Skip to content

Commit

Permalink
amd64: loose the limitation of gadgets with jmp (#178)
Browse files Browse the repository at this point in the history 
* amd64: loose the limitation of gadgets with jmp

Fix #176

Signed-off-by: david942j <david942j@gmail.com>
  • Loading branch information
@david942j
david942j committed Sep 18, 2021
1 parent 9462b77 commit 8765130
Show file tree
Hide file tree
Showing 59 changed files with 423 additions and 13 deletions.
2 changes: 1 addition & 1 deletion lib/one_gadget/builds/libc-2.19-df559a150829d9f3cdd0b5ce1e5b4d512d20f55f.rb
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
require 'one_gadget/gadget'
# https://gitlab.com/david942j/libcdb/blob/master/libc/glibc-2.19-16.2.5.i686/lib/libc-2.19.so
# https://gitlab.com/david942j/libcdb/blob/master/libc/glibc-32bit-2.19-16.2.5.x86_64/lib/libc-2.19.so
#
# Intel 80386
#
Expand Down
2 changes: 1 addition & 1 deletion lib/one_gadget/builds/libc-2.20-398115bd423958b1769317a6f7e4928df141eb57.rb
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
require 'one_gadget/gadget'
# https://gitlab.com/david942j/libcdb/blob/master/libc/glibc-2.20-3-i686.pkg.tar/usr/lib/libc-2.20.so
# https://gitlab.com/david942j/libcdb/blob/master/libc/glibc-2.20-4-i686.pkg.tar/usr/lib/libc-2.20.so
#
# Intel 80386
#
Expand Down
2 changes: 1 addition & 1 deletion lib/one_gadget/builds/libc-2.20-f3063b7115d5a383189937852ce356f4c60fd190.rb
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
require 'one_gadget/gadget'
# https://gitlab.com/david942j/libcdb/blob/master/libc/glibc-2.20-3-x86_64.pkg.tar/usr/lib/libc-2.20.so
# https://gitlab.com/david942j/libcdb/blob/master/libc/glibc-2.20-4-x86_64.pkg.tar/usr/lib/libc-2.20.so
#
# Advanced Micro Devices X86-64
#
Expand Down
2 changes: 1 addition & 1 deletion lib/one_gadget/builds/libc-2.21-9ac81172d5ff96f40d984fe7c10073a98f1a6b2e.rb
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
require 'one_gadget/gadget'
# https://gitlab.com/david942j/libcdb/blob/master/libc/glibc-2.21-1-x86_64.pkg.tar/usr/lib/libc-2.21.so
# https://gitlab.com/david942j/libcdb/blob/master/libc/glibc-2.21-2-x86_64.pkg.tar/usr/lib/libc-2.21.so
#
# Advanced Micro Devices X86-64
#
Expand Down
2 changes: 1 addition & 1 deletion lib/one_gadget/builds/libc-2.21-f0c24219cbba0605e39e02123398437c5dbbb104.rb
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
require 'one_gadget/gadget'
# https://gitlab.com/david942j/libcdb/blob/master/libc/glibc-2.21-3.2.i686/lib/libc-2.21.so
# https://gitlab.com/david942j/libcdb/blob/master/libc/glibc-32bit-2.21-3.2.x86_64/lib/libc-2.21.so
#
# Intel 80386
#
Expand Down
2 changes: 1 addition & 1 deletion lib/one_gadget/builds/libc-2.22-b916e3c1d80069d0209f6376b33e42b75ec49eda.rb
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
require 'one_gadget/gadget'
# https://gitlab.com/david942j/libcdb/blob/master/libc/lib32-glibc-2.22-3-x86_64.pkg.tar/usr/lib32/libc-2.22.so
# https://gitlab.com/david942j/libcdb/blob/master/libc/lib32-glibc-2.22-3.1-x86_64.pkg.tar/usr/lib32/libc-2.22.so
#
# Intel 80386
#
Expand Down
9 changes: 9 additions & 0 deletions lib/one_gadget/builds/libc-2.25-58c735bc7b19b0aeb395cce70cf63bd62ac75e4a.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,15 @@
OneGadget::Gadget.add(build_id, 765680,
constraints: ["[r12] == NULL || r12 == NULL", "[r13] == NULL || r13 == NULL"],
effect: "execve(\"/bin/sh\", r12, r13)")
OneGadget::Gadget.add(build_id, 765738,
constraints: ["writable: rbp-0x38", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r13] == NULL || r13 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x40, r13)")
OneGadget::Gadget.add(build_id, 765742,
constraints: ["writable: rbp-0x30", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r13] == NULL || r13 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x40, r13)")
OneGadget::Gadget.add(build_id, 765750,
constraints: ["writable: rbp-0x40", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r13] == NULL || r13 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x40, r13)")
OneGadget::Gadget.add(build_id, 890131,
constraints: ["[rsp+0x80] == NULL"],
effect: "execve(\"/bin/sh\", rsp+0x80, environ)")
Expand Down
9 changes: 9 additions & 0 deletions lib/one_gadget/builds/libc-2.26-1c39b3b3faa2a2cbb0fa0b6845b29332562262d3.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,15 @@
OneGadget::Gadget.add(build_id, 799344,
constraints: ["[r12] == NULL || r12 == NULL", "[r13] == NULL || r13 == NULL"],
effect: "execve(\"/bin/sh\", r12, r13)")
OneGadget::Gadget.add(build_id, 799402,
constraints: ["writable: rbp-0x38", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r13] == NULL || r13 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x40, r13)")
OneGadget::Gadget.add(build_id, 799406,
constraints: ["writable: rbp-0x30", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r13] == NULL || r13 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x40, r13)")
OneGadget::Gadget.add(build_id, 799414,
constraints: ["writable: rbp-0x40", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r13] == NULL || r13 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x40, r13)")
OneGadget::Gadget.add(build_id, 921646,
constraints: ["[rsp+0x70] == NULL"],
effect: "execve(\"/bin/sh\", rsp+0x70, environ)")
Expand Down
9 changes: 9 additions & 0 deletions lib/one_gadget/builds/libc-2.26-6d2b609f0c8e7b338f767b08c5ac712fac809d31.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,15 @@
OneGadget::Gadget.add(build_id, 890627,
constraints: ["[r13] == NULL || r13 == NULL", "[rbx] == NULL || rbx == NULL"],
effect: "execve(\"/bin/sh\", r13, rbx)")
OneGadget::Gadget.add(build_id, 890922,
constraints: ["writable: rbp-0x48", "[rbp-0x50] == NULL || rbp-0x50 == NULL", "[rbx] == NULL || rbx == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x50, rbx)")
OneGadget::Gadget.add(build_id, 890926,
constraints: ["writable: rbp-0x40", "[rbp-0x50] == NULL || rbp-0x50 == NULL", "[rbx] == NULL || rbx == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x50, rbx)")
OneGadget::Gadget.add(build_id, 890934,
constraints: ["writable: rbp-0x50", "[rbp-0x50] == NULL || rbp-0x50 == NULL", "[rbx] == NULL || rbx == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x50, rbx)")
OneGadget::Gadget.add(build_id, 891345,
constraints: ["[[rbp-0xa0]] == NULL || [rbp-0xa0] == NULL", "[[rbp-0x70]] == NULL || [rbp-0x70] == NULL"],
effect: "execve(\"/bin/sh\", [rbp-0xa0], [rbp-0x70])")
Expand Down
9 changes: 9 additions & 0 deletions lib/one_gadget/builds/libc-2.26-ddcc13122ddbfe5e5ef77d4ebe66d124ae5762c2.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,15 @@
OneGadget::Gadget.add(build_id, 890723,
constraints: ["[r13] == NULL || r13 == NULL", "[rbx] == NULL || rbx == NULL"],
effect: "execve(\"/bin/sh\", r13, rbx)")
OneGadget::Gadget.add(build_id, 891018,
constraints: ["writable: rbp-0x48", "[rbp-0x50] == NULL || rbp-0x50 == NULL", "[rbx] == NULL || rbx == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x50, rbx)")
OneGadget::Gadget.add(build_id, 891022,
constraints: ["writable: rbp-0x40", "[rbp-0x50] == NULL || rbp-0x50 == NULL", "[rbx] == NULL || rbx == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x50, rbx)")
OneGadget::Gadget.add(build_id, 891030,
constraints: ["writable: rbp-0x50", "[rbp-0x50] == NULL || rbp-0x50 == NULL", "[rbx] == NULL || rbx == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x50, rbx)")
OneGadget::Gadget.add(build_id, 891441,
constraints: ["[[rbp-0xa0]] == NULL || [rbp-0xa0] == NULL", "[[rbp-0x70]] == NULL || [rbp-0x70] == NULL"],
effect: "execve(\"/bin/sh\", [rbp-0xa0], [rbp-0x70])")
Expand Down
9 changes: 9 additions & 0 deletions lib/one_gadget/builds/libc-2.26-fb587bc4429e7d1b0de31a3b9ee8ae78ee797eb0.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,15 @@
OneGadget::Gadget.add(build_id, 799376,
constraints: ["[r12] == NULL || r12 == NULL", "[r13] == NULL || r13 == NULL"],
effect: "execve(\"/bin/sh\", r12, r13)")
OneGadget::Gadget.add(build_id, 799434,
constraints: ["writable: rbp-0x38", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r13] == NULL || r13 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x40, r13)")
OneGadget::Gadget.add(build_id, 799438,
constraints: ["writable: rbp-0x30", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r13] == NULL || r13 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x40, r13)")
OneGadget::Gadget.add(build_id, 799446,
constraints: ["writable: rbp-0x40", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r13] == NULL || r13 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x40, r13)")
OneGadget::Gadget.add(build_id, 921694,
constraints: ["[rsp+0x70] == NULL"],
effect: "execve(\"/bin/sh\", rsp+0x70, environ)")
Expand Down
3 changes: 3 additions & 0 deletions lib/one_gadget/builds/libc-2.27-73cd526a553b3b47c6dd0d6dc62175263cdc646e.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@
OneGadget::Gadget.add(build_id, 806271,
constraints: ["[r13] == NULL || r13 == NULL", "[r12] == NULL || r12 == NULL"],
effect: "execve(\"/bin/sh\", r13, r12)")
OneGadget::Gadget.add(build_id, 806325,
constraints: ["writable: rbp-0x38", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r12] == NULL || r12 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x40, r12)")
OneGadget::Gadget.add(build_id, 929870,
constraints: ["[rsp+0x60] == NULL"],
effect: "execve(\"/bin/sh\", rsp+0x60, environ)")
Expand Down
3 changes: 3 additions & 0 deletions lib/one_gadget/builds/libc-2.27-9dd0bb57f81671704475d1e5163405f7b4d4b454.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@
OneGadget::Gadget.add(build_id, 806783,
constraints: ["[r13] == NULL || r13 == NULL", "[r12] == NULL || r12 == NULL"],
effect: "execve(\"/bin/sh\", r13, r12)")
OneGadget::Gadget.add(build_id, 806837,
constraints: ["writable: rbp-0x38", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r12] == NULL || r12 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x40, r12)")
OneGadget::Gadget.add(build_id, 930286,
constraints: ["[rsp+0x60] == NULL"],
effect: "execve(\"/bin/sh\", rsp+0x60, environ)")
Expand Down
3 changes: 3 additions & 0 deletions lib/one_gadget/builds/libc-2.27-ce450eb01a5e5acc7ce7b8c2633b02cc1093339e.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,9 @@
OneGadget::Gadget.add(build_id, 939554,
constraints: ["[rcx] == NULL || rcx == NULL", "[rdx] == NULL || rdx == NULL"],
effect: "execve(\"/bin/sh\", rcx, rdx)")
OneGadget::Gadget.add(build_id, 939613,
constraints: ["writable: [rbp-0x78]+0x10", "writable: rbp-0x80", "[[rbp-0x78]] == NULL || [rbp-0x78] == NULL", "[[rbp-0x70]] == NULL || [rbp-0x70] == NULL"],
effect: "execve(\"/bin/sh\", [rbp-0x78], [rbp-0x70])")
OneGadget::Gadget.add(build_id, 1090588,
constraints: ["[rsp+0x70] == NULL"],
effect: "execve(\"/bin/sh\", rsp+0x70, environ)")
Expand Down
3 changes: 3 additions & 0 deletions lib/one_gadget/builds/libc-2.27-d1237c55f6778f53b369cf22ff81979b2fe340bb.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@
OneGadget::Gadget.add(build_id, 806895,
constraints: ["[r13] == NULL || r13 == NULL", "[r12] == NULL || r12 == NULL"],
effect: "execve(\"/bin/sh\", r13, r12)")
OneGadget::Gadget.add(build_id, 806949,
constraints: ["writable: rbp-0x38", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r12] == NULL || r12 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x40, r12)")
OneGadget::Gadget.add(build_id, 930462,
constraints: ["[rsp+0x60] == NULL"],
effect: "execve(\"/bin/sh\", rsp+0x60, environ)")
Expand Down
12 changes: 12 additions & 0 deletions lib/one_gadget/builds/libc-2.28-5b157f49586a3ca84d55837f97ff466767dd3445.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,18 @@
OneGadget::Gadget.add(build_id, 914339,
constraints: ["[rcx] == NULL || rcx == NULL", "[rdx] == NULL || rdx == NULL"],
effect: "execve(\"/bin/sh\", rcx, rdx)")
OneGadget::Gadget.add(build_id, 914421,
constraints: ["writable: rbp-0x48", "[rbp-0x50] == NULL || rbp-0x50 == NULL", "[r13] == NULL || r13 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x50, r13)")
OneGadget::Gadget.add(build_id, 914425,
constraints: ["writable: rbp-0x50", "[rbp-0x50] == NULL || rbp-0x50 == NULL", "[r13] == NULL || r13 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x50, r13)")
OneGadget::Gadget.add(build_id, 914483,
constraints: ["writable: [rbp-0x78]+0x10", "writable: rbp-0x80", "[[rbp-0x78]] == NULL || [rbp-0x78] == NULL", "[[rbp-0x70]] == NULL || [rbp-0x70] == NULL"],
effect: "execve(\"/bin/sh\", [rbp-0x78], [rbp-0x70])")
OneGadget::Gadget.add(build_id, 914487,
constraints: ["writable: [rbp-0x78]+0x10", "writable: rbp-0x50", "[[rbp-0x78]] == NULL || [rbp-0x78] == NULL", "[[rbp-0x70]] == NULL || [rbp-0x70] == NULL"],
effect: "execve(\"/bin/sh\", [rbp-0x78], [rbp-0x70])")
OneGadget::Gadget.add(build_id, 1064784,
constraints: ["[rsp+0x70] == NULL"],
effect: "execve(\"/bin/sh\", rsp+0x70, environ)")
Expand Down
6 changes: 6 additions & 0 deletions lib/one_gadget/builds/libc-2.28-65ed813688b116fdce9e866ad2fef2e734167337.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,12 @@
OneGadget::Gadget.add(build_id, 823392,
constraints: ["[rsi] == NULL || rsi == NULL", "[rdx] == NULL || rdx == NULL"],
effect: "execve(\"/bin/sh\", rsi, rdx)")
OneGadget::Gadget.add(build_id, 823482,
constraints: ["writable: rbp-0x38", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r12] == NULL || r12 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x40, r12)")
OneGadget::Gadget.add(build_id, 823486,
constraints: ["writable: rbp-0x40", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r12] == NULL || r12 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x40, r12)")
OneGadget::Gadget.add(build_id, 947760,
constraints: ["[rsp+0x60] == NULL"],
effect: "execve(\"/bin/sh\", rsp+0x60, environ)")
Expand Down
6 changes: 6 additions & 0 deletions lib/one_gadget/builds/libc-2.28-6ee9454b96efa9e343f9e8105f2fa4529265ea05.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,12 @@
OneGadget::Gadget.add(build_id, 816112,
constraints: ["[rsi] == NULL || rsi == NULL", "[rdx] == NULL || rdx == NULL"],
effect: "execve(\"/bin/sh\", rsi, rdx)")
OneGadget::Gadget.add(build_id, 816201,
constraints: ["writable: rbp-0x38", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r12] == NULL || r12 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x40, r12)")
OneGadget::Gadget.add(build_id, 816205,
constraints: ["writable: rbp-0x40", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r12] == NULL || r12 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x40, r12)")
OneGadget::Gadget.add(build_id, 939838,
constraints: ["[rsp+0x60] == NULL"],
effect: "execve(\"/bin/sh\", rsp+0x60, environ)")
Expand Down
6 changes: 6 additions & 0 deletions lib/one_gadget/builds/libc-2.29-5b7203920d3d786ac40af8e0d5104683335f11be.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,12 @@
OneGadget::Gadget.add(build_id, 826176,
constraints: ["[rsi] == NULL || rsi == NULL", "[rdx] == NULL || rdx == NULL"],
effect: "execve(\"/bin/sh\", rsi, rdx)")
OneGadget::Gadget.add(build_id, 826266,
constraints: ["writable: rbp-0x38", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r13] == NULL || r13 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x40, r13)")
OneGadget::Gadget.add(build_id, 826273,
constraints: ["writable: rbp-0x40", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r13] == NULL || r13 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x40, r13)")
OneGadget::Gadget.add(build_id, 949339,
constraints: ["[rsp+0x60] == NULL"],
effect: "execve(\"/bin/sh\", rsp+0x60, environ)")
Expand Down
6 changes: 6 additions & 0 deletions lib/one_gadget/builds/libc-2.29-85d5020664b11fd2708859275de41d5ab9d104cf.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,12 @@
OneGadget::Gadget.add(build_id, 824736,
constraints: ["[rsi] == NULL || rsi == NULL", "[rdx] == NULL || rdx == NULL"],
effect: "execve(\"/bin/sh\", rsi, rdx)")
OneGadget::Gadget.add(build_id, 824825,
constraints: ["writable: rbp-0x38", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r12] == NULL || r12 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x40, r12)")
OneGadget::Gadget.add(build_id, 824829,
constraints: ["writable: rbp-0x40", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r12] == NULL || r12 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x40, r12)")
OneGadget::Gadget.add(build_id, 948598,
constraints: ["[rsp+0x60] == NULL"],
effect: "execve(\"/bin/sh\", rsp+0x60, environ)")
Expand Down
8 changes: 7 additions & 1 deletion lib/one_gadget/builds/libc-2.29-a8af6c81cb28a37bf3a546970bf64224402f8bd4.rb
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
require 'one_gadget/gadget'
# https://gitlab.com/david942j/libcdb/blob/master/libc/glibc-2.29-3-x86_64.pkg.tar/usr/lib/libc-2.29.so
# https://gitlab.com/david942j/libcdb/blob/master/libc/glibc-2.29-4-x86_64.pkg.tar/usr/lib/libc-2.29.so
#
# Advanced Micro Devices X86-64
#
Expand All @@ -23,6 +23,12 @@
OneGadget::Gadget.add(build_id, 826624,
constraints: ["[rsi] == NULL || rsi == NULL", "[rdx] == NULL || rdx == NULL"],
effect: "execve(\"/bin/sh\", rsi, rdx)")
OneGadget::Gadget.add(build_id, 826714,
constraints: ["writable: rbp-0x38", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r13] == NULL || r13 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x40, r13)")
OneGadget::Gadget.add(build_id, 826721,
constraints: ["writable: rbp-0x40", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r13] == NULL || r13 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x40, r13)")
OneGadget::Gadget.add(build_id, 949803,
constraints: ["[rsp+0x60] == NULL"],
effect: "execve(\"/bin/sh\", rsp+0x60, environ)")
Expand Down
6 changes: 6 additions & 0 deletions lib/one_gadget/builds/libc-2.29-c19c88c33b60742ca906e0f9f96fe31b8b79ea9c.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,12 @@
OneGadget::Gadget.add(build_id, 819920,
constraints: ["[rsi] == NULL || rsi == NULL", "[rdx] == NULL || rdx == NULL"],
effect: "execve(\"/bin/sh\", rsi, rdx)")
OneGadget::Gadget.add(build_id, 820010,
constraints: ["writable: rbp-0x38", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r12] == NULL || r12 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x40, r12)")
OneGadget::Gadget.add(build_id, 820014,
constraints: ["writable: rbp-0x40", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r12] == NULL || r12 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x40, r12)")
OneGadget::Gadget.add(build_id, 944400,
constraints: ["[rsp+0x60] == NULL"],
effect: "execve(\"/bin/sh\", rsp+0x60, environ)")
Expand Down
12 changes: 12 additions & 0 deletions lib/one_gadget/builds/libc-2.29-d561ec515222887a1e004555981169199d841024.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,18 @@
OneGadget::Gadget.add(build_id, 926595,
constraints: ["[rcx] == NULL || rcx == NULL", "[rdx] == NULL || rdx == NULL"],
effect: "execve(\"/bin/sh\", rcx, rdx)")
OneGadget::Gadget.add(build_id, 926677,
constraints: ["writable: rbp-0x48", "[rbp-0x50] == NULL || rbp-0x50 == NULL", "[r13] == NULL || r13 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x50, r13)")
OneGadget::Gadget.add(build_id, 926681,
constraints: ["writable: rbp-0x50", "[rbp-0x50] == NULL || rbp-0x50 == NULL", "[r13] == NULL || r13 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x50, r13)")
OneGadget::Gadget.add(build_id, 926739,
constraints: ["writable: [rbp-0x78]+0x10", "writable: rbp-0x80", "[[rbp-0x78]] == NULL || [rbp-0x78] == NULL", "[[rbp-0x70]] == NULL || [rbp-0x70] == NULL"],
effect: "execve(\"/bin/sh\", [rbp-0x78], [rbp-0x70])")
OneGadget::Gadget.add(build_id, 926743,
constraints: ["writable: [rbp-0x78]+0x10", "writable: rbp-0x50", "[[rbp-0x78]] == NULL || [rbp-0x78] == NULL", "[[rbp-0x70]] == NULL || [rbp-0x70] == NULL"],
effect: "execve(\"/bin/sh\", [rbp-0x78], [rbp-0x70])")
OneGadget::Gadget.add(build_id, 1076984,
constraints: ["[rsp+0x70] == NULL"],
effect: "execve(\"/bin/sh\", rsp+0x70, environ)")
Expand Down
12 changes: 12 additions & 0 deletions lib/one_gadget/builds/libc-2.30-2155f455ad56bd871c8225bcca85ee25c1c197c4.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,18 @@
OneGadget::Gadget.add(build_id, 945046,
constraints: ["writable: rbp-0x78", "[r10] == NULL || r10 == NULL", "[rdx] == NULL || rdx == NULL"],
effect: "execve(\"/bin/sh\", r10, rdx)")
OneGadget::Gadget.add(build_id, 945161,
constraints: ["writable: rbp-0x48", "[rbp-0x50] == NULL || rbp-0x50 == NULL", "[r12] == NULL || r12 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x50, r12)")
OneGadget::Gadget.add(build_id, 945168,
constraints: ["writable: rbp-0x50", "[rbp-0x50] == NULL || rbp-0x50 == NULL", "[r12] == NULL || r12 == NULL"],
effect: "execve(\"/bin/sh\", rbp-0x50, r12)")
OneGadget::Gadget.add(build_id, 945237,
constraints: ["writable: r10+0x10", "writable: rbp-0x50", "[r10] == NULL || r10 == NULL", "[r12] == NULL || r12 == NULL"],
effect: "execve(\"/bin/sh\", r10, r12)")
OneGadget::Gadget.add(build_id, 945245,
constraints: ["writable: r10+0x10", "writable: rbp-0x48", "[r10] == NULL || r10 == NULL", "[r12] == NULL || r12 == NULL"],
effect: "execve(\"/bin/sh\", r10, r12)")
OneGadget::Gadget.add(build_id, 1093545,
constraints: ["[rsp+0x70] == NULL"],
effect: "execve(\"/bin/sh\", rsp+0x70, environ)")
Expand Down

0 comments on commit 8765130

Please sign in to comment.