one_gadget 1.1.0 → 1.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +0 -2
- data/lib/one_gadget/builds/libc-2.23-369de0e1d833caa693af17f17c83ba937f0a4dad.rb +8 -0
- data/lib/one_gadget/builds/libc-2.23-926eb99d49cab2e5622af38ab07395f5b32035e9.rb +1 -1
- data/lib/one_gadget/builds/libc-2.23-edceed30099baad51871c5fc277daf9b74dc726a.rb +8 -0
- data/lib/one_gadget/fetchers/amd64.rb +2 -0
- data/lib/one_gadget/fetchers/base.rb +5 -0
- data/lib/one_gadget/fetchers/i386.rb +2 -0
- data/lib/one_gadget/helper.rb +7 -4
- data/lib/one_gadget/logger.rb +4 -0
- data/lib/one_gadget/version.rb +1 -1
- metadata +5 -21
- data/spec/data/libc-2.19-cf699a15caae64f50311fc4655b86dc39a479789.so +0 -0
- data/spec/data/libc-2.19-fd51b20e670e9a9f60dc3b06dc9761fb08c9358b.so +0 -0
- data/spec/data/libc-2.23-60131540dadc6796cab33388349e6e4e68692053.so +0 -0
- data/spec/data/libc-2.23-926eb99d49cab2e5622af38ab07395f5b32035e9.so +0 -0
- data/spec/gadget_spec.rb +0 -22
- data/spec/helper_spec.rb +0 -25
- data/spec/one_gadget_amd64_spec.rb +0 -31
- data/spec/one_gadget_i386_spec.rb +0 -24
- data/spec/spec_helper.rb +0 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 43bf496ed69e442f3a6672eff7b0e3f7dffe9256
|
|
4
|
+
data.tar.gz: 2ef6da1b0f7173adf036ad43e99533fd98005606
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fa4a2851e9ad28b690c7f2d7c4bcb4c3797d4b587b0b5a02d130d06628576aabbc73812d837c8efd04ea099c98659f0b9447c3d184894781198deae234707a44
|
|
7
|
+
data.tar.gz: 76ff23514c99da82136f7f55d3ba44d7dfcf48a56dba3db853e994ad90bcd8f341d963cb5cf9fb53bebf562dcadf1819bab6d02fbbd5f80625ce9ac20f94504d
|
data/README.md
CHANGED
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
require 'one_gadget/gadget'
|
|
2
|
+
# Ubuntu GLIBC 2.23-0ubuntu3
|
|
3
|
+
# ELF 64-bit LSB shared object, x86-64
|
|
4
|
+
build_id = File.basename(__FILE__, '.rb').split('-').last
|
|
5
|
+
OneGadget::Gadget.add(build_id, 0x4525a, constraints: ['[rsp+0x30] == NULL'])
|
|
6
|
+
OneGadget::Gadget.add(build_id, 0xef9f4, constraints: ['[rsp+0x50] == NULL'])
|
|
7
|
+
OneGadget::Gadget.add(build_id, 0xf0897, constraints: ['[rsp+0x70] == NULL'])
|
|
8
|
+
OneGadget::Gadget.add(build_id, 0xf5e40, constraints: ['[rbp-0xf8] == NULL', 'rcx == NULL'])
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
require 'one_gadget/gadget'
|
|
2
2
|
# Ubuntu GLIBC 2.23-0ubuntu5
|
|
3
3
|
# ELF 32-bit LSB shared object, Intel 80386
|
|
4
|
-
build_id = File.basename(__FILE__, '.rb').split('-').last
|
|
4
|
+
build_id = File.basename(__FILE__, '.rb').split('-').last
|
|
5
5
|
rw_area_constraint = 'esi is the address of `rw-p` area of libc'
|
|
6
6
|
OneGadget::Gadget.add(build_id, 0x3ac69, constraints: [rw_area_constraint, '[esp+0x34] == NULL'])
|
|
7
7
|
OneGadget::Gadget.add(build_id, 0x5fbbe, constraints: [rw_area_constraint, 'eax == NULL'])
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
require 'one_gadget/gadget'
|
|
2
|
+
# Ubuntu GLIBC 2.23-0ubuntu5
|
|
3
|
+
# ELF 32-bit LSB shared object, Intel 80386
|
|
4
|
+
build_id = File.basename(__FILE__, '.rb').split('-').last
|
|
5
|
+
rw_area_constraint = 'esi is the address of `rw-p` area of libc'
|
|
6
|
+
OneGadget::Gadget.add(build_id, 0x3a7f9, constraints: [rw_area_constraint, '[esp+0x34] == NULL'])
|
|
7
|
+
OneGadget::Gadget.add(build_id, 0x5ef3e, constraints: [rw_area_constraint, 'eax == NULL'])
|
|
8
|
+
OneGadget::Gadget.add(build_id, 0x11dcb5, constraints: [rw_area_constraint, 'eax == NULL'])
|
|
@@ -3,6 +3,8 @@ module OneGadget
|
|
|
3
3
|
module Fetcher
|
|
4
4
|
# Fetcher for amd64.
|
|
5
5
|
class Amd64 < OneGadget::Fetcher::Base
|
|
6
|
+
# Gadgets for amd64 glibc.
|
|
7
|
+
# @return [Array<OneGadget::Gadget::Gadget>] Gadgets found.
|
|
6
8
|
def find
|
|
7
9
|
bin_sh_hex = str_offset('/bin/sh').to_s(16)
|
|
8
10
|
cands = candidates do |candidate|
|
|
@@ -4,12 +4,17 @@ module OneGadget
|
|
|
4
4
|
module Fetcher
|
|
5
5
|
# define common methods for gadget fetchers.
|
|
6
6
|
class Base
|
|
7
|
+
# The absolute path of glibc.
|
|
8
|
+
# @return [String] The filename.
|
|
7
9
|
attr_reader :file
|
|
10
|
+
# Instantiate a fetcher object.
|
|
8
11
|
# @param [String] file Absolute path of target libc.
|
|
9
12
|
def initialize(file)
|
|
10
13
|
@file = ::Shellwords.escape(file)
|
|
11
14
|
end
|
|
12
15
|
|
|
16
|
+
# Method need to be implemented in inheritors.
|
|
17
|
+
# @return [Array<OneGadget::Gadget::Gadget>] Gadgets found.
|
|
13
18
|
def find; raise NotImplementedError
|
|
14
19
|
end
|
|
15
20
|
|
data/lib/one_gadget/helper.rb
CHANGED
|
@@ -68,10 +68,10 @@ module OneGadget
|
|
|
68
68
|
# Fetch the latest release version's tag name.
|
|
69
69
|
# @return [String] The tag name, in form +vx.x.x+.
|
|
70
70
|
def latest_tag
|
|
71
|
-
|
|
71
|
+
releases_url = 'https://github.com/david942j/one_gadget/releases'
|
|
72
|
+
@latest_tag ||= 'v' + url_request(releases_url).scan(%r{/tree/v([\d.]+)"}).map do |tag|
|
|
72
73
|
Gem::Version.new(tag.first)
|
|
73
74
|
end.max.to_s
|
|
74
|
-
'v' + latest
|
|
75
75
|
end
|
|
76
76
|
|
|
77
77
|
# Get the url which can fetch +filename+ from remote repo.
|
|
@@ -97,14 +97,13 @@ module OneGadget
|
|
|
97
97
|
# Get the latest builds list from repo.
|
|
98
98
|
# @return [Array<String>] List of build ids.
|
|
99
99
|
def remote_builds
|
|
100
|
-
url_request(url_of_file('builds_list')).lines.map(&:strip)
|
|
100
|
+
@remote_builds ||= url_request(url_of_file('builds_list')).lines.map(&:strip)
|
|
101
101
|
end
|
|
102
102
|
|
|
103
103
|
# Get request.
|
|
104
104
|
# @param [String] url The url.
|
|
105
105
|
# @return [String] The request response body.
|
|
106
106
|
def url_request(url)
|
|
107
|
-
# TODO: add timeout to handle github crashed or in no network environment.
|
|
108
107
|
uri = URI.parse(url)
|
|
109
108
|
http = Net::HTTP.new(uri.host, uri.port)
|
|
110
109
|
http.use_ssl = true
|
|
@@ -113,7 +112,11 @@ module OneGadget
|
|
|
113
112
|
request = Net::HTTP::Get.new(uri.request_uri)
|
|
114
113
|
|
|
115
114
|
response = http.request(request)
|
|
115
|
+
raise ArgumentError, "Fail to get response of #{url}" unless response.code == '200'
|
|
116
116
|
response.body
|
|
117
|
+
rescue NoMethodError, SocketError, ArgumentError => e
|
|
118
|
+
p e
|
|
119
|
+
nil
|
|
117
120
|
end
|
|
118
121
|
|
|
119
122
|
# Show the message of ask user to update gem.
|
data/lib/one_gadget/logger.rb
CHANGED
data/lib/one_gadget/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: one_gadget
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- david942j
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-02-
|
|
11
|
+
date: 2017-02-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|
|
@@ -97,8 +97,10 @@ files:
|
|
|
97
97
|
- bin/one_gadget
|
|
98
98
|
- lib/one_gadget.rb
|
|
99
99
|
- lib/one_gadget/abi.rb
|
|
100
|
+
- lib/one_gadget/builds/libc-2.23-369de0e1d833caa693af17f17c83ba937f0a4dad.rb
|
|
100
101
|
- lib/one_gadget/builds/libc-2.23-60131540dadc6796cab33388349e6e4e68692053.rb
|
|
101
102
|
- lib/one_gadget/builds/libc-2.23-926eb99d49cab2e5622af38ab07395f5b32035e9.rb
|
|
103
|
+
- lib/one_gadget/builds/libc-2.23-edceed30099baad51871c5fc277daf9b74dc726a.rb
|
|
102
104
|
- lib/one_gadget/fetcher.rb
|
|
103
105
|
- lib/one_gadget/fetchers/amd64.rb
|
|
104
106
|
- lib/one_gadget/fetchers/base.rb
|
|
@@ -107,15 +109,6 @@ files:
|
|
|
107
109
|
- lib/one_gadget/helper.rb
|
|
108
110
|
- lib/one_gadget/logger.rb
|
|
109
111
|
- lib/one_gadget/version.rb
|
|
110
|
-
- spec/data/libc-2.19-cf699a15caae64f50311fc4655b86dc39a479789.so
|
|
111
|
-
- spec/data/libc-2.19-fd51b20e670e9a9f60dc3b06dc9761fb08c9358b.so
|
|
112
|
-
- spec/data/libc-2.23-60131540dadc6796cab33388349e6e4e68692053.so
|
|
113
|
-
- spec/data/libc-2.23-926eb99d49cab2e5622af38ab07395f5b32035e9.so
|
|
114
|
-
- spec/gadget_spec.rb
|
|
115
|
-
- spec/helper_spec.rb
|
|
116
|
-
- spec/one_gadget_amd64_spec.rb
|
|
117
|
-
- spec/one_gadget_i386_spec.rb
|
|
118
|
-
- spec/spec_helper.rb
|
|
119
112
|
homepage: https://github.com/david942j/one_gadget
|
|
120
113
|
licenses:
|
|
121
114
|
- MIT
|
|
@@ -140,13 +133,4 @@ rubygems_version: 2.5.2
|
|
|
140
133
|
signing_key:
|
|
141
134
|
specification_version: 4
|
|
142
135
|
summary: one_gadget
|
|
143
|
-
test_files:
|
|
144
|
-
- spec/one_gadget_i386_spec.rb
|
|
145
|
-
- spec/one_gadget_amd64_spec.rb
|
|
146
|
-
- spec/data/libc-2.23-926eb99d49cab2e5622af38ab07395f5b32035e9.so
|
|
147
|
-
- spec/data/libc-2.19-cf699a15caae64f50311fc4655b86dc39a479789.so
|
|
148
|
-
- spec/data/libc-2.23-60131540dadc6796cab33388349e6e4e68692053.so
|
|
149
|
-
- spec/data/libc-2.19-fd51b20e670e9a9f60dc3b06dc9761fb08c9358b.so
|
|
150
|
-
- spec/spec_helper.rb
|
|
151
|
-
- spec/helper_spec.rb
|
|
152
|
-
- spec/gadget_spec.rb
|
|
136
|
+
test_files: []
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
data/spec/gadget_spec.rb
DELETED
|
@@ -1,22 +0,0 @@
|
|
|
1
|
-
require 'one_gadget/gadget'
|
|
2
|
-
require 'one_gadget/helper'
|
|
3
|
-
describe OneGadget::Gadget do
|
|
4
|
-
before(:all) do
|
|
5
|
-
@build_id = 'fake_id'
|
|
6
|
-
OneGadget::Helper.color_off! # disable colorize for easy testing.
|
|
7
|
-
OneGadget::Gadget.add(@build_id, 0x1234, constraints: ['[rsp+0x30] == NULL', 'rax == 0'])
|
|
8
|
-
end
|
|
9
|
-
|
|
10
|
-
after(:all) do
|
|
11
|
-
OneGadget::Gadget::ClassMethods::BUILDS.delete @build_id
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
it 'inspect' do
|
|
15
|
-
expect(OneGadget::Gadget.builds(@build_id).map(&:inspect).join).to eq <<-EOS
|
|
16
|
-
offset: 0x1234
|
|
17
|
-
constraints:
|
|
18
|
-
[rsp+0x30] == NULL
|
|
19
|
-
rax == 0
|
|
20
|
-
EOS
|
|
21
|
-
end
|
|
22
|
-
end
|
data/spec/helper_spec.rb
DELETED
|
@@ -1,25 +0,0 @@
|
|
|
1
|
-
require 'one_gadget/helper'
|
|
2
|
-
|
|
3
|
-
describe OneGadget::Helper do
|
|
4
|
-
before(:all) do
|
|
5
|
-
OneGadget::Helper.color_on!
|
|
6
|
-
@libcpath = File.join(File.dirname(__FILE__), 'data', 'libc-2.23-60131540dadc6796cab33388349e6e4e68692053.so')
|
|
7
|
-
end
|
|
8
|
-
it 'abspath' do
|
|
9
|
-
expect(OneGadget::Helper.abspath('./spec/data/libc-2.23-60131540dadc6796cab33388349e6e4e68692053.so'))
|
|
10
|
-
.to eq @libcpath
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
it 'build_id_of' do
|
|
14
|
-
expect(OneGadget::Helper.build_id_of(@libcpath)).to eq '60131540dadc6796cab33388349e6e4e68692053'
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
it 'colorize' do
|
|
18
|
-
expect(OneGadget::Helper.colorize('123', sev: :integer)).to eq "\e[38;5;12m123\e[0m"
|
|
19
|
-
end
|
|
20
|
-
|
|
21
|
-
it 'architecture' do
|
|
22
|
-
expect(OneGadget::Helper.architecture(@libcpath)).to be :amd64
|
|
23
|
-
expect(OneGadget::Helper.architecture(__FILE__)).to be :unknown
|
|
24
|
-
end
|
|
25
|
-
end
|
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
require 'one_gadget'
|
|
2
|
-
|
|
3
|
-
describe 'one_gadget' do
|
|
4
|
-
before(:each) do
|
|
5
|
-
@build_id = '60131540dadc6796cab33388349e6e4e68692053'
|
|
6
|
-
@libcpath = File.join(File.dirname(__FILE__), 'data', 'libc-2.19-cf699a15caae64f50311fc4655b86dc39a479789.so')
|
|
7
|
-
end
|
|
8
|
-
|
|
9
|
-
it 'from file' do
|
|
10
|
-
expect(OneGadget.gadgets(file: @libcpath)).to eq [0x4647c, 0xe5765, 0xe66bd]
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
describe 'from build id' do
|
|
14
|
-
it 'normal' do
|
|
15
|
-
# only check not empty because the gadgets might add frequently.
|
|
16
|
-
expect(OneGadget.gadgets(build_id: @build_id)).not_to be_empty
|
|
17
|
-
end
|
|
18
|
-
|
|
19
|
-
it 'invalid' do
|
|
20
|
-
expect { OneGadget.gadgets(build_id: '^_^') }.to raise_error(ArgumentError, 'invalid BuildID format: "^_^"')
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
it 'fetch from remote' do
|
|
24
|
-
entry = OneGadget::Gadget::ClassMethods::BUILDS.delete(@build_id)
|
|
25
|
-
OneGadget::Gadget::ClassMethods::BUILDS[:a] = 1
|
|
26
|
-
expect(OneGadget.gadgets(build_id: @build_id)).not_to be_empty
|
|
27
|
-
OneGadget::Gadget::ClassMethods::BUILDS.delete(:a)
|
|
28
|
-
OneGadget::Gadget::ClassMethods::BUILDS[@build_id] = entry unless entry.nil?
|
|
29
|
-
end
|
|
30
|
-
end
|
|
31
|
-
end
|
|
@@ -1,24 +0,0 @@
|
|
|
1
|
-
require 'one_gadget'
|
|
2
|
-
|
|
3
|
-
describe 'one_gadget' do
|
|
4
|
-
before(:each) do
|
|
5
|
-
@build_id = '926eb99d49cab2e5622af38ab07395f5b32035e9'
|
|
6
|
-
@libcpath19 = File.join(File.dirname(__FILE__), 'data', 'libc-2.19-fd51b20e670e9a9f60dc3b06dc9761fb08c9358b.so')
|
|
7
|
-
@libcpath23 = File.join(File.dirname(__FILE__), 'data', 'libc-2.23-926eb99d49cab2e5622af38ab07395f5b32035e9.so')
|
|
8
|
-
end
|
|
9
|
-
|
|
10
|
-
it 'from file libc-2.19' do
|
|
11
|
-
expect(OneGadget.gadgets(file: @libcpath19, force_file: true)).to eq [0x3fd27, 0x64c60, 0x1244a6]
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
it 'from file libc-2.23' do
|
|
15
|
-
expect(OneGadget.gadgets(file: @libcpath23, force_file: true)).to eq [0x3ac69, 0x5fbbe, 0x12036c]
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
describe 'from build id' do
|
|
19
|
-
it 'normal' do
|
|
20
|
-
# only check not empty because the gadgets might add frequently.
|
|
21
|
-
expect(OneGadget.gadgets(build_id: @build_id)).not_to be_empty
|
|
22
|
-
end
|
|
23
|
-
end
|
|
24
|
-
end
|
data/spec/spec_helper.rb
DELETED