meterpreter now compiles on 64-bit linux in a 32-bit chroot. still need payload handlers and some stdapi love to make it useable

git-svn-id: file:///home/svn/framework3/trunk@9468 4d416f70-5f16-0410-b530-b9f4589650da

external/source/meterpreter/source/common/arch/posix/scheduler.c

@@ -1,5 +1,5 @@
 #include "queue.h"
-#include "common.h"
+#include "common.h"
 #include <poll.h>
 
 typedef struct _WaitableEntry
@@ -15,6 +15,16 @@ int ntableentries = 0;
 struct pollfd *polltable;
 LIST_HEAD(_WaitableEntryHead, _WaitableEntry) WEHead;
 					      
+DWORD scheduler_destroy( VOID ) 
+{
+	return 0;
+}
+
+DWORD scheduler_initialize( Remote * remote )
+{
+	return 0;
+}
+
 /*
  * Insert a waitable object for checking and processing
  */

external/source/meterpreter/source/common/base.c

@@ -246,12 +246,14 @@ DWORD THREADCALL command_process_thread( THREAD * thread )
 
 			dprintf( "[COMMAND] Processing method %s", methodTlv.buffer );
 
-			// Impersonate the thread token if needed
+#ifdef _WIN32
+			// Impersonate the thread token if needed (only on Windows)
 			if(remote->hServerToken != remote->hThreadToken) {
 				if(! ImpersonateLoggedOnUser(remote->hThreadToken)) {
 					dprintf( "[COMMAND] Failed to impersonate thread token (%s) (%u)", methodTlv.buffer, GetLastError());
 				}
 			}
+#endif
 			
 			// Get the request identifier if the packet has one.
 			result = packet_get_tlv_string( packet, TLV_TYPE_REQUEST_ID, &requestIdTlv );

external/source/meterpreter/source/common/common.h

@@ -26,11 +26,12 @@
 
 #include "channel.h"
 #include "scheduler.h"
-
 #include "thread.h"
 
 #include "list.h"
 
+#include "zlib/zlib.h"
+
 
 // #define DEBUGTRACE
 

external/source/meterpreter/source/common/compat_types.h

@@ -172,6 +172,7 @@ typedef	BOOL *		LPBOOL;
 typedef	char		CHAR;
 typedef	CHAR *		PCHAR;
 typedef	void *		LPVOID;
+typedef	char		BYTE;
 
 
 typedef	uint32_t	ULONG;
@@ -195,22 +196,26 @@ typedef	short		SHORT;
 typedef unsigned short  USHORT;
 
 #ifndef TRUE
-#define	TRUE	(1)
+ #define TRUE (1)
 #endif
 #ifndef FALSE
-#define	FALSE	(0)
+ #define FALSE (0)
 #endif
 
-#define	ERROR_NOT_FOUND		ENOENT
-#define	ERROR_NOT_ENOUGH_MEMORY	ENOMEM
-#define	ERROR_INVALID_PARAMETER	EINVAL
+#define ERROR_NOT_FOUND		ENOENT
+#define ERROR_NOT_ENOUGH_MEMORY	ENOMEM
+#define ERROR_INVALID_PARAMETER	EINVAL
+#define ERROR_INVALID_HANDLE   	EINVAL
+#define ERROR_INVALID_DATA     	EINVAL
+#define ERROR_UNSUPPORTED_COMPRESSION	EINVAL
 #define	ERROR_NOT_SUPPORTED	EOPNOTSUPP
+
 #if defined(__FreeBSD__)
-#define	ERROR_INSTALL_USEREXIT	EPROGUNAVAIL
+ #define	ERROR_INSTALL_USEREXIT	EPROGUNAVAIL
 #elif defined(__linux__)
-#define	ERROR_INSTALL_USEREXIT	ENOPROTOOPT
+ #define	ERROR_INSTALL_USEREXIT	ENOPROTOOPT
 #else
-#error unknown OS
+ #error unknown OS
 #endif
 
 #define	ERROR_SUCCESS		(0)

external/source/meterpreter/source/common/core.c

@@ -1,5 +1,4 @@
 #include "common.h"
-#include "zlib/zlib.h"
 
 DWORD packet_find_tlv_buf(Packet *packet, PUCHAR payload, DWORD payloadLength, DWORD index,
 		TlvType type, Tlv *tlv);
@@ -60,12 +59,12 @@ DWORD send_core_console_write(Remote *remote, LPCSTR fmt, ...)
 }
 
 /*
- * Transmit a single string to the remote connection with instructions to 
- * print it to the screen or whatever medium has been established.
+ * XXX
  */
 HANDLE core_update_thread_token(Remote *remote, HANDLE token)
 {
 	HANDLE temp = NULL;
+#ifdef _WIN32
 
 	lock_acquire( remote->lock );
 	do {
@@ -86,6 +85,11 @@ HANDLE core_update_thread_token(Remote *remote, HANDLE token)
 	} while(0);
 	
 	lock_release( remote->lock );
+#else
+	/*
+	 * XXX add POSIX implementation
+	 */
+#endif
 	return(token);
 }
 
@@ -97,6 +101,7 @@ HANDLE core_update_thread_token(Remote *remote, HANDLE token)
  */
 VOID core_update_desktop( Remote * remote, DWORD dwSessionID, char * cpStationName, char * cpDesktopName )
 {
+#ifdef _WIN32
 	DWORD temp_session  = -1;
 	char * temp_station = NULL;
 	char * temp_desktop = NULL;
@@ -135,6 +140,7 @@ VOID core_update_desktop( Remote * remote, DWORD dwSessionID, char * cpStationNa
 	} while( 0 );
 	
 	lock_release( remote->lock );
+#endif
 }
 /*******************
  * Packet Routines *

external/source/meterpreter/source/common/thread.c

@@ -1,5 +1,9 @@
 #include "common.h"
 
+#ifndef _WIN32
+#include "pthread.h"
+#endif
+
 // thread.c contains wrappers for the primitives of locks, events and threads for use in 
 // the multithreaded meterpreter. This is the win32/win64 implementation.
 
@@ -17,7 +21,11 @@ LOCK * lock_create( VOID )
 	{
 		memset( lock, 0, sizeof( LOCK ) );
 
+#ifdef _WIN32
 		lock->handle = CreateMutex( NULL, FALSE, NULL );
+#else
+		pthread_mutex_init(lock->handle, NULL);
+#endif
 	}
 	return lock;
 }
@@ -31,7 +39,11 @@ VOID lock_destroy( LOCK * lock )
 	{
 		lock_release( lock );
 
+#ifdef _WIN32
 		CloseHandle( lock->handle );
+#else
+		pthread_mutex_destroy(lock->handle);
+#endif
 
 		free( lock );
 	}
@@ -42,8 +54,13 @@ VOID lock_destroy( LOCK * lock )
  */
 VOID lock_acquire( LOCK * lock )
 {
-	if( lock != NULL  )
+	if( lock != NULL  ) {
+#ifdef _WIN32
 		WaitForSingleObject( lock->handle, INFINITE );
+#else
+		pthread_mutex_lock(lock->handle);
+#endif
+	}
 }
 
 /*
@@ -51,8 +68,13 @@ VOID lock_acquire( LOCK * lock )
  */
 VOID lock_release( LOCK * lock )
 {
-	if( lock != NULL  )
+	if( lock != NULL  ) {
+#ifdef _WIN32
 		ReleaseMutex( lock->handle );
+#else
+		pthread_mutex_unlock(lock->handle);
+#endif
+	}
 }
 
 /*****************************************************************************************/
@@ -68,6 +90,7 @@ EVENT * event_create( VOID )
 	if( event == NULL )
 		return NULL;
 
+#ifdef _WIN32
 	memset( event, 0, sizeof( EVENT ) );
 
 	event->handle = CreateEvent( NULL, FALSE, FALSE, NULL );
@@ -76,6 +99,7 @@ EVENT * event_create( VOID )
 		free( event );
 		return NULL;
 	}
+#endif
 
 	return event;
 }
@@ -88,7 +112,9 @@ BOOL event_destroy( EVENT * event )
 	if( event == NULL )
 		return FALSE;
 
+#ifdef _WIN32
 	CloseHandle( event->handle );
+#endif
 
 	free( event );
 
@@ -103,8 +129,10 @@ BOOL event_signal( EVENT * event )
 	if( event == NULL )
 		return FALSE;
 
+#ifdef _WIN32
 	if( SetEvent( event->handle ) == 0 )
 		return FALSE;
+#endif
 
 	return TRUE;
 }
@@ -118,10 +146,17 @@ BOOL event_poll( EVENT * event, DWORD timeout )
 	if( event == NULL )
 		return FALSE;
 
+#ifdef _WIN32
 	if( WaitForSingleObject( event->handle, timeout ) == WAIT_OBJECT_0 )
 		return TRUE;
 
 	return FALSE;
+#else
+	/*
+	 * XXX add POSIX implementation
+	 */
+	return FALSE;
+#endif
 }
 
 /*****************************************************************************************/
@@ -131,6 +166,7 @@ BOOL event_poll( EVENT * event, DWORD timeout )
  */
 THREAD * thread_open( VOID )
 {
+#ifdef _WIN32
 	OPENTHREAD pOpenThread = NULL;
 	HMODULE hKernel32      = NULL;
 	THREAD * thread        = NULL;
@@ -177,6 +213,12 @@ THREAD * thread_open( VOID )
 	}
 
 	return thread;
+#else
+	/*
+	 * XXX add POSIX implementation
+	 */
+	return NULL;
+#endif
 }
 
 /*
@@ -189,6 +231,7 @@ THREAD * thread_create( THREADFUNK funk, LPVOID param1, LPVOID param2 )
 	if( funk == NULL )
 		return NULL;
 
+#ifdef _WIN32
 	thread = (THREAD *)malloc( sizeof( THREAD ) );
 	if( thread == NULL )
 		return NULL;
@@ -214,6 +257,11 @@ THREAD * thread_create( THREADFUNK funk, LPVOID param1, LPVOID param2 )
 		return NULL;
 	}
 
+#else
+	/*
+	 * XXX add POSIX implementation
+	 */
+#endif
 	return thread;
 }
 
@@ -225,9 +273,15 @@ BOOL thread_run( THREAD * thread )
 	if( thread == NULL )
 		return FALSE;
 
+#ifdef _WIN32
 	if( ResumeThread( thread->handle ) < 0 )
 		return FALSE;
 
+#else
+	/*
+	 * XXX add POSIX implementation
+	 */
+#endif
 	return TRUE;
 }
 
@@ -240,7 +294,14 @@ BOOL thread_sigterm( THREAD * thread )
 	if( thread == NULL )
 		return FALSE;
 
+#ifdef _WIN32
 	return event_signal( thread->sigterm );
+#else
+	/*
+	 * XXX add POSIX implementation
+	 */
+	return FALSE;
+#endif
 }
 
 /*
@@ -251,10 +312,17 @@ BOOL thread_kill( THREAD * thread )
 	if( thread == NULL )
 		return FALSE;
 
+#ifdef _WIN32
 	if( TerminateThread( thread->handle, -1 ) == 0 )
 		return FALSE;
 
 	return TRUE;
+#else
+	/*
+	 * XXX add POSIX implementation
+	 */
+	return FALSE;
+#endif
 }
 
 
@@ -266,10 +334,16 @@ BOOL thread_join( THREAD * thread )
 	if( thread == NULL )
 		return FALSE;
 
+#ifdef _WIN32
 	if( WaitForSingleObject( thread->handle, INFINITE ) == WAIT_OBJECT_0 )
 		return TRUE;
 
 	return FALSE;
+#else
+	/*
+	 * XXX add POSIX implementation
+	 */
+#endif
 }
 
 /*
@@ -283,7 +357,11 @@ BOOL thread_destroy( THREAD * thread )
 	
 	event_destroy( thread->sigterm );
 
+#ifdef _WIN32
 	CloseHandle( thread->handle );
+#else
+	//pthread_detach(thread->handle);
+#endif
 
 	free( thread );
 

external/source/meterpreter/source/common/thread.h

@@ -1,6 +1,8 @@
 #ifndef _METERPRETER_LIB_THREAD_H
 #define _METERPRETER_LIB_THREAD_H
 
+#ifdef _WIN32
+
 /*****************************************************************************************/
 // Win32/64 specific definitions...
 
@@ -33,9 +35,17 @@ typedef DWORD (WINAPI * NTOPENTHREAD)( PHANDLE, ACCESS_MASK, _POBJECT_ATTRIBUTES
 
 /*****************************************************************************************/
 
+#else
+#include "pthread.h"
+#endif // _WIN32
+
 typedef struct _LOCK
 {
+#ifdef _WIN32
 	HANDLE handle;
+#else
+	pthread_mutex_t *handle;
+#endif // _WIN32
 } LOCK, * LPLOCK;
 
 typedef struct _EVENT
@@ -52,7 +62,11 @@ typedef struct _THREAD
 	LPVOID parameter2;
 } THREAD, * LPTHREAD;
 
+#ifdef __GNUC__
+#define THREADCALL __attribute__((stdcall))
+#else // ! gcc
 #define THREADCALL __stdcall
+#endif
 
 typedef DWORD (THREADCALL * THREADFUNK)( THREAD * thread );
 
@@ -94,4 +108,4 @@ BOOL thread_destroy( THREAD * thread );
 
 /*****************************************************************************************/
 
-#endif
+#endif

external/source/meterpreter/source/common/zlib/zlib.h

@@ -982,7 +982,7 @@ extern int EXPORT inflateInit2_ OF((z_streamp strm, int  windowBits,
         inflateInit2_((strm), (windowBits), ZLIB_VERSION, sizeof(z_stream))
 
 #if !defined(_Z_UTIL_H) && !defined(NO_DUMMY_DECL)
-    struct internal_state {int dummy;}; /* hack for buggy compilers */
+//    struct internal_state {int dummy;}; /* hack for buggy compilers */
 #endif
 
 uLongf *get_crc_table OF((void)); /* can be used by asm versions of crc32() */

external/source/meterpreter/source/extensions/stdapi/server/sys/process/ps.h

@@ -2,6 +2,8 @@
 #ifndef _METERPRETER_SOURCE_EXTENSION_STDAPI_STDAPI_SERVER_PROCESS_PS_H
 #define _METERPRETER_SOURCE_EXTENSION_STDAPI_STDAPI_SERVER_PROCESS_PS_H
 //===============================================================================================//
+#ifdef _WIN32
+
 
 typedef DWORD (WINAPI * GETMODULEFILENAMEEXA)( HANDLE hProcess, HMODULE hModule, LPTSTR lpExeName, DWORD dwSize );
 typedef DWORD (WINAPI * GETPROCESSIMAGEFILENAMEA)( HANDLE hProcess, LPTSTR lpExeName, DWORD dwSize );
@@ -76,5 +78,6 @@ DWORD ps_list_via_psapi( Packet * response );
 DWORD ps_list_via_brute( Packet * response );
 
 //===============================================================================================//
+#endif // _WIN32
 #endif
-//===============================================================================================//
+//===============================================================================================//

external/source/meterpreter/source/server/server_setup.c

@@ -1,4 +1,5 @@
 #include "metsrv.h"
+#include "common.h"
 
 #ifdef _WIN32
 
@@ -59,7 +60,11 @@ static VOID server_locking_callback( int mode, int type, const char * file, int
  */
 static DWORD server_threadid_callback( VOID )
 {
+#ifdef _WIN32
 	return GetCurrentThreadId();
+#else
+	return pthread_self();
+#endif
 }
 
 /*
@@ -348,6 +353,7 @@ static DWORD server_dispatch( Remote * remote )
  */
 DWORD server_sessionid( VOID )
 {
+#ifdef _WIN32
 	typedef BOOL (WINAPI * PROCESSIDTOSESSIONID)( DWORD pid, LPDWORD id );
 
 	static PROCESSIDTOSESSIONID pProcessIdToSessionId = NULL;
@@ -375,6 +381,9 @@ DWORD server_sessionid( VOID )
 		FreeLibrary( hKernel );
 
 	return dwSessionId;
+#else
+	return -1;
+#endif
 }
 /*
  * Setup and run the server. This is called from Init via the loader.
@@ -424,6 +433,7 @@ DWORD server_setup( SOCKET fd )
 			// Store our thread handle
 			remote->hServerThread = serverThread->handle;
 
+#ifdef _WIN32
 			// Store our process token
 			if (!OpenThreadToken(remote->hServerThread, TOKEN_ALL_ACCESS, TRUE, &remote->hServerToken))
 				OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &remote->hServerToken);
@@ -440,6 +450,7 @@ DWORD server_setup( SOCKET fd )
 			GetUserObjectInformation( GetThreadDesktop( GetCurrentThreadId() ), UOI_NAME, &cDesktopName, 256, NULL );
 			remote->cpOrigDesktopName    = _strdup( cDesktopName );
 			remote->cpCurrentDesktopName = _strdup( cDesktopName );
+#endif
 
 			dprintf("[SERVER] Flushing the socket handle...");
 			server_socket_flush( remote );

external/source/meterpreter/workspace/Makefile

@@ -11,4 +11,5 @@ subdirs:
 clean:
 	for dir in $(SUBDIRS); do \
 	$(MAKE) -C $$dir clean; \
-	done
+	done
+

external/source/meterpreter/workspace/common/Makefile

@@ -5,8 +5,9 @@ SSLPATH=../../source/openssl/include
 MALLOC_PATH=../../source/common/malloc
 XOR_PATH=../../source/common/crypto
 STDLIBPATH=../../source/common/stdlib
+ZLIB_PATH=../../source/common/zlib
 
-CFLAGS= -D_UNIX -I$(SOURCEPATH) -I$(MALLOC_PATH) -I$(XOR_PATH) -DMALLOC_PRODUCTION -DNO_TLS -DPIC -I$(SSLPATH) -I$(STDLIBPATH)
+CFLAGS= -D_UNIX -I$(SOURCEPATH) -I$(MALLOC_PATH) -I$(XOR_PATH) -DMALLOC_PRODUCTION -DNO_TLS -DPIC -I$(SSLPATH) -I$(STDLIBPATH) -I$(ZLIB_PATH)
 CFLAGS+= -g -fPIC -Os -D_POSIX_C_SOURCE=200809 -D__BSD_VISIBLE=1 -D__XSI_VISIBLE=1
 
 CPPFLAGS= -I$(SOURCEPATH) -DPIC
@@ -16,13 +17,13 @@ AR=ar
 RM=rm
 
 objects = args.o base.o base_dispatch.o base_dispatch_common.o buffer.o \
-	channel.o common.o core.o remote.o scheduler.o xor.o 
+	channel.o common.o core.o list.o remote.o scheduler.o thread.o xor.o zlib/zlib.o
 
 
 
 ####### check platform
 OSNAME= $(shell uname -s)
-ARCH= $(shell uname -m)
+ARCH= $(shell uname -m | sed 's/i[456]86/i386/g')
 
 ifeq ($(OSNAME), FreeBSD)
 	OS= bsd

external/source/meterpreter/workspace/metsrv/Makefile

@@ -5,7 +5,8 @@ ELFPATH=../../source/server/elf
 SSLPATH=../../source/openssl/include
 ULIBCPATH=../../source/ulibc
 XOR_PATH=../../source/common/crypto
-CFLAGS= -D_UNIX -I$(SRCPATH) -DPIC -I$(SSLPATH) -I$(COMMONPATH) -I$(ULIBCPATH) -I$(ELFPATH) -I.
+ZLIB_PATH=../../source/common/zlib
+CFLAGS= -D_UNIX -I$(SRCPATH) -DPIC -I$(SSLPATH) -I$(COMMONPATH) -I$(ULIBCPATH) -I$(ELFPATH) -I$(ZLIB_PATH) -I.
 CFLAGS+= -fPIC  -g -nostdinc
 #CFLAGS+= -Os
 CPPFLAGS= -I$(COMMONPATH) -DPIC 
@@ -20,10 +21,10 @@ RM=rm
 
 ####### check platform
 OSNAME= $(shell uname -s)
-ARCH= $(shell uname -m)
+ARCH= $(shell uname -m | sed 's/i[456]86/i386/g')
 RARCH=$(ARCH)
 
-ifeq ($(ARCH), i686)
+ifeq ($(ARCH), i386)
 	CFLAGS+= -D__i386__
 	RARCH=i386
 endif
@@ -44,6 +45,8 @@ else
 	DL= -ldl 
 endif
 
+CFLAGS+= -L../../source/openssl/lib/$(OS)/$(RARCH)
+
 ELFARCHPATH=$(ELFPATH)/$(RARCH)
 CFLAGS+= -I$(ELFARCHPATH) -DIN_RTLD
 
@@ -52,7 +55,7 @@ ARCHVPATH= $(OSVPATH)/$(RARCH):$(ELFARCHPATH)
 VPATH=$(BASEVPATH):$(OSVPATH):$(ARCHVPATH)
 
 objects = metsrv.o libloader.o zlib.o rtld_late.o rtld_malloc.o rtld_lock.o \
-	map_object.o xmalloc.o reloc.o rtld_start.o $(START)
+	map_object.o xmalloc.o reloc.o rtld_start.o scheduler.o $(START)
 server_objects = server_setup.o remote_dispatch_common.o remote_dispatch.o \
 	metsrv_main.o metsrv_standalone.o 
 other_objects = metsrv_test.o $(CRT1) crtn.o
@@ -91,13 +94,13 @@ metsrv_main: metsrv.o libserver.a ../common/libsupport.a $(CRT1) crtn.o
 else
 metsrv_main: metsrv.o libserver.a ../common/libsupport.a 
 #	$(CC) -pie -o $@ libserver.a  ../common/libsupport.a  -lcrypto -lssl
-	$(CC) -o $@ libserver.a  ../common/libsupport.a  -lcrypto -lssl \
+	$(CC) $(CFLAGS) -o $@ libserver.a  ../common/libsupport.a  -lcrypto -lssl \
 	-export-dynamic
 endif
 
 
 metsrv_test: metsrv_test.o $(library_headers)
-	$(CC)  metsrv_test.o metsrv.a $(DL)  -o $@ 
+	$(CC) $(CFLAGS) metsrv_test.o metsrv.a $(DL)  -o $@ 
 
 clean:
 	@echo "ARCHVPATH= " $(ARCHVPATH) " VPATH= " $(VPATH)

external/source/meterpreter/workspace/ulibc/Makefile

@@ -23,11 +23,11 @@ libc_objects = table.o none.o localeconv.o lmonetary.o lnumeric.o \
 	strerror.o strlcpy.o strncpy.o strlcat.o strncat.o \
 	inet_addr.o \
 	_thread_init.o time.o isatty.o termios.o errlst.o sigsetops.o \
-	malloc.o syscalls.o ulibc.o 
+	malloc.o ulibc.o 
 
 ####### check platform
 OSNAME= $(shell uname -s)
-ARCH= $(shell uname -m)
+ARCH= $(shell uname -m | sed 's/i[456]86/i386/g')
 
 ifeq ($(OSNAME), FreeBSD)
 	OS= bsd
@@ -36,6 +36,7 @@ else
 	CFLAGS+= -fno-stack-protector -D__linux__
 	CFLAGS+=  -D_POSIX_C_SOURCE=200809 -D__BSD_VISIBLE=1 -D__XSI_VISIBLE=1 
 	OS=$(OSNAME)
+	libc_objects+= syscalls.o 
 #	requires tls - which we don't have
 #	libc_objects+= errno.o
 endif