Build instructions for Meterpreter on Ubuntu 14.04 LTS
todb-r7 opened this issue · 16 comments
When I build meterpreter on Ubuntu 14.04, I appear to succeed, but I am unable to get a session with the results.
My procedure:
makecp -r data/meterpreter/* ../metasploit-framework/data/meterpretercd ../metasploit-framework./msfconsole -Lqr /home/todb/.msf4/scripts/resource/linux-meterpreter.rc(source here)
With the most recent checkin, this all works great. With a build I try to make myself though, meterpreter.bin segfaults.
The target is metasploitable, which is a semi-jacked up version of Ubuntu 8.
My build machine is Ubuntu 14.04 LTS
I have my entire build log here.
I know that @jvazquez-r7 can build successfully, too, so it's not just @bcook-r7 magic.
I've had very similar issues building on Ubuntu in the past (12 and 13). I gave up in the end and built things on my Fedora 19 box, where I had way more success.
How to compile Linux meterpreter on Ubuntu 12.04 / 13.10 / 14.04 (32 bits).
- Install dependencies:
sudo apt-get install build-essential jam wget flex bison binutils-gold
- Check which the gold linker is being used:
$ ls -la /usr/bin/ld
lrwxrwxrwx 1 root root 20 Jun 27 10:03 /usr/bin/ld -> /usr/bin/ld.gold
- Otherwise, configure update-alternatives:
sudo update-alternatives --install "/usr/bin/ld" "ld" "/usr/bin/ld.gold" 20
sudo update-alternatives --install "/usr/bin/ld" "ld" "/usr/bin/ld.bfd" 10
- And choose the gold version with
update-alternatives --config ld:
$ sudo update-alternatives --config ld
There are 2 choices for the alternative ld (providing /usr/bin/ld).
Selection Path Priority Status
------------------------------------------------------------
* 0 /usr/bin/ld.gold 20 auto mode
1 /usr/bin/ld.bfd 10 manual mode
2 /usr/bin/ld.gold 20 manual mode
- If you had to configure
update-alternatives, check/usr/bin/ldagain:
$ ls -la /usr/bin/ld
lrwxrwxrwx 1 root root 20 Jun 27 10:03 /usr/bin/ld -> /etc/alternatives/ld
$ ls -la /etc/alternatives/ld
lrwxrwxrwx 1 root root 16 Jun 27 10:03 /etc/alternatives/ld -> /usr/bin/ld.gold
- Compile:
make
- The resulting objects should placed in
data/meterpreter:
$ ls data/meterpreter/
ext_server_networkpug.lso ext_server_sniffer.lso ext_server_stdapi.lso msflinker_linux_x86.bin
How to compile Linux meterpreter on Fedora 20 (32 bits)
- Install dependencies:
yum install make automake gcc gcc-c++ kernel-devel jam wget flex bison patch
- The default bfd linker on Fedora 20 has been used successfully, so there is
no need to switch to the gold linker. - Compile:
make
- The resulting objects should be placed in
data/meterpreter:
# ls data/meterpreter/
ext_server_networkpug.lso ext_server_sniffer.lso ext_server_stdapi.lso msflinker_linux_x86.bin
Hope it helps :)
ping @todb-r7 ^^^^
ooo thanks @jvazquez-r7 I'll give it a shot!
Must be 32-bit?
I suspect this will be a matter of working from this list, bottom up, and turning off things until it works again: https://wiki.ubuntu.com/ToolChain/CompilerFlags
Personally, I built the last bins in an ubuntu 10.04 chroot using debootstrap.
That's an interesting thing you bring up @jvazquez-r7 about the gold linker. Time to do some experimentation!
@bcook-r7 , yup on moderns ubuntu the bfd linker doesn't work as "expected" I say expected between quotes because meterpreter is linking in a non "expected" way. You need exported entries to be there (so the meterpreter loader can load the object), but it isn't a shared library! (just reminding from the time I looked into that).
Nice to know. I did some experimentation modifying ld.bfd's default linker script in ubuntu 14.04, to try changing its behavior. I didn't get it to work exactly, but managed to crash it a few times :)
/usr/bin/ld: internal error ../../ld/ldlang.c 5245
Results:
On Ubuntu 14.04:
Note, selecting 'binutils' instead of 'binutils-gold'
So that doesn't seem to make a lot of difference. For fun I apt-get removed binutils and tried again, same deal.
todb@mazikeen:~$ ls -la /usr/bin/ld
lrwxrwxrwx 1 root root 6 Apr 15 2014 /usr/bin/ld -> ld.bfd
Using the update-alternatives business seems to do the trick:
[ruby-2.1.5]
todb@mazikeen:~$ ls -la /usr/bin/ld
lrwxrwxrwx 1 root root 20 Jan 9 15:17 /usr/bin/ld -> /etc/alternatives/ld
[ruby-2.1.5]
todb@mazikeen:~$ ls -la /etc/alternatives/ld
lrwxrwxrwx 1 root root 16 Jan 9 15:17 /etc/alternatives/ld -> /usr/bin/ld.gold
So, trying make, oh no!
cc -Wl,-script=script -Wl,--hash-style=sysv -I/home/todb/git/rapid7/meterpreter/hack -I ../../bionic/libc/include -I ../../bionic/libc/kernel/common/linux/ -I ../../bionic/libc/kernel/common/ -I ../../bionic/libc/arch-x86/include/ -I ../../bionic/libc/kernel/arch-x86/ -I../../source/server/elf/headers -I../../bionic/libc/private -fPIC -DPIC -nostdinc -nostdlib -Dwchar_t="char" -fno-builtin -D_SIZE_T_DECLARED -DElf_Size="u_int32_t" -DANDROID_X86_LINKER -DMETSRV_RTLD -D_BYTE_ORDER=_LITTLE_ENDIAN -march=i386 -m32 -o msflinker msflinker.o basic_libc.o syscall.o linker_format.o dlfcn.o zlib.o metsrv_rtld.o -lgcc
([ "" != "true" ] && strip msflinker) || true
cc -march=i386 -m32 -o elf2bin elf2bin.c
In file included from /usr/include/bits/errno.h:24:0,
from /usr/include/errno.h:35,
from elf2bin.c:4:
/usr/include/linux/errno.h:1:23: fatal error: asm/errno.h: No such file or directory
#include <asm/errno.h>
^
compilation terminated.
make[1]: *** [msflinker.bin] Error 1
make[1]: Leaving directory `/home/todb/git/rapid7/meterpreter/source/server/rtld'
make: *** [source/server/rtld/msflinker.bin] Error 2
Looks like the Makefile already specifies -m32 so that's not it.
Hmm, tried this: sudo apt-get install libc6-dev-i386 and got past that error. Not sure how I lost that.
Welp, better -- meterpreter.bin doesn't segfault anymore, but it does exit(1). Hrmph.
I'll give it a shot on an older Ubuntu VM. If we're stuck on a distro, I'm okay with that as long as it's possible, but it does need to be documented.
Yeah, I'll send a PR when I'm done with other cleanups. The global linker redirect doesn't seem to work, but specifying directly to GCC does. I'll need to check if that keeps things working on Fedora.
Nice work Buster. I'm happy to verify changes on Fedora a well.