的 uniscan
命令.如果您通常以 root 身份运行 uniscan
,您可以在 strace
前加上 sudo
Replace the /anyplace/...
with something suitable for your system. Replace /usr/bin/whatever
with the uniscan
command that is failing. If you normally run uniscan
as root, you can prefix strace
with sudo
请注意,这些 strace
选项会生成 lot 的输出,但它们不会遗漏任何有价值的东西.最终,uniscan
命令将中止 [正如您已经遇到的那样],但是现在,strace
输出将有原因.
Note that these options to strace
generate a lot of output but they don't leave anything of value out. Eventually, the uniscan
command will abort [as you've already been experiencing], but, now, the strace
output will have the reason why.
具体来说,通过筛选日志输出,您可以找到失败的 Moose.so
的确切完整路径.也就是说,perl
将打开一个与 Moose 相关的文件(成功),然后很快将失败消息输出到 stderr.moose 文件可能在 /usr/lib64/...
或者它可能在一些完全陌生的地方,比如 /usr/local/lib64/...
或者,甚至陌生人,/usr/lib64/uniscan/lib/Moose/...
.但是,这现在告诉我们在哪里我们想要重建和安装 moose.
Specifically, by sifting through the log output, you can find the exact full path of the failing Moose.so
. That is, perl
will open a Moose related file (successfully) and soon thereafter output the failure message to stderr. The moose file might be in /usr/lib64/...
or it might be in some totally strange place like /usr/local/lib64/...
or, even stranger, /usr/lib64/uniscan/lib/Moose/...
. But, this now tells us where we want to rebuild and install moose to.
注意:您可能已经注意到,我的原始答案在语法方面[迂腐地]进行了编辑,但是,实质上是为了取代我对使用find
的建议[我没有不赞成].
Note: As you may have noticed, my original answer got edited [pedantically] for grammar, but, materially to replace my recommendation for using find
[which I didn't approve of].
无论如何,要匹配 cpan
和 strace
的东西.当您使用 cpan
时,它可能运行在安装到 $HOME/...
"模式下,IIRC 是默认模式.因此,如果是这种情况(即检查 MyConfig.pm
),您可能会在您的主目录下而不是所需的系统范围目录下找到更新的包.因此,为了帮助验证这一点,请执行 find $HOME -name '*Moose*'
并查看结果.
Anyway, to match up the cpan
and strace
stuff. When you used cpan
, it may have run in the "install to $HOME/...
" mode, which, IIRC is the default. So, if that were the case (i.e. check MyConfig.pm
), you may find the updated packages under your home directory rather than the desired system-wide directories. So, to help verify this, do find $HOME -name '*Moose*'
and see what comes up.
因此,根据 strace
文件名,文件上的时间戳应该与您执行 cpan
命令的时间相匹配.但是,我打赌他们不会.
So, based on the strace
filenames, the timestamps on the files should match up with the time that you did your cpan
commands. But, I'm betting they won't.
在$HOME/.cpan
下有一个子目录$HOME/.cpan/build
.这是 cpan
命令下载和存储包文件的地方.它还在那里构建包.如果您对 cpan
的调用涉及到 Moose,那么那里应该有一些 *Moose*
文件和目录.
Under $HOME/.cpan
there is a subdirectory $HOME/.cpan/build
. This is where the cpan
command downloads and stores the package files. It also builds the packages there. If your invocation of cpan
touched on Moose, there should be some *Moose*
files and directories there.
每当我遇到坏"包 IIRC 时,我都会将它从 $HOME/.cpan/build
(以及一些依赖包)中删除,然后执行 install
再次.东西会被重新下载、重建和重新安装.
Whenever I've had a "bad" package, IIRC, I just removed it from $HOME/.cpan/build
(and some of the dependent packages) and then did install
again. Things get redownloaded, rebuilt, and reinstalled.
从 strace
我们现在知道使用了哪个 perl 解释器(可能是 /usr/bin/perl
),它在那里得到了驼鹿文件来自.moose 文件应位于 @INC
目录之一下.如果是这样,很好.如果没有,这意味着 uniscan
的包装器"脚本正在为 Moose 设置非标准路径,这就是执行 strace 的原因:确认与否.
From the strace
we now know which perl interpreter was used (probably /usr/bin/perl
), where it got the moose file from. The moose file should be under one of the @INC
directories. If so, fine. If not, this means that the "wrapper" script for uniscan
is setting up a non-standard path for Moose, which is the reason to do the strace: to confirm this or not.
然后,根据需要修复 MyConfig.pm
.如果缺少 sudo
,那可能就是您所需要的.然后,只需执行安装 Moose
.
Then, fix the MyConfig.pm
if needed. If it was missing sudo
, that may be all you need. Then, just do install Moose
.
如果需要,您可以先删除 $HOME/.cpan/build
.
You could remove $HOME/.cpan/build
first if you wanted.
这篇关于Uniscan:可加载库和 perl 二进制文件不匹配的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!