metasploit更新后msfconsole报错You must use Bundler 2 or greater with this lockfile.
在Kali上进行metasploit的更新:
apt-get update
apt-get install -y metasploit-framework
执行msfconsole
,报错:
You must use Bundler 2 or greater with this lockfile.
看到这里后,去搜索,按网上的方法
gem update --system
gem install bundler -v 2.0.1
成功安装2.0.1版本的bundler后,可是执行msfconsole
还是同样报错,这里得找Gemfile.lock的路径
cd /usr/share/metasploit-framework/
bundler update
# 报错如下
Traceback (most recent call last):
2: from /usr/local/bin/bundler:23:in `<main>'
1: from /usr/local/lib/site_ruby/2.5.0/rubygems.rb:308:in `activate_bin_path'
/usr/local/lib/site_ruby/2.5.0/rubygems.rb:289:in `find_spec_for_exe': can't find gem bundler (>= 0.a) with executable bundler (Gem::GemNotFoundException)
0x01
最后pcat经过一番摸索,发现最主要的是:安装的bundler版本需要大于等于Gemfile.lock中要求的版本
cd /usr/share/metasploit-framework/
cat Gemfile.lock | grep -A 1 "BUNDLED"
得到bundler的版本
BUNDLED WITH
2.1.4
重新安装这个版本
gem update --system
gem install bundler -v 2.1.4
之后msfconsole就可以正常运行。
0x02
-= UPDATE 2020.05.02 =-
有好友反映按照pcat上面的方法更新后,运行msfconsole
还会报错:
/usr/lib/ruby/vendor_ruby/rubygems/defaults/operating_system.rb:10: warning: constant Gem::ConfigMap is deprecated
/usr/lib/ruby/vendor_ruby/rubygems/defaults/operating_system.rb:10: warning: constant Gem::ConfigMap is deprecated
Could not find json-2.3.0 in any of the sources
Run `bundle install` to install missing gems.
pcat经过测试后发现gem的版本最近更新得很高,为3.1.2,而且还带来很多warning。
# 例如
NOTE: Gem::Specification#rubyforge_project= is deprecated with no replacement. It will be removed on or after 2019-12-01.
经搜索github上有一个做法是:
gem update --system 3.0.6
这是不可取的,这是把gem的版本降低,虽然降了后可以运行msfconsole
,但是bundler、wpscan等运行也会报错。
经多番测试,发现只有把gem更新到3.2.0才可以,直接更新是不行的,必须源码安装:
# 源码安装gem 3.2.0
git clone https://github.com/rubygems/rubygems
cd rubygems
ruby setup.rb
# 再进行修复
apt install ruby-dev -y
apt install libpq-dev libpcap-dev libsqlite3-dev -y
cd /usr/share/metasploit-framework/
sed -i 's#https://rubygems.org#https://gems.ruby-china.com#' Gemfile
bundler install --no-deployment
gem install json -v '2.3.0'
这样msfconsole
就可以使用了。
不过ruby新版有不少warning:
/usr/lib/ruby/vendor_ruby/rubygems/defaults/operating_system.rb:10: warning: constant Gem::ConfigMap is deprecated
/usr/lib/ruby/vendor_ruby/rubygems/defaults/operating_system.rb:29: warning: constant Gem::ConfigMap is deprecated
/usr/lib/ruby/vendor_ruby/rubygems/defaults/operating_system.rb:30: warning: constant Gem::ConfigMap is deprecated
# 解决方法
sed -i "s#Gem::ConfigMap\[:arch\]#RbConfig::CONFIG\['arch'\]#g;s#Gem::ConfigMap\[:ruby_version\]#RbConfig::CONFIG\['ruby_version'\]#g" /usr/lib/ruby/vendor_ruby/rubygems/defaults/operating_system.rb
/usr/share/rubygems-integration/all/gems/mime-types-3.2.2/lib/mime/types/logger.rb:30: warning: `_1' is reserved for numbered parameter; consider another name
/usr/share/rubygems-integration/all/gems/mime-types-3.2.2/lib/mime/types/logger.rb:30: warning: `_2' is reserved for numbered parameter; consider another name
/usr/share/rubygems-integration/all/gems/mime-types-3.2.2/lib/mime/types/logger.rb:30: warning: `_3' is reserved for numbered parameter; consider another name
# 暂时没好的解决方法
# 如果不想显示warning
export RUBYOPT='-W0'
rubygems最近修改得不少,要想等到一个相对稳定的版本,还需要一段时间。