RubyGems - one_gadget - Versions diffs - 1.3.0 → 1.3.1 - Mend

one_gadget 1.3.0 → 1.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/README.md +6 -1
data/lib/one_gadget/builds/libc-2.23-60131540dadc6796cab33388349e6e4e68692053.rb +3 -0
data/lib/one_gadget/emulators/x86.rb +12 -1
data/lib/one_gadget/fetchers/amd64.rb +7 -2
data/lib/one_gadget/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3cc62d276055fdb8dc5a968da82d417248f07d4b
-  data.tar.gz: 9b102faa2884dfb094e2c8b4a1df5f32fb7f5eaf
+  metadata.gz: ee18c2057ce192dccd5652685097b181099130ea
+  data.tar.gz: 289b4547cb6ce787d3f97198ea91d90cba29f2cf
 SHA512:
-  metadata.gz: b86e5a6ad42af54af86358385aab99a43d3f04aeb5ce8303c68d0fcb15d3c06c3d916bb477cd067bb5fb504c0c4da1479f68aa56eea7742ff4996d0362c91c0b
-  data.tar.gz: 8a55837472e55ff34c52c74521f7c8358720055ed0aa6f7912563d4c1ad169aba3c6305c2480e43e576adb0df887f3b6fbdf9edba186b83d567b97e2fb9f8f50
+  metadata.gz: 75beaaf9a5a2b7c46547086ddc1642d7145eaccc1de87ba6f8ccc142e3f567ff37657650ef40a5fc86f96380738133b19952ab0996ff08f435f4d9c09302e712
+  data.tar.gz: 436a67c199ba743df17989749a21b203e0761357b92e22eece757b4d8c920a625097db0817dbda2fddd2b6928b44142190e5a95ca05e6327b75e23e4041fd7eb

data/README.md CHANGED Viewed

@@ -58,6 +58,11 @@ one_gadget -b 60131540dadc6796cab33388349e6e4e68692053
 #   rcx == NULL || [rcx] == NULL
 #   r12 == NULL || [r12] == NULL
 #
+# 0xcc618 execve("/bin/sh", rax, r12)
+# constraints:
+#   rax == NULL || [rax] == NULL
+#   r12 == NULL || [r12] == NULL
+#
 # 0xf5b10 execve("/bin/sh", rcx, [rbp-0xf8])
 # constraints:
 #   [rbp-0xf8] == NULL || [[rbp-0xf8]] == NULL
@@ -95,7 +100,7 @@ one_gadget ./spec/data/libc-2.19.so -s 'echo "offset ->"'
 ```ruby
 require 'one_gadget'
 OneGadget.gadgets(file: '/lib/x86_64-linux-gnu/libc.so.6')
-# => [283242, 980676, 984423, 836931, 1006352]
+# => [283242, 980676, 984423, 836931, 837144, 1006352]
 ```
 ## Screenshots

data/lib/one_gadget/builds/libc-2.23-60131540dadc6796cab33388349e6e4e68692053.rb CHANGED Viewed

@@ -11,6 +11,9 @@ OneGadget::Gadget.add(build_id, 0xf0567, constraints: ['[rsp+0x70] == NULL'],
 OneGadget::Gadget.add(build_id, 0xcc543, constraints: ['rcx == NULL || [rcx] == NULL',
                                                        'r12 == NULL || [r12] == NULL'],
                                          effect: 'execve("/bin/sh", rcx, r12)')
+OneGadget::Gadget.add(build_id, 0xcc618, constraints: ['rax == NULL || [rax] == NULL',
+                                                       'r12 == NULL || [r12] == NULL'],
+                                         effect: 'execve("/bin/sh", rax, r12)')
 OneGadget::Gadget.add(build_id, 0xf5b10, constraints: ['[rbp-0xf8] == NULL || [[rbp-0xf8]] == NULL',
                                                        'rcx == NULL || [rcx] == NULL'],
                                          effect: 'execve("/bin/sh", rcx, [rbp-0xf8])')

data/lib/one_gadget/emulators/x86.rb CHANGED Viewed

@@ -21,10 +21,11 @@ module OneGadget
       end
       # Process one command.
+      # Will raise exceptions when encounter unhandled instruction.
       # @param [String] cmd
       #   One line from result of objdump.
       # @return [void]
-      def process(cmd)
+      def process!(cmd)
         inst, args = parse(cmd)
         return registers[pc] = args[0] if inst.inst == 'call'
         return if inst.inst == 'jmp' # believe the fetcher has handled jmp.
@@ -32,6 +33,16 @@ module OneGadget
         send(sym, *args)
       end
+      # Process one command, without raising any exceptions.
+      # @param [String] cmd
+      #   See {#process!} for more information.
+      # @return [void]
+      def process(cmd)
+        process!(cmd)
+      rescue ArgumentError
+        nil
+      end
       # Support instruction set.
       # @return [Array<Instruction>] The support instructions.
       def instructions

data/lib/one_gadget/fetchers/amd64.rb CHANGED Viewed

@@ -28,13 +28,16 @@ module OneGadget
         end
         # find gadgets in form:
         #   lea rdi, '/bin/sh'
+        #   ...
         #   jmp xxx
         # xxx:
         #   ...
         #   call execve
-        cands2 = `#{objdump_cmd}|egrep 'rdi.*# #{bin_sh_hex}' -A 1`.split('--').map do |cand|
+        cands2 = `#{objdump_cmd}|egrep 'rdi.*# #{bin_sh_hex}' -A 3`.split('--').map do |cand|
           cand = cand.lines.map(&:strip).reject(&:empty?)
-          next nil unless cand.last.include?('jmp')
+          jmp_at = cand.index { |c| c.include?('jmp') }
+          next nil if jmp_at.nil?
+          cand = cand[0..jmp_at]
           jmp_addr = cand.last.scan(/jmp\s+([\da-f]+)\s/)[0][0].to_i(16)
           dump = `#{objdump_cmd(start: jmp_addr, stop: jmp_addr + 100)}|egrep '[0-9a-f]+:'`
           remain = dump.lines.map(&:strip).reject(&:empty?)
@@ -45,6 +48,8 @@ module OneGadget
       end
       def resolve(processor)
+        # must end with execve
+        return unless processor.registers['rip'].to_s.include?('execve')
         # check rdi should always related to rip
         return unless processor.registers['rdi'].to_s.include?('rip')
         # rsi or [rsi] should be zero

data/lib/one_gadget/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module OneGadget
-  VERSION = '1.3.0'.freeze
+  VERSION = '1.3.1'.freeze
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: one_gadget
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.3.1
 platform: ruby
 authors:
 - david942j
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-02-20 00:00:00.000000000 Z
+date: 2017-02-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec