# 5 - On Cross Compilation

#### Topics <a href="#topics" id="topics"></a>

> 1. Introduction to the Windows Shells
> 2. Windows Permissions
> 3. Reverse Shells in Windows
> 4. SeImpersonatePrivilege Exploitation
> 5. On Cross Compilation
> 6. Windows Services
> 7. Weak Service Permissions
> 8. Unquoted Service Path
> 9. DLL Hijacking
> 10. Always Install Elevated
> 11. Files with Sensitive Data
> 12. Windows Hashes
> 13. Stored Credentials and the Windows Vault
> 14. Scheduled Task
> 15. Critical Registry Paths
> 16. Useful Tools
> 17. AMSI Bypass

## **On Compilation**

Compilation is the process of translating source code written in a high-level programming language (e.g., C, C++, Python) into machine code that can execute on a specific CPU architecture.

**Overview of the Compilation Process**

Source code -> Compilation -> Binary

Binaries generated through compilation are tailored for a specific **environment**, which includes:

* **Hardware Architecture**: The type of CPU (e.g., x86, ARM, MIPS).
* **Operating System**: The platform (e.g., Windows, Linux, macOS).
* **User-Space Programs and Configurations**: Dependencies, libraries, or runtime environments.

Modern compilation often involves several stages, such as preprocessing, parsing, optimization, and code generation, to produce efficient executables.

***

## **On Cross Compilation**

**Cross compilation** refers to compiling source code on one system (the "host") to produce binaries for another system (the "target"). This technique is essential when the target environment differs from the host, such as:

* Developing software for embedded systems (e.g., IoT devices).
* Compiling Windows binaries on a Linux system.

This process requires a **cross-compiler**, which is a compiler configured to generate code for the target platform.

***

## **Compiling for Windows on Linux**

#### **Practical Example - Scenario**

You are running Linux (which uses the **ELF** binary format) and need to compile a program to run on a Windows machine (which uses the **PE** binary format).

**Key Binary Formats**

* **ELF**: Executable and Linkable Format (used on Linux).
* **PE**: Portable Executable (used on Windows).

**Example Source Code**

Here is a simple `hello.c` program:

```c
#include <stdio.h>

int main(void) {
    printf("Hello World!\n");
    return 0;
}
```

***

### **Compiling for the Host Environment (Linux)**

If you compile this code on Linux using `gcc`, the output will be an ELF binary:

```bash
gcc hello.c -o hello
```

Check the binary format:

```bash
file hello
```

Output:

```bash
hello: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 4.4.0, not stripped
```

This binary will not work on a Windows machine.

***

### **Cross-Compiling for the Target Environment (Windows)**

To compile for Windows, you need a cross-compiler such as **mingw-w64**. Install it on your Linux system:

<pre class="language-bash"><code class="lang-bash"><strong>sudo apt install mingw-w64      #debian/ubuntu
</strong>sudo pacman -S mingw-w64-gcc    #archlinux
</code></pre>

Compile the program for Windows using the `x86_64-w64-mingw32-g++` compiler:

```bash
x86_64-w64-mingw32-g++ hello.c -static -o hello.exe
```

* Use `x86_64-w64-mingw32-g++` for 64-bit architectures.
* Use `i686-w64-mingw32-gcc` for 32-bit architectures.

Check the binary format of the output:

```bash
file hello.exe
```

Output:

```bash
hello.exe: PE32+ executable (console) x86-64, for MS Windows, 20 sections
```

***

### **Transferring the Compiled Binary**

Once the binary is ready, transfer it to the target Windows machine.

1. **Using Netcat**:\
   On the Linux machine:

   ```bash
   nc -lvnp 4321 < hello.exe
   ```

   On the Windows machine:

   ```bash
   nc64.exe 192.168.122.1 4321 > hello.exe
   ```
2. **Alternative Methods**:
   * Use `scp` for secure transfer.
   * Host an HTTP server on Linux (e.g., `python3 -m http.server`) and download the file on Windows.

{% hint style="danger" %}
**Disclaimer**

**❗ Never use tools and techniques on real IP addresses, hosts or networks without proper authorization!**❗
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://dev-angelist.gitbook.io/windows-privilege-escalation/5-on-cross-compilation.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.