rubypwn 0.0.13 → 0.0.14

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 15594288c94490fa55f43adba1741c7dd28bf10b
-  data.tar.gz: 2364bc322529d57c70afc4faade693b370412c59
+  metadata.gz: 56dfcaaf8da767fa6ba74aeeb8a084c59360fd97
+  data.tar.gz: 926d50b640796244b8857703f2fd9889f7e5121d
 SHA512:
-  metadata.gz: aef042a4a901d751da43015b676549f110a0af22bf39ac749d9126898fff4050806477d9fd6a9190c55b5f5b8c033b03ddc92665b69e99a0c2d935d2bf4bfaa0
-  data.tar.gz: ad8b17b64561fbb11d64f44c4e4f3da599b649e5b0b7842e452fb5a71b0662f0fbd04e6303d196261f40ed1b450b16bdf43f4fcb0eaa67fd982c9c73ee90baf9
+  metadata.gz: a4290e96160d31ed4380972a057cc008bbe4332731c6e065e8686fd03e5f435ac809115dcdbd59710149cde3781f5feb9452192b0ed25b182cf3807042e2fd79
+  data.tar.gz: bc7791e99a6806d6079ad961520a8406f66956bee8ea6f9f994c626f81a0a1866481b44fd8779ce4e4ce544c5d4bcbf36d5890633e6ebb177f9f8be628529b5d

data/bin/patch_alarm

@@ -15,6 +15,7 @@ e = Elf.new filename
 off_dynstr = e.sections[".dynstr"]["offset"]
 size = e.sections[".dynstr"]["size"]
 
+# append .patch as new filename
 new_filename = filename + ".patch"
 
 binary = File.read(filename).force_encoding("binary")
@@ -28,6 +29,8 @@ if not off_alarm.nil?
     File.open(new_filename, "w") do |fh|
         fh.write binary
     end
+
+    # remember to set executable for user
     FileUtils.chmod "a+x", new_filename
     puts "Done."
 else

data/docs/source/elf.rst

@@ -36,30 +36,35 @@ Used to get some constant value from the binary::
        "__sigsetjmp"=>134521268,
        "exit"=>134521272},
      @sections=
-      {""=>{"offset"=>0, "flag"=>"r--"},
-       ".interp"=>{"offset"=>134512948, "flag"=>"r--"},
-       ".note.ABI-tag"=>{"offset"=>134512968, "flag"=>"r--"},
-       ".hash"=>{"offset"=>134513000, "flag"=>"r--"},
-       ".dynsym"=>{"offset"=>134513160, "flag"=>"r--"},
-       ".dynstr"=>{"offset"=>134513496, "flag"=>"r--"},
-       ".gnu.version"=>{"offset"=>134513728, "flag"=>"r--"},
-       ".gnu.version_r"=>{"offset"=>134513772, "flag"=>"r--"},
-       ".rel.dyn"=>{"offset"=>134513820, "flag"=>"r--"},
-       ".rel.plt"=>{"offset"=>134513844, "flag"=>"r--"},
-       ".init"=>{"offset"=>134513980, "flag"=>"r-x"},
-       ".plt"=>{"offset"=>134514028, "flag"=>"r-x"},
-       ".text"=>{"offset"=>134514320, "flag"=>"r-x"},
-       ".fini"=>{"offset"=>134515932, "flag"=>"r-x"},
-       ".rodata"=>{"offset"=>134515960, "flag"=>"r--"},
-       ".eh_frame_hdr"=>{"offset"=>134516408, "flag"=>"r--"},
-       ".eh_frame"=>{"offset"=>134516508, "flag"=>"r--"},
-       ".ctors"=>{"offset"=>134520972, "flag"=>"rw-"},
-       ".dtors"=>{"offset"=>134520980, "flag"=>"rw-"},
-       ".jcr"=>{"offset"=>134520988, "flag"=>"rw-"},
-       ".dynamic"=>{"offset"=>134520992, "flag"=>"rw-"},
-       ".got"=>{"offset"=>134521192, "flag"=>"rw-"},
-       ".got.plt"=>{"offset"=>134521196, "flag"=>"rw-"},
-       ".data"=>{"offset"=>134521276, "flag"=>"rw-"},
-       ".bss"=>{"offset"=>134521312, "flag"=>"rw-"},
-       ".comment"=>{"offset"=>0, "flag"=>"r--"},
-       ".shstrtab"=>{"offset"=>0, "flag"=>"r--"}}>
+      {""=>{"addr"=>0, "offset"=>0, "size"=>0, "flag"=>"r--"},
+       ".interp"=>{"addr"=>134512948, "offset"=>308, "size"=>19, "flag"=>"r--"},
+       ".note.ABI-tag"=>
+        {"addr"=>134512968, "offset"=>328, "size"=>32, "flag"=>"r--"},
+       ".hash"=>{"addr"=>134513000, "offset"=>360, "size"=>160, "flag"=>"r--"},
+       ".dynsym"=>{"addr"=>134513160, "offset"=>520, "size"=>336, "flag"=>"r--"},
+       ".dynstr"=>{"addr"=>134513496, "offset"=>856, "size"=>232, "flag"=>"r--"},
+       ".gnu.version"=>
+        {"addr"=>134513728, "offset"=>1088, "size"=>42, "flag"=>"r--"},
+       ".gnu.version_r"=>
+        {"addr"=>134513772, "offset"=>1132, "size"=>48, "flag"=>"r--"},
+       ".rel.dyn"=>{"addr"=>134513820, "offset"=>1180, "size"=>24, "flag"=>"r--"},
+       ".rel.plt"=>{"addr"=>134513844, "offset"=>1204, "size"=>136, "flag"=>"r--"},
+       ".init"=>{"addr"=>134513980, "offset"=>1340, "size"=>48, "flag"=>"r-x"},
+       ".plt"=>{"addr"=>134514028, "offset"=>1388, "size"=>288, "flag"=>"r-x"},
+       ".text"=>{"addr"=>134514320, "offset"=>1680, "size"=>1612, "flag"=>"r-x"},
+       ".fini"=>{"addr"=>134515932, "offset"=>3292, "size"=>28, "flag"=>"r-x"},
+       ".rodata"=>{"addr"=>134515960, "offset"=>3320, "size"=>445, "flag"=>"r--"},
+       ".eh_frame_hdr"=>
+        {"addr"=>134516408, "offset"=>3768, "size"=>100, "flag"=>"r--"},
+       ".eh_frame"=>
+        {"addr"=>134516508, "offset"=>3868, "size"=>368, "flag"=>"r--"},
+       ".ctors"=>{"addr"=>134520972, "offset"=>4236, "size"=>8, "flag"=>"rw-"},
+       ".dtors"=>{"addr"=>134520980, "offset"=>4244, "size"=>8, "flag"=>"rw-"},
+       ".jcr"=>{"addr"=>134520988, "offset"=>4252, "size"=>4, "flag"=>"rw-"},
+       ".dynamic"=>{"addr"=>134520992, "offset"=>4256, "size"=>200, "flag"=>"rw-"},
+       ".got"=>{"addr"=>134521192, "offset"=>4456, "size"=>4, "flag"=>"rw-"},
+       ".got.plt"=>{"addr"=>134521196, "offset"=>4460, "size"=>80, "flag"=>"rw-"},
+       ".data"=>{"addr"=>134521276, "offset"=>4540, "size"=>8, "flag"=>"rw-"},
+       ".bss"=>{"addr"=>134521312, "offset"=>4548, "size"=>16812, "flag"=>"rw-"},
+       ".comment"=>{"addr"=>0, "offset"=>4548, "size"=>61, "flag"=>"r--"},
+       ".shstrtab"=>{"addr"=>0, "offset"=>4609, "size"=>213, "flag"=>"r--"}}>

data/docs/source/index.rst

@@ -26,6 +26,17 @@ All documented module in rubypwn.
    asm
    elf
 
+Executable Index
+-----------------
+
+All documented executable binary in rubypwn
+
+.. toctree::
+   :maxdepth: 1
+   :glob:
+
+   patch_alarm
+
 Indices and tables
 ==================
 

data/docs/source/patch_alarm.rst

@@ -0,0 +1,24 @@
+patch_alarm
+====================================
+
+Patch alarm() to isnan().
+
+How to use? ::
+    
+    $ cat test.c && make test
+    #include <unistd.h>
+    main() {
+        alarm(0);
+    }
+    cc     test.c   -o test
+
+    $ patch_alarm ./test
+    Done.
+
+    $ patch_alarm ./test.patch
+    No "alarm" found.
+
+    $ ltrace ./test.patch
+    __libc_start_main(0x40052d, 1, 0x7ffe3ca9a1b8, 0x400540 <unfinished ...>
+    isnan(0, 0x7ffe3ca9a1b8, 0x7ffe3ca9a1c8, 0)                                                      = 0
+    +++ exited (status 0) +++

data/lib/exec.rb

@@ -4,24 +4,24 @@ class Exec
     public
     def initialize(cmd)
         handle_exception
-        @@i, @@o, s = Open3.popen2(cmd)
+        @i, @o, s = Open3.popen2(cmd)
     end
 
     def read(size)
-        data = @@o.read size
+        data = @o.read size
         write_flush $stdout, data
         data
     end
 
     def readpartial(size)
-        data = @@o.readpartial size
+        data = @o.readpartial size
         write_flush $stdout, data
         data
     end
 
     def write(data)
         write_flush $stdout, data
-        write_flush @@i, data
+        write_flush @i, data
     end
 
     def puts(data)
@@ -35,7 +35,7 @@ class Exec
     def read_until(str)
         result = ""
         loop do
-            result << @@o.read(1)
+            result << @o.read(1)
             if result.end_with? str
                 write_flush $stdout, result
                 return result
@@ -45,11 +45,12 @@ class Exec
 
     def interactive
         loop do
-            r = IO.select [@@o, $stdin]
-            if r[0].include? @@o
+            fail "Server disconnected." if @o.eof?
+            r = IO.select [@o, $stdin]
+            if r[0].include? @o
                 read 1
             elsif r[0].include? $stdin
-                @@i.write $stdin.read(1)
+                @i.write $stdin.read(1)
             end
         end
     end

data/lib/rubypwn.rb

@@ -2,4 +2,5 @@ require_relative 'basic'
 require_relative 'asm'
 require_relative 'netcat'
 require_relative 'elf'
+require_relative 'string_ext'
 

data/lib/string_ext.rb

@@ -0,0 +1,52 @@
+class String
+    require 'pp'
+    def fmtstr(value, index, **options)
+        # initialize
+        bytes = 1
+        @fmt_size = 0 unless defined? @fmt_size
+        # set by user input
+        bytes = options[:bytes] if options.has_key? :bytes
+        @fmt_size = options[:fmt_size] if options.has_key? :fmt_size
+
+        fail "Invalid size." if bytes == 3 or bytes > 4 or bytes == 0
+
+        result = self
+        times = (value.size / bytes.to_f).ceil
+
+        times.times do
+            target = fmtstr_parse value, bytes
+            if (c = fmtstr_calc(@fmt_size, target, bytes)) > 0
+                result << "%#{c}c"
+                @fmt_size += c
+            end
+            result << "%#{index}$#{bytes == 4 ? "" : "h" * (3-bytes)}n"
+            index += 1
+            value = value[bytes..-1]
+        end
+
+        result
+    end
+
+    private
+    def fmtstr_calc(from, to, scale)
+        base = 256 ** scale
+
+        count = 0
+        count = to - (from % base)
+        count += base if count < 0
+        count
+    end
+
+    def fmtstr_parse(v, bytes)
+        result = 0
+        v = v.ljust bytes, "\x00"
+        if bytes == 1
+            result = v.unpack("C")[0]
+        elsif bytes == 2
+            result = v.unpack("S<")[0]
+        elsif bytes == 4
+            result = v.unpack("L<")[0]
+        end
+        result
+    end
+end

data/rubypwn.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name        = 'rubypwn'
-  s.version     = '0.0.13'
+  s.version     = '0.0.14'
   s.date        = '2015-09-09'
   s.summary     = "ruby pwn tools"
   s.description   = <<-DESCRIPTION.strip.gsub(/\s+/, " ")

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubypwn
 version: !ruby/object:Gem::Version
-  version: 0.0.13
+  version: 0.0.14
 platform: ruby
 authors:
 - atdog
@@ -111,12 +111,14 @@ files:
 - docs/source/elf.rst
 - docs/source/getting_started.rst
 - docs/source/index.rst
+- docs/source/patch_alarm.rst
 - lib/asm.rb
 - lib/basic.rb
 - lib/elf.rb
 - lib/exec.rb
 - lib/netcat.rb
 - lib/rubypwn.rb
+- lib/string_ext.rb
 - rubypwn.gemspec
 homepage: https://github.com/atdog/rubypwn/
 licenses: