Update PCAP, SSL libraries, move to meterpreter-deps

[bcook-r7]

This updates libpcap by updating to 1.6.2 and forward-porting patches from the earlier release. The tarball is checked into the meterpreter-deps repo as well to eliminate an external download dependency. This is needed to make automatic builds robust as well.

OpenSSL 0.9.8za is updated to LibreSSL 2.1.4 on POSIX and OpenSSL 0.9.8zf on Windows. Some care has to be taken to ensure that the entropy collection functions are compatible with the limitations of the current C library (to be fixed later with a C lib swap). This also moves the archives to meterpreter-deps and eliminates the download dependency, which recently broke due to reorganization upstream in the OpenSSL repos. Windows stays with OpenSSL for now due to a requirement on SAFESEH and a 50% size increase in metsrv. This should be solvable in the future.

Verification steps

• [x] Windows 32-bit and 64-bit builds work with reverse_tcp and no warnings
• [x] POSIX builds work with reverse_tcp
• [x] POSIX sniffer works

This diff is big, but it is mostly deletes of the header files.

[metasploit-public-bot]

Test PASSED. Refer to this link for build results (access rights to CI server needed): https://ci.metasploit.com//job/GPR-MeterpreterWin/163/ Test PASSED.

[OJ]

Nice work @bcook-r7, I'll aim to squeeze this in later today.

[metasploit-public-bot]

Test PASSED. Refer to this link for build results (access rights to CI server needed): https://ci.metasploit.com//job/GPR-MeterpreterWin/164/ Test PASSED.

[OJ]

Okeydokes, time for me to test this baby.

[metasploit-public-bot]

Test FAILED. Refer to this link for build results (access rights to CI server needed): https://ci.metasploit.com//job/GPR-MeterpreterWin/165/ Test FAILED.

[OJ]

Builds on POSIX after support from @bcook-r7. POSIX payload runs as expected:

msf exploit(handler) > run

[*] Started reverse handler on 10.1.10.40:8000 
[*] Starting the payload handler...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1560576 bytes) to 10.1.10.40
[*] Meterpreter session 1 opened (10.1.10.40:8000 -> 10.1.10.40:51030) at 2015-03-27 13:51:14 +1000

meterpreter > getuid
Server username: uid=1000, gid=1000, euid=1000, egid=1000, suid=1000, sgid=1000
meterpreter > ls

Listing: /home/oj/code/metasploit-framework
===========================================

Mode              Size   Type  Last modified              Name
----              ----   ----  -------------              ----
40775/rwxrwxr-x   4096   dir   2015-03-24 09:29:10 +1000  .
40775/rwxrwxr-x   4096   dir   2015-03-26 15:53:48 +1000  ..
40775/rwxrwxr-x   4096   dir   2015-03-27 13:51:10 +1000  .git
.
.
.

[OJ]

Sniffer extension working well:

msf exploit(handler) > run

[*] Started reverse handler on 10.1.10.40:8000 
[*] Starting the payload handler...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1560576 bytes) to 10.1.10.40
[*] Meterpreter session 2 opened (10.1.10.40:8000 -> 10.1.10.40:51051) at 2015-03-27 13:54:18 +1000

meterpreter > getuid
Server username: uid=0, gid=0, euid=0, egid=0, suid=0, sgid=0
meterpreter > use sniffer 
Loading extension sniffer...success.
meterpreter > sniffer_interfaces 

1 - 'em1' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )
2 - 'vmnet1' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )
3 - 'vmnet2' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )
4 - 'vmnet8' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )
5 - 'any' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )
6 - 'lo' ( type:0 mtu:1514 usable:false dhcp:false wifi:false )

meterpreter > sniffer_start 1
[*] Capture started on interface 1 (50000 packet buffer)
meterpreter > sniffer_stop 1
[*] Capture stopped on interface 1
[*] There are 221 packets (43889 bytes) remaining
[*] Download or release them using 'sniffer_dump' or 'sniffer_release'
meterpreter > sniffer_dump 1 /tmp/foo.pcap
[*] Flushing packet capture buffer for interface 1...
[*] Flushed 221 packets (48309 bytes)
[*] Downloaded 100% (48309/48309)...
[*] Download completed, converting to PCAP...
[*] PCAP file written to /tmp/foo.pcap
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 10.1.10.40 - Meterpreter session 2 closed.  Reason: User exit

Resulting pcap file looks good.

[OJ]

OK, functionality looks good, builds clean in Windows. Just going to give the source a once over.

[bcook-r7]

Cheers. I'll circle back and readjust the payloads merge script for this.