one_gadget 1.1.0 → 1.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +0 -2
- data/lib/one_gadget/builds/libc-2.23-369de0e1d833caa693af17f17c83ba937f0a4dad.rb +8 -0
- data/lib/one_gadget/builds/libc-2.23-926eb99d49cab2e5622af38ab07395f5b32035e9.rb +1 -1
- data/lib/one_gadget/builds/libc-2.23-edceed30099baad51871c5fc277daf9b74dc726a.rb +8 -0
- data/lib/one_gadget/fetchers/amd64.rb +2 -0
- data/lib/one_gadget/fetchers/base.rb +5 -0
- data/lib/one_gadget/fetchers/i386.rb +2 -0
- data/lib/one_gadget/helper.rb +7 -4
- data/lib/one_gadget/logger.rb +4 -0
- data/lib/one_gadget/version.rb +1 -1
- metadata +5 -21
- data/spec/data/libc-2.19-cf699a15caae64f50311fc4655b86dc39a479789.so +0 -0
- data/spec/data/libc-2.19-fd51b20e670e9a9f60dc3b06dc9761fb08c9358b.so +0 -0
- data/spec/data/libc-2.23-60131540dadc6796cab33388349e6e4e68692053.so +0 -0
- data/spec/data/libc-2.23-926eb99d49cab2e5622af38ab07395f5b32035e9.so +0 -0
- data/spec/gadget_spec.rb +0 -22
- data/spec/helper_spec.rb +0 -25
- data/spec/one_gadget_amd64_spec.rb +0 -31
- data/spec/one_gadget_i386_spec.rb +0 -24
- data/spec/spec_helper.rb +0 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 43bf496ed69e442f3a6672eff7b0e3f7dffe9256
|
|
4
|
+
data.tar.gz: 2ef6da1b0f7173adf036ad43e99533fd98005606
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fa4a2851e9ad28b690c7f2d7c4bcb4c3797d4b587b0b5a02d130d06628576aabbc73812d837c8efd04ea099c98659f0b9447c3d184894781198deae234707a44
|
|
7
|
+
data.tar.gz: 76ff23514c99da82136f7f55d3ba44d7dfcf48a56dba3db853e994ad90bcd8f341d963cb5cf9fb53bebf562dcadf1819bab6d02fbbd5f80625ce9ac20f94504d
|
data/README.md
CHANGED
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
require 'one_gadget/gadget'
|
|
2
|
+
# Ubuntu GLIBC 2.23-0ubuntu3
|
|
3
|
+
# ELF 64-bit LSB shared object, x86-64
|
|
4
|
+
build_id = File.basename(__FILE__, '.rb').split('-').last
|
|
5
|
+
OneGadget::Gadget.add(build_id, 0x4525a, constraints: ['[rsp+0x30] == NULL'])
|
|
6
|
+
OneGadget::Gadget.add(build_id, 0xef9f4, constraints: ['[rsp+0x50] == NULL'])
|
|
7
|
+
OneGadget::Gadget.add(build_id, 0xf0897, constraints: ['[rsp+0x70] == NULL'])
|
|
8
|
+
OneGadget::Gadget.add(build_id, 0xf5e40, constraints: ['[rbp-0xf8] == NULL', 'rcx == NULL'])
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
require 'one_gadget/gadget'
|
|
2
2
|
# Ubuntu GLIBC 2.23-0ubuntu5
|
|
3
3
|
# ELF 32-bit LSB shared object, Intel 80386
|
|
4
|
-
build_id = File.basename(__FILE__, '.rb').split('-').last
|
|
4
|
+
build_id = File.basename(__FILE__, '.rb').split('-').last
|
|
5
5
|
rw_area_constraint = 'esi is the address of `rw-p` area of libc'
|
|
6
6
|
OneGadget::Gadget.add(build_id, 0x3ac69, constraints: [rw_area_constraint, '[esp+0x34] == NULL'])
|
|
7
7
|
OneGadget::Gadget.add(build_id, 0x5fbbe, constraints: [rw_area_constraint, 'eax == NULL'])
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
require 'one_gadget/gadget'
|
|
2
|
+
# Ubuntu GLIBC 2.23-0ubuntu5
|
|
3
|
+
# ELF 32-bit LSB shared object, Intel 80386
|
|
4
|
+
build_id = File.basename(__FILE__, '.rb').split('-').last
|
|
5
|
+
rw_area_constraint = 'esi is the address of `rw-p` area of libc'
|
|
6
|
+
OneGadget::Gadget.add(build_id, 0x3a7f9, constraints: [rw_area_constraint, '[esp+0x34] == NULL'])
|
|
7
|
+
OneGadget::Gadget.add(build_id, 0x5ef3e, constraints: [rw_area_constraint, 'eax == NULL'])
|
|
8
|
+
OneGadget::Gadget.add(build_id, 0x11dcb5, constraints: [rw_area_constraint, 'eax == NULL'])
|
|
@@ -3,6 +3,8 @@ module OneGadget
|
|
|
3
3
|
module Fetcher
|
|
4
4
|
# Fetcher for amd64.
|
|
5
5
|
class Amd64 < OneGadget::Fetcher::Base
|
|
6
|
+
# Gadgets for amd64 glibc.
|
|
7
|
+
# @return [Array<OneGadget::Gadget::Gadget>] Gadgets found.
|
|
6
8
|
def find
|
|
7
9
|
bin_sh_hex = str_offset('/bin/sh').to_s(16)
|
|
8
10
|
cands = candidates do |candidate|
|
|
@@ -4,12 +4,17 @@ module OneGadget
|
|
|
4
4
|
module Fetcher
|
|
5
5
|
# define common methods for gadget fetchers.
|
|
6
6
|
class Base
|
|
7
|
+
# The absolute path of glibc.
|
|
8
|
+
# @return [String] The filename.
|
|
7
9
|
attr_reader :file
|
|
10
|
+
# Instantiate a fetcher object.
|
|
8
11
|
# @param [String] file Absolute path of target libc.
|
|
9
12
|
def initialize(file)
|
|
10
13
|
@file = ::Shellwords.escape(file)
|
|
11
14
|
end
|
|
12
15
|
|
|
16
|
+
# Method need to be implemented in inheritors.
|
|
17
|
+
# @return [Array<OneGadget::Gadget::Gadget>] Gadgets found.
|
|
13
18
|
def find; raise NotImplementedError
|
|
14
19
|
end
|
|
15
20
|
|
data/lib/one_gadget/helper.rb
CHANGED
|
@@ -68,10 +68,10 @@ module OneGadget
|
|
|
68
68
|
# Fetch the latest release version's tag name.
|
|
69
69
|
# @return [String] The tag name, in form +vx.x.x+.
|
|
70
70
|
def latest_tag
|
|
71
|
-
|
|
71
|
+
releases_url = 'https://github.com/david942j/one_gadget/releases'
|
|
72
|
+
@latest_tag ||= 'v' + url_request(releases_url).scan(%r{/tree/v([\d.]+)"}).map do |tag|
|
|
72
73
|
Gem::Version.new(tag.first)
|
|
73
74
|
end.max.to_s
|
|
74
|
-
'v' + latest
|
|
75
75
|
end
|
|
76
76
|
|
|
77
77
|
# Get the url which can fetch +filename+ from remote repo.
|
|
@@ -97,14 +97,13 @@ module OneGadget
|
|
|
97
97
|
# Get the latest builds list from repo.
|
|
98
98
|
# @return [Array<String>] List of build ids.
|
|
99
99
|
def remote_builds
|
|
100
|
-
url_request(url_of_file('builds_list')).lines.map(&:strip)
|
|
100
|
+
@remote_builds ||= url_request(url_of_file('builds_list')).lines.map(&:strip)
|
|
101
101
|
end
|
|
102
102
|
|
|
103
103
|
# Get request.
|
|
104
104
|
# @param [String] url The url.
|
|
105
105
|
# @return [String] The request response body.
|
|
106
106
|
def url_request(url)
|
|
107
|
-
# TODO: add timeout to handle github crashed or in no network environment.
|
|
108
107
|
uri = URI.parse(url)
|
|
109
108
|
http = Net::HTTP.new(uri.host, uri.port)
|
|
110
109
|
http.use_ssl = true
|
|
@@ -113,7 +112,11 @@ module OneGadget
|
|
|
113
112
|
request = Net::HTTP::Get.new(uri.request_uri)
|
|
114
113
|
|
|
115
114
|
response = http.request(request)
|
|
115
|
+
raise ArgumentError, "Fail to get response of #{url}" unless response.code == '200'
|
|
116
116
|
response.body
|
|
117
|
+
rescue NoMethodError, SocketError, ArgumentError => e
|
|
118
|
+
p e
|
|
119
|
+
nil
|
|
117
120
|
end
|
|
118
121
|
|
|
119
122
|
# Show the message of ask user to update gem.
|
data/lib/one_gadget/logger.rb
CHANGED
data/lib/one_gadget/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: one_gadget
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- david942j
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-02-
|
|
11
|
+
date: 2017-02-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|
|
@@ -97,8 +97,10 @@ files:
|
|
|
97
97
|
- bin/one_gadget
|
|
98
98
|
- lib/one_gadget.rb
|
|
99
99
|
- lib/one_gadget/abi.rb
|
|
100
|
+
- lib/one_gadget/builds/libc-2.23-369de0e1d833caa693af17f17c83ba937f0a4dad.rb
|
|
100
101
|
- lib/one_gadget/builds/libc-2.23-60131540dadc6796cab33388349e6e4e68692053.rb
|
|
101
102
|
- lib/one_gadget/builds/libc-2.23-926eb99d49cab2e5622af38ab07395f5b32035e9.rb
|
|
103
|
+
- lib/one_gadget/builds/libc-2.23-edceed30099baad51871c5fc277daf9b74dc726a.rb
|
|
102
104
|
- lib/one_gadget/fetcher.rb
|
|
103
105
|
- lib/one_gadget/fetchers/amd64.rb
|
|
104
106
|
- lib/one_gadget/fetchers/base.rb
|
|
@@ -107,15 +109,6 @@ files:
|
|
|
107
109
|
- lib/one_gadget/helper.rb
|
|
108
110
|
- lib/one_gadget/logger.rb
|
|
109
111
|
- lib/one_gadget/version.rb
|
|
110
|
-
- spec/data/libc-2.19-cf699a15caae64f50311fc4655b86dc39a479789.so
|
|
111
|
-
- spec/data/libc-2.19-fd51b20e670e9a9f60dc3b06dc9761fb08c9358b.so
|
|
112
|
-
- spec/data/libc-2.23-60131540dadc6796cab33388349e6e4e68692053.so
|
|
113
|
-
- spec/data/libc-2.23-926eb99d49cab2e5622af38ab07395f5b32035e9.so
|
|
114
|
-
- spec/gadget_spec.rb
|
|
115
|
-
- spec/helper_spec.rb
|
|
116
|
-
- spec/one_gadget_amd64_spec.rb
|
|
117
|
-
- spec/one_gadget_i386_spec.rb
|
|
118
|
-
- spec/spec_helper.rb
|
|
119
112
|
homepage: https://github.com/david942j/one_gadget
|
|
120
113
|
licenses:
|
|
121
114
|
- MIT
|
|
@@ -140,13 +133,4 @@ rubygems_version: 2.5.2
|
|
|
140
133
|
signing_key:
|
|
141
134
|
specification_version: 4
|
|
142
135
|
summary: one_gadget
|
|
143
|
-
test_files:
|
|
144
|
-
- spec/one_gadget_i386_spec.rb
|
|
145
|
-
- spec/one_gadget_amd64_spec.rb
|
|
146
|
-
- spec/data/libc-2.23-926eb99d49cab2e5622af38ab07395f5b32035e9.so
|
|
147
|
-
- spec/data/libc-2.19-cf699a15caae64f50311fc4655b86dc39a479789.so
|
|
148
|
-
- spec/data/libc-2.23-60131540dadc6796cab33388349e6e4e68692053.so
|
|
149
|
-
- spec/data/libc-2.19-fd51b20e670e9a9f60dc3b06dc9761fb08c9358b.so
|
|
150
|
-
- spec/spec_helper.rb
|
|
151
|
-
- spec/helper_spec.rb
|
|
152
|
-
- spec/gadget_spec.rb
|
|
136
|
+
test_files: []
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
data/spec/gadget_spec.rb
DELETED
|
@@ -1,22 +0,0 @@
|
|
|
1
|
-
require 'one_gadget/gadget'
|
|
2
|
-
require 'one_gadget/helper'
|
|
3
|
-
describe OneGadget::Gadget do
|
|
4
|
-
before(:all) do
|
|
5
|
-
@build_id = 'fake_id'
|
|
6
|
-
OneGadget::Helper.color_off! # disable colorize for easy testing.
|
|
7
|
-
OneGadget::Gadget.add(@build_id, 0x1234, constraints: ['[rsp+0x30] == NULL', 'rax == 0'])
|
|
8
|
-
end
|
|
9
|
-
|
|
10
|
-
after(:all) do
|
|
11
|
-
OneGadget::Gadget::ClassMethods::BUILDS.delete @build_id
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
it 'inspect' do
|
|
15
|
-
expect(OneGadget::Gadget.builds(@build_id).map(&:inspect).join).to eq <<-EOS
|
|
16
|
-
offset: 0x1234
|
|
17
|
-
constraints:
|
|
18
|
-
[rsp+0x30] == NULL
|
|
19
|
-
rax == 0
|
|
20
|
-
EOS
|
|
21
|
-
end
|
|
22
|
-
end
|
data/spec/helper_spec.rb
DELETED
|
@@ -1,25 +0,0 @@
|
|
|
1
|
-
require 'one_gadget/helper'
|
|
2
|
-
|
|
3
|
-
describe OneGadget::Helper do
|
|
4
|
-
before(:all) do
|
|
5
|
-
OneGadget::Helper.color_on!
|
|
6
|
-
@libcpath = File.join(File.dirname(__FILE__), 'data', 'libc-2.23-60131540dadc6796cab33388349e6e4e68692053.so')
|
|
7
|
-
end
|
|
8
|
-
it 'abspath' do
|
|
9
|
-
expect(OneGadget::Helper.abspath('./spec/data/libc-2.23-60131540dadc6796cab33388349e6e4e68692053.so'))
|
|
10
|
-
.to eq @libcpath
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
it 'build_id_of' do
|
|
14
|
-
expect(OneGadget::Helper.build_id_of(@libcpath)).to eq '60131540dadc6796cab33388349e6e4e68692053'
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
it 'colorize' do
|
|
18
|
-
expect(OneGadget::Helper.colorize('123', sev: :integer)).to eq "\e[38;5;12m123\e[0m"
|
|
19
|
-
end
|
|
20
|
-
|
|
21
|
-
it 'architecture' do
|
|
22
|
-
expect(OneGadget::Helper.architecture(@libcpath)).to be :amd64
|
|
23
|
-
expect(OneGadget::Helper.architecture(__FILE__)).to be :unknown
|
|
24
|
-
end
|
|
25
|
-
end
|
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
require 'one_gadget'
|
|
2
|
-
|
|
3
|
-
describe 'one_gadget' do
|
|
4
|
-
before(:each) do
|
|
5
|
-
@build_id = '60131540dadc6796cab33388349e6e4e68692053'
|
|
6
|
-
@libcpath = File.join(File.dirname(__FILE__), 'data', 'libc-2.19-cf699a15caae64f50311fc4655b86dc39a479789.so')
|
|
7
|
-
end
|
|
8
|
-
|
|
9
|
-
it 'from file' do
|
|
10
|
-
expect(OneGadget.gadgets(file: @libcpath)).to eq [0x4647c, 0xe5765, 0xe66bd]
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
describe 'from build id' do
|
|
14
|
-
it 'normal' do
|
|
15
|
-
# only check not empty because the gadgets might add frequently.
|
|
16
|
-
expect(OneGadget.gadgets(build_id: @build_id)).not_to be_empty
|
|
17
|
-
end
|
|
18
|
-
|
|
19
|
-
it 'invalid' do
|
|
20
|
-
expect { OneGadget.gadgets(build_id: '^_^') }.to raise_error(ArgumentError, 'invalid BuildID format: "^_^"')
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
it 'fetch from remote' do
|
|
24
|
-
entry = OneGadget::Gadget::ClassMethods::BUILDS.delete(@build_id)
|
|
25
|
-
OneGadget::Gadget::ClassMethods::BUILDS[:a] = 1
|
|
26
|
-
expect(OneGadget.gadgets(build_id: @build_id)).not_to be_empty
|
|
27
|
-
OneGadget::Gadget::ClassMethods::BUILDS.delete(:a)
|
|
28
|
-
OneGadget::Gadget::ClassMethods::BUILDS[@build_id] = entry unless entry.nil?
|
|
29
|
-
end
|
|
30
|
-
end
|
|
31
|
-
end
|
|
@@ -1,24 +0,0 @@
|
|
|
1
|
-
require 'one_gadget'
|
|
2
|
-
|
|
3
|
-
describe 'one_gadget' do
|
|
4
|
-
before(:each) do
|
|
5
|
-
@build_id = '926eb99d49cab2e5622af38ab07395f5b32035e9'
|
|
6
|
-
@libcpath19 = File.join(File.dirname(__FILE__), 'data', 'libc-2.19-fd51b20e670e9a9f60dc3b06dc9761fb08c9358b.so')
|
|
7
|
-
@libcpath23 = File.join(File.dirname(__FILE__), 'data', 'libc-2.23-926eb99d49cab2e5622af38ab07395f5b32035e9.so')
|
|
8
|
-
end
|
|
9
|
-
|
|
10
|
-
it 'from file libc-2.19' do
|
|
11
|
-
expect(OneGadget.gadgets(file: @libcpath19, force_file: true)).to eq [0x3fd27, 0x64c60, 0x1244a6]
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
it 'from file libc-2.23' do
|
|
15
|
-
expect(OneGadget.gadgets(file: @libcpath23, force_file: true)).to eq [0x3ac69, 0x5fbbe, 0x12036c]
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
describe 'from build id' do
|
|
19
|
-
it 'normal' do
|
|
20
|
-
# only check not empty because the gadgets might add frequently.
|
|
21
|
-
expect(OneGadget.gadgets(build_id: @build_id)).not_to be_empty
|
|
22
|
-
end
|
|
23
|
-
end
|
|
24
|
-
end
|
data/spec/spec_helper.rb
DELETED