forked from david942j/one_gadget
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
25 changed files
with
881 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
46 changes: 46 additions & 0 deletions
46
lib/one_gadget/builds/libc-2.23-bde4e8b0230b1b474cd8a1ca6e9f81bb2b438914.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| require 'one_gadget/gadget' | ||
| # https://gitlab.com/david942j/libcdb/blob/master/libc/libc6_2.23-0ubuntu11.2_i386/lib/i386-linux-gnu/libc-2.23.so | ||
| # | ||
| # Intel 80386 | ||
| # | ||
| # GNU C Library (Ubuntu GLIBC 2.23-0ubuntu11.2) stable release version 2.23, by Roland McGrath et al. | ||
| # Copyright (C) 2016 Free Software Foundation, Inc. | ||
| # This is free software; see the source for copying conditions. | ||
| # There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A | ||
| # PARTICULAR PURPOSE. | ||
| # Compiled by GNU CC version 5.4.0 20160609. | ||
| # Available extensions: | ||
| # crypt add-on version 2.1 by Michael Glad and others | ||
| # GNU Libidn by Simon Josefsson | ||
| # Native POSIX Threads Library by Ulrich Drepper et al | ||
| # BIND-8.2.3-T5B | ||
| # libc ABIs: UNIQUE IFUNC | ||
| # For bug reporting instructions, please see: | ||
| # <https://bugs.launchpad.net/ubuntu/+source/glibc/+bugs>. | ||
|
|
||
| build_id = File.basename(__FILE__, '.rb').split('-').last | ||
| OneGadget::Gadget.add(build_id, 240748, | ||
| constraints: ["esi is the GOT address of libc", "[esp+0x28] == NULL"], | ||
| effect: "execve(\"/bin/sh\", esp+0x28, environ)") | ||
| OneGadget::Gadget.add(build_id, 240750, | ||
| constraints: ["esi is the GOT address of libc", "[esp+0x2c] == NULL"], | ||
| effect: "execve(\"/bin/sh\", esp+0x2c, environ)") | ||
| OneGadget::Gadget.add(build_id, 240754, | ||
| constraints: ["esi is the GOT address of libc", "[esp+0x30] == NULL"], | ||
| effect: "execve(\"/bin/sh\", esp+0x30, environ)") | ||
| OneGadget::Gadget.add(build_id, 240761, | ||
| constraints: ["esi is the GOT address of libc", "[esp+0x34] == NULL"], | ||
| effect: "execve(\"/bin/sh\", esp+0x34, environ)") | ||
| OneGadget::Gadget.add(build_id, 240796, | ||
| constraints: ["esi is the GOT address of libc", "[eax] == NULL || eax == NULL", "[[esp]] == NULL || [esp] == NULL"], | ||
| effect: "execve(\"/bin/sh\", eax, [esp])") | ||
| OneGadget::Gadget.add(build_id, 240797, | ||
| constraints: ["esi is the GOT address of libc", "[[esp]] == NULL || [esp] == NULL", "[[esp+0x4]] == NULL || [esp+0x4] == NULL"], | ||
| effect: "execve(\"/bin/sh\", [esp], [esp+0x4])") | ||
| OneGadget::Gadget.add(build_id, 392149, | ||
| constraints: ["esi is the GOT address of libc", "eax == NULL"], | ||
| effect: "execl(\"/bin/sh\", eax)") | ||
| OneGadget::Gadget.add(build_id, 392150, | ||
| constraints: ["esi is the GOT address of libc", "[esp] == NULL"], | ||
| effect: "execl(\"/bin/sh\", [esp])") | ||
|
|
46 changes: 46 additions & 0 deletions
46
lib/one_gadget/builds/libc-2.23-c4fd86ec1eed57a09c79ce601f6c6e3796f574df.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| require 'one_gadget/gadget' | ||
| # https://gitlab.com/david942j/libcdb/blob/master/libc/libc6_2.23-0ubuntu11.2_amd64/lib/x86_64-linux-gnu/libc-2.23.so | ||
| # | ||
| # Advanced Micro Devices X86-64 | ||
| # | ||
| # GNU C Library (Ubuntu GLIBC 2.23-0ubuntu11.2) stable release version 2.23, by Roland McGrath et al. | ||
| # Copyright (C) 2016 Free Software Foundation, Inc. | ||
| # This is free software; see the source for copying conditions. | ||
| # There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A | ||
| # PARTICULAR PURPOSE. | ||
| # Compiled by GNU CC version 5.4.0 20160609. | ||
| # Available extensions: | ||
| # crypt add-on version 2.1 by Michael Glad and others | ||
| # GNU Libidn by Simon Josefsson | ||
| # Native POSIX Threads Library by Ulrich Drepper et al | ||
| # BIND-8.2.3-T5B | ||
| # libc ABIs: UNIQUE IFUNC | ||
| # For bug reporting instructions, please see: | ||
| # <https://bugs.launchpad.net/ubuntu/+source/glibc/+bugs>. | ||
|
|
||
| build_id = File.basename(__FILE__, '.rb').split('-').last | ||
| OneGadget::Gadget.add(build_id, 283174, | ||
| constraints: ["rax == NULL"], | ||
| effect: "execve(\"/bin/sh\", rsp+0x30, environ)") | ||
| OneGadget::Gadget.add(build_id, 283258, | ||
| constraints: ["[rsp+0x30] == NULL"], | ||
| effect: "execve(\"/bin/sh\", rsp+0x30, environ)") | ||
| OneGadget::Gadget.add(build_id, 840051, | ||
| constraints: ["[rcx] == NULL || rcx == NULL", "[r12] == NULL || r12 == NULL"], | ||
| effect: "execve(\"/bin/sh\", rcx, r12)") | ||
| OneGadget::Gadget.add(build_id, 840264, | ||
| constraints: ["[rax] == NULL || rax == NULL", "[r12] == NULL || r12 == NULL"], | ||
| effect: "execve(\"/bin/sh\", rax, r12)") | ||
| OneGadget::Gadget.add(build_id, 983908, | ||
| constraints: ["[rsp+0x50] == NULL"], | ||
| effect: "execve(\"/bin/sh\", rsp+0x50, environ)") | ||
| OneGadget::Gadget.add(build_id, 983920, | ||
| constraints: ["[rsi] == NULL || rsi == NULL", "[[rax]] == NULL || [rax] == NULL"], | ||
| effect: "execve(\"/bin/sh\", rsi, [rax])") | ||
| OneGadget::Gadget.add(build_id, 987655, | ||
| constraints: ["[rsp+0x70] == NULL"], | ||
| effect: "execve(\"/bin/sh\", rsp+0x70, environ)") | ||
| OneGadget::Gadget.add(build_id, 1009584, | ||
| constraints: ["[rcx] == NULL || rcx == NULL", "[[rbp-0xf8]] == NULL || [rbp-0xf8] == NULL"], | ||
| effect: "execve(\"/bin/sh\", rcx, [rbp-0xf8])") | ||
|
|
43 changes: 43 additions & 0 deletions
43
lib/one_gadget/builds/libc-2.23-f303ce47c562225a4f3475170333494965760a6a.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| require 'one_gadget/gadget' | ||
| # https://gitlab.com/david942j/libcdb/blob/master/libc/libc6-amd64_2.23-0ubuntu11.2_i386/lib64/libc-2.23.so | ||
| # | ||
| # Advanced Micro Devices X86-64 | ||
| # | ||
| # GNU C Library (Ubuntu GLIBC 2.23-0ubuntu11.2) stable release version 2.23, by Roland McGrath et al. | ||
| # Copyright (C) 2016 Free Software Foundation, Inc. | ||
| # This is free software; see the source for copying conditions. | ||
| # There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A | ||
| # PARTICULAR PURPOSE. | ||
| # Compiled by GNU CC version 5.4.0 20160609. | ||
| # Available extensions: | ||
| # crypt add-on version 2.1 by Michael Glad and others | ||
| # GNU Libidn by Simon Josefsson | ||
| # Native POSIX Threads Library by Ulrich Drepper et al | ||
| # BIND-8.2.3-T5B | ||
| # libc ABIs: UNIQUE IFUNC | ||
| # For bug reporting instructions, please see: | ||
| # <https://bugs.launchpad.net/ubuntu/+source/glibc/+bugs>. | ||
|
|
||
| build_id = File.basename(__FILE__, '.rb').split('-').last | ||
| OneGadget::Gadget.add(build_id, 259286, | ||
| constraints: ["rax == NULL"], | ||
| effect: "execve(\"/bin/sh\", rsp+0x30, environ)") | ||
| OneGadget::Gadget.add(build_id, 259370, | ||
| constraints: ["[rsp+0x30] == NULL"], | ||
| effect: "execve(\"/bin/sh\", rsp+0x30, environ)") | ||
| OneGadget::Gadget.add(build_id, 753847, | ||
| constraints: ["[rsi] == NULL || rsi == NULL", "[r12] == NULL || r12 == NULL"], | ||
| effect: "execve(\"/bin/sh\", rsi, r12)") | ||
| OneGadget::Gadget.add(build_id, 754056, | ||
| constraints: ["[[rbp-0x40]] == NULL || [rbp-0x40] == NULL", "[r12] == NULL || r12 == NULL"], | ||
| effect: "execve(\"/bin/sh\", [rbp-0x40], r12)") | ||
| OneGadget::Gadget.add(build_id, 875223, | ||
| constraints: ["[rsp+0x70] == NULL"], | ||
| effect: "execve(\"/bin/sh\", rsp+0x70, environ)") | ||
| OneGadget::Gadget.add(build_id, 875235, | ||
| constraints: ["[rsi] == NULL || rsi == NULL", "[[rax]] == NULL || [rax] == NULL"], | ||
| effect: "execve(\"/bin/sh\", rsi, [rax])") | ||
| OneGadget::Gadget.add(build_id, 889985, | ||
| constraints: ["[r9] == NULL || r9 == NULL", "[rdx] == NULL || rdx == NULL"], | ||
| effect: "execve(\"/bin/sh\", r9, rdx)") | ||
|
|
46 changes: 46 additions & 0 deletions
46
lib/one_gadget/builds/libc-2.23-f4490657edfef482025fff60e85acd5928e0d05b.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| require 'one_gadget/gadget' | ||
| # https://gitlab.com/david942j/libcdb/blob/master/libc/libc6-i386_2.23-0ubuntu11.2_amd64/lib32/libc-2.23.so | ||
| # | ||
| # Intel 80386 | ||
| # | ||
| # GNU C Library (Ubuntu GLIBC 2.23-0ubuntu11.2) stable release version 2.23, by Roland McGrath et al. | ||
| # Copyright (C) 2016 Free Software Foundation, Inc. | ||
| # This is free software; see the source for copying conditions. | ||
| # There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A | ||
| # PARTICULAR PURPOSE. | ||
| # Compiled by GNU CC version 5.4.0 20160609. | ||
| # Available extensions: | ||
| # crypt add-on version 2.1 by Michael Glad and others | ||
| # GNU Libidn by Simon Josefsson | ||
| # Native POSIX Threads Library by Ulrich Drepper et al | ||
| # BIND-8.2.3-T5B | ||
| # libc ABIs: UNIQUE IFUNC | ||
| # For bug reporting instructions, please see: | ||
| # <https://bugs.launchpad.net/ubuntu/+source/glibc/+bugs>. | ||
|
|
||
| build_id = File.basename(__FILE__, '.rb').split('-').last | ||
| OneGadget::Gadget.add(build_id, 239644, | ||
| constraints: ["esi is the GOT address of libc", "[esp+0x28] == NULL"], | ||
| effect: "execve(\"/bin/sh\", esp+0x28, environ)") | ||
| OneGadget::Gadget.add(build_id, 239646, | ||
| constraints: ["esi is the GOT address of libc", "[esp+0x2c] == NULL"], | ||
| effect: "execve(\"/bin/sh\", esp+0x2c, environ)") | ||
| OneGadget::Gadget.add(build_id, 239650, | ||
| constraints: ["esi is the GOT address of libc", "[esp+0x30] == NULL"], | ||
| effect: "execve(\"/bin/sh\", esp+0x30, environ)") | ||
| OneGadget::Gadget.add(build_id, 239657, | ||
| constraints: ["esi is the GOT address of libc", "[esp+0x34] == NULL"], | ||
| effect: "execve(\"/bin/sh\", esp+0x34, environ)") | ||
| OneGadget::Gadget.add(build_id, 239692, | ||
| constraints: ["esi is the GOT address of libc", "[eax] == NULL || eax == NULL", "[[esp]] == NULL || [esp] == NULL"], | ||
| effect: "execve(\"/bin/sh\", eax, [esp])") | ||
| OneGadget::Gadget.add(build_id, 239693, | ||
| constraints: ["esi is the GOT address of libc", "[[esp]] == NULL || [esp] == NULL", "[[esp+0x4]] == NULL || [esp+0x4] == NULL"], | ||
| effect: "execve(\"/bin/sh\", [esp], [esp+0x4])") | ||
| OneGadget::Gadget.add(build_id, 389237, | ||
| constraints: ["esi is the GOT address of libc", "eax == NULL"], | ||
| effect: "execl(\"/bin/sh\", eax)") | ||
| OneGadget::Gadget.add(build_id, 389238, | ||
| constraints: ["esi is the GOT address of libc", "[esp] == NULL"], | ||
| effect: "execl(\"/bin/sh\", [esp])") | ||
|
|
47 changes: 47 additions & 0 deletions
47
lib/one_gadget/builds/libc-2.27-06a8004be6e10c4aeabbe0db74423ace392a2d6b.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| require 'one_gadget/gadget' | ||
| # https://gitlab.com/david942j/libcdb/blob/master/libc/libc6-i386_2.27-3ubuntu1.3_amd64/lib32/libc-2.27.so | ||
| # | ||
| # Intel 80386 | ||
| # | ||
| # GNU C Library (Ubuntu GLIBC 2.27-3ubuntu1.3) stable release version 2.27. | ||
| # Copyright (C) 2018 Free Software Foundation, Inc. | ||
| # This is free software; see the source for copying conditions. | ||
| # There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A | ||
| # PARTICULAR PURPOSE. | ||
| # Compiled by GNU CC version 7.5.0. | ||
| # libc ABIs: UNIQUE IFUNC | ||
| # For bug reporting instructions, please see: | ||
| # <https://bugs.launchpad.net/ubuntu/+source/glibc/+bugs>. | ||
|
|
||
| build_id = File.basename(__FILE__, '.rb').split('-').last | ||
| OneGadget::Gadget.add(build_id, 249066, | ||
| constraints: ["esi is the GOT address of libc", "[esp+0x34] == NULL"], | ||
| effect: "execve(\"/bin/sh\", esp+0x34, environ)") | ||
| OneGadget::Gadget.add(build_id, 249068, | ||
| constraints: ["esi is the GOT address of libc", "[esp+0x38] == NULL"], | ||
| effect: "execve(\"/bin/sh\", esp+0x38, environ)") | ||
| OneGadget::Gadget.add(build_id, 249072, | ||
| constraints: ["esi is the GOT address of libc", "[esp+0x3c] == NULL"], | ||
| effect: "execve(\"/bin/sh\", esp+0x3c, environ)") | ||
| OneGadget::Gadget.add(build_id, 249079, | ||
| constraints: ["esi is the GOT address of libc", "[esp+0x40] == NULL"], | ||
| effect: "execve(\"/bin/sh\", esp+0x40, environ)") | ||
| OneGadget::Gadget.add(build_id, 249114, | ||
| constraints: ["esi is the GOT address of libc", "[eax] == NULL || eax == NULL", "[[esp]] == NULL || [esp] == NULL"], | ||
| effect: "execve(\"/bin/sh\", eax, [esp])") | ||
| OneGadget::Gadget.add(build_id, 249115, | ||
| constraints: ["esi is the GOT address of libc", "[[esp]] == NULL || [esp] == NULL", "[[esp+0x4]] == NULL || [esp+0x4] == NULL"], | ||
| effect: "execve(\"/bin/sh\", [esp], [esp+0x4])") | ||
| OneGadget::Gadget.add(build_id, 422815, | ||
| constraints: ["esi is the GOT address of libc", "eax == NULL"], | ||
| effect: "execl(\"/bin/sh\", eax)") | ||
| OneGadget::Gadget.add(build_id, 422816, | ||
| constraints: ["esi is the GOT address of libc", "[esp] == NULL"], | ||
| effect: "execl(\"/bin/sh\", [esp])") | ||
| OneGadget::Gadget.add(build_id, 1267262, | ||
| constraints: ["ebx is the GOT address of libc", "eax == NULL"], | ||
| effect: "execl(\"/bin/sh\", eax)") | ||
| OneGadget::Gadget.add(build_id, 1267263, | ||
| constraints: ["ebx is the GOT address of libc", "[esp] == NULL"], | ||
| effect: "execl(\"/bin/sh\", [esp])") | ||
|
|
47 changes: 47 additions & 0 deletions
47
lib/one_gadget/builds/libc-2.27-2d1c5e0b85cb06ff47fa6fa088ec22cb6e06074e.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| require 'one_gadget/gadget' | ||
| # https://gitlab.com/david942j/libcdb/blob/master/libc/libc6-i386_2.27-3ubuntu1.2_amd64/lib32/libc-2.27.so | ||
| # | ||
| # Intel 80386 | ||
| # | ||
| # GNU C Library (Ubuntu GLIBC 2.27-3ubuntu1.2) stable release version 2.27. | ||
| # Copyright (C) 2018 Free Software Foundation, Inc. | ||
| # This is free software; see the source for copying conditions. | ||
| # There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A | ||
| # PARTICULAR PURPOSE. | ||
| # Compiled by GNU CC version 7.5.0. | ||
| # libc ABIs: UNIQUE IFUNC | ||
| # For bug reporting instructions, please see: | ||
| # <https://bugs.launchpad.net/ubuntu/+source/glibc/+bugs>. | ||
|
|
||
| build_id = File.basename(__FILE__, '.rb').split('-').last | ||
| OneGadget::Gadget.add(build_id, 248922, | ||
| constraints: ["esi is the GOT address of libc", "[esp+0x34] == NULL"], | ||
| effect: "execve(\"/bin/sh\", esp+0x34, environ)") | ||
| OneGadget::Gadget.add(build_id, 248924, | ||
| constraints: ["esi is the GOT address of libc", "[esp+0x38] == NULL"], | ||
| effect: "execve(\"/bin/sh\", esp+0x38, environ)") | ||
| OneGadget::Gadget.add(build_id, 248928, | ||
| constraints: ["esi is the GOT address of libc", "[esp+0x3c] == NULL"], | ||
| effect: "execve(\"/bin/sh\", esp+0x3c, environ)") | ||
| OneGadget::Gadget.add(build_id, 248935, | ||
| constraints: ["esi is the GOT address of libc", "[esp+0x40] == NULL"], | ||
| effect: "execve(\"/bin/sh\", esp+0x40, environ)") | ||
| OneGadget::Gadget.add(build_id, 248970, | ||
| constraints: ["esi is the GOT address of libc", "[eax] == NULL || eax == NULL", "[[esp]] == NULL || [esp] == NULL"], | ||
| effect: "execve(\"/bin/sh\", eax, [esp])") | ||
| OneGadget::Gadget.add(build_id, 248971, | ||
| constraints: ["esi is the GOT address of libc", "[[esp]] == NULL || [esp] == NULL", "[[esp+0x4]] == NULL || [esp+0x4] == NULL"], | ||
| effect: "execve(\"/bin/sh\", [esp], [esp+0x4])") | ||
| OneGadget::Gadget.add(build_id, 422671, | ||
| constraints: ["esi is the GOT address of libc", "eax == NULL"], | ||
| effect: "execl(\"/bin/sh\", eax)") | ||
| OneGadget::Gadget.add(build_id, 422672, | ||
| constraints: ["esi is the GOT address of libc", "[esp] == NULL"], | ||
| effect: "execl(\"/bin/sh\", [esp])") | ||
| OneGadget::Gadget.add(build_id, 1268030, | ||
| constraints: ["ebx is the GOT address of libc", "eax == NULL"], | ||
| effect: "execl(\"/bin/sh\", eax)") | ||
| OneGadget::Gadget.add(build_id, 1268031, | ||
| constraints: ["ebx is the GOT address of libc", "[esp] == NULL"], | ||
| effect: "execl(\"/bin/sh\", [esp])") | ||
|
|
Oops, something went wrong.