Last active
December 10, 2024 08:46
-
-
Save TheFlash2k/218f3ea76609acb814be674c33b84d2c to your computer and use it in GitHub Desktop.
a small utility to quickly find useful pop, syscall and ret gadgets to cater speed .
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| [[ -z "$1" ]] && (echo -e "No binary specified.\nUsage: $0 <binary>" && exit 1) | |
| OUT_FILE="$1_gadgets.txt" | |
| [[ ! -f $OUT_FILE ]] && (ROPgadget --multibr --binary $1 > "$OUT_FILE" && echo "[*] Gadgets stored in $OUT_FILE") | |
| found="$( cat "$OUT_FILE" | grep \ | |
| -ie '.* : pop ... ; ret$' \ | |
| -ie '.* : ret$' \ | |
| -ie '.* : syscall$' \ | |
| -ie '.* : syscall ; ret$' \ | |
| -ie '.* : pop rdx ; pop .* ; ret$' \ | |
| -ie '.* : xor ..., ... ; syscall$' \ | |
| | tr -d ' ' | tr $'\n' ' ')" | |
| _base=`[[ "$1" == *"libc"* ]] && echo "libc" || echo "elf"` | |
| for ln in $found; do | |
| # 0x0000000000400773:poprdi;ret | |
| # :[0] => addr, :[1].split(';')[0].upper() => var | |
| addr=`echo $ln | cut -d ':' -f1` | |
| var=`echo $ln | cut -d ':' -f2 | tr ';' '_'` | |
| echo "${var^^} = $_base.address + $addr" | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment