{ "info": { "author": "szk3y", "author_email": "d4tt423@gmail.com", "bugtrack_url": null, "classifiers": [ "License :: OSI Approved :: MIT License", "Operating System :: OS Independent", "Programming Language :: Python :: 2", "Programming Language :: Python :: 3" ], "description": "# one-gadget-lib\n[![Build Status](https://travis-ci.org/szk3y/one-gadget-lib.svg?branch=master)](https://travis-ci.org/szk3y/one-gadget-lib)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n\nOne-gadget is code that invokes \"/bin/sh\" without any arguments, so all you need is jump to its address.\nThis library provides the function to find offset to one-gadget in libc.\n\nOne-gadget-lib works with both python2 and python3.\n\n## Install\n```\npip install one_gadget\n```\n\nor\n\n```\npip3 install one_gadget\n```\n\n## Dependencies\n- capstone\n- pyelftools\n\nHowever, you don't have to install them explicitly.\n\n## Usage\n\n```python\nfrom one_gadget import generate_one_gadget\n\npath_to_libc = '/lib/x86_64-linux-gnu/libc.so.6'\n\nfor offset in generate_one_gadget(path_to_libc):\n print(offset)\n```\n\n## Future works\n- Support ARM\n- Support complex case like this:\n```\n 45216: 48 8d 35 43 13 38 00 lea rsi,[rip+0x381343] # 3c6560 <__abort_msg@@GLIBC_PRIVATE+0x980>\n 4521d: 31 d2 xor edx,edx\n 4521f: bf 02 00 00 00 mov edi,0x2\n 45224: 48 89 5c 24 40 mov QWORD PTR [rsp+0x40],rbx\n 45229: 48 c7 44 24 48 00 00 mov QWORD PTR [rsp+0x48],0x0\n 45230: 00 00\n 45232: 48 89 44 24 30 mov QWORD PTR [rsp+0x30],rax\n 45237: 48 8d 05 16 7b 14 00 lea rax,[rip+0x147b16] # 18cd54 <_libc_intl_domainname@@GLIBC_2.2.5+0x194>\n 4523e: 48 89 44 24 38 mov QWORD PTR [rsp+0x38],rax\n 45243: e8 a8 04 ff ff call 356f0 <__sigaction@@GLIBC_2.2.5>\n 45248: 48 8d 35 71 12 38 00 lea rsi,[rip+0x381271] # 3c64c0 <__abort_msg@@GLIBC_PRIVATE+0x8e0>\n 4524f: 31 d2 xor edx,edx\n 45251: bf 03 00 00 00 mov edi,0x3\n 45256: e8 95 04 ff ff call 356f0 <__sigaction@@GLIBC_2.2.5>\n 4525b: 31 d2 xor edx,edx\n 4525d: 4c 89 e6 mov rsi,r12\n 45260: bf 02 00 00 00 mov edi,0x2\n 45265: e8 b6 04 ff ff call 35720 \n 4526a: 48 8b 05 47 ec 37 00 mov rax,QWORD PTR [rip+0x37ec47] # 3c3eb8 <_IO_file_jumps@@GLIBC_2.2.5+0x7d8>\n 45271: 48 8d 3d df 7a 14 00 lea rdi,[rip+0x147adf] # 18cd57 <_libc_intl_domainname@@GLIBC_2.2.5+0x197>\n 45278: 48 8d 74 24 30 lea rsi,[rsp+0x30]\n 4527d: c7 05 19 12 38 00 00 mov DWORD PTR [rip+0x381219],0x0 # 3c64a0 <__abort_msg@@GLIBC_PRIVATE+0x8c0>\n 45284: 00 00 00\n 45287: c7 05 13 12 38 00 00 mov DWORD PTR [rip+0x381213],0x0 # 3c64a4 <__abort_msg@@GLIBC_PRIVATE+0x8c4>\n 4528e: 00 00 00\n 45291: 48 8b 10 mov rdx,QWORD PTR [rax]\n 45294: e8 d7 74 08 00 call cc770 \n\n```\n\n## Reference\n- [one_gadget](https://github.com/david942j/one_gadget)\n- [The one-gadget in glibc](https://david942j.blogspot.com/2017/02/project-one-gadget-in-glibc.html) (blog post by the author of [one_gadget](https://github.com/david942j/one_gadget))\n\n\n", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/szk3y/one-gadget-lib", "keywords": "", "license": "", "maintainer": "", "maintainer_email": "", "name": "one-gadget", "package_url": "https://pypi.org/project/one-gadget/", "platform": "", "project_url": "https://pypi.org/project/one-gadget/", "project_urls": { "Homepage": "https://github.com/szk3y/one-gadget-lib" }, "release_url": "https://pypi.org/project/one-gadget/1.1.0/", "requires_dist": [ "capstone", "pyelftools" ], "requires_python": "", "summary": "A python library to find one-gadget", "version": "1.1.0" }, "last_serial": 4853887, "releases": { "1.0.6": [ { "comment_text": "", "digests": { "md5": "2e19a0a53f72f2dee91892328e0e6e18", "sha256": "70c072c3094833cf55459bba9c36270412a245494241bb54335ee776133f9014" }, "downloads": -1, "filename": "one_gadget-1.0.6-py3-none-any.whl", "has_sig": false, "md5_digest": "2e19a0a53f72f2dee91892328e0e6e18", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 5630, "upload_time": "2018-08-04T06:05:54", "url": "https://files.pythonhosted.org/packages/3e/dd/7fdf07bcf60abd8c23c5413166b27c79dee61c611d54e0002e4743ccf2c9/one_gadget-1.0.6-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "f088b150dae8c79611385e4079922c97", "sha256": "be0fae4b9f26542328a91dcffb81f35dc51ed1ae2897152db28bd297fbfb1a8d" }, "downloads": -1, "filename": "one_gadget-1.0.6.tar.gz", "has_sig": false, "md5_digest": "f088b150dae8c79611385e4079922c97", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5519, "upload_time": "2018-08-04T06:05:55", "url": "https://files.pythonhosted.org/packages/ba/41/701860ff6cfe61dd43593ca324b9a79ca087f86201b53acf897e198b411d/one_gadget-1.0.6.tar.gz" } ], "1.1.0": [ { "comment_text": "", "digests": { "md5": "56c1a84ee2f77535fa740b6f329434eb", "sha256": "9a71167f902c2555ba9e7d5378f16fbd389a1f17df3e41027f4bd7eb545c93ee" }, "downloads": -1, "filename": "one_gadget-1.1.0-py3-none-any.whl", "has_sig": false, "md5_digest": "56c1a84ee2f77535fa740b6f329434eb", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 5925, "upload_time": "2019-02-22T10:19:59", "url": "https://files.pythonhosted.org/packages/e4/08/068918e4bfddf2c8c403e5594fab6210b90aac63e6e45a358555c656983b/one_gadget-1.1.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "6e93b09aeee9ea1b54b0b8f698688829", "sha256": "dc4be6bef7214c2686a1d0b35293862cad8cc4e82ae3192bed555181924f1977" }, "downloads": -1, "filename": "one_gadget-1.1.0.tar.gz", "has_sig": false, "md5_digest": "6e93b09aeee9ea1b54b0b8f698688829", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5815, "upload_time": "2019-02-22T10:20:00", "url": "https://files.pythonhosted.org/packages/45/51/562df4586938592869dd825bec99fe83283657876395300fe4adc9087939/one_gadget-1.1.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "56c1a84ee2f77535fa740b6f329434eb", "sha256": "9a71167f902c2555ba9e7d5378f16fbd389a1f17df3e41027f4bd7eb545c93ee" }, "downloads": -1, "filename": "one_gadget-1.1.0-py3-none-any.whl", "has_sig": false, "md5_digest": "56c1a84ee2f77535fa740b6f329434eb", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 5925, "upload_time": "2019-02-22T10:19:59", "url": "https://files.pythonhosted.org/packages/e4/08/068918e4bfddf2c8c403e5594fab6210b90aac63e6e45a358555c656983b/one_gadget-1.1.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "6e93b09aeee9ea1b54b0b8f698688829", "sha256": "dc4be6bef7214c2686a1d0b35293862cad8cc4e82ae3192bed555181924f1977" }, "downloads": -1, "filename": "one_gadget-1.1.0.tar.gz", "has_sig": false, "md5_digest": "6e93b09aeee9ea1b54b0b8f698688829", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5815, "upload_time": "2019-02-22T10:20:00", "url": "https://files.pythonhosted.org/packages/45/51/562df4586938592869dd825bec99fe83283657876395300fe4adc9087939/one_gadget-1.1.0.tar.gz" } ] }