admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-25 02:43:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Finished extraction of stack return address

Browse Source
This commit is contained in:
h3xduck
2022-03-17 13:18:19 -04:00
parent 671e2d671d
commit 9647972531
11 changed files with 9562 additions and 3155 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
src/helpers/.gdb_history
View File

@@ -2,3 +2,40 @@ disass main
checksec bof
checksec
quit
disass test_time_values_injection
disass test_time_values_injection+74
b test_time_values_injection+74
b test_time_values_injection + 74
b *(test_time_values_injection + 74)
r
si
si
si
si
q
b timerfd_settime
r
context
q
disass test_time_values_injection
b *(test_time_values_injection +74)
r
si
si
q
b test_time_values_injection +74
b (test_time_values_injection +74)
b *(test_time_values_injection +74)
r
si
display/i $pc
si
si
si
q
disass test_time_values_injection
b *(test_time_values_injection +116)
r
si
si
q

2
src/helpers/Makefile
View File

@@ -12,7 +12,7 @@ execve_hijack.o: execve_hijack.c $(HEADERS)
clang -g -c execve_hijack.c
execve_hijack: execve_hijack.o lib/libRawTCP_Lib.a
clang -lm -g -o execve_hijack execve_hijack.o -ldl -L. lib/libRawTCP_Lib.a
clang -lm -g -fno-plt -o execve_hijack execve_hijack.o -ldl -L. lib/libRawTCP_Lib.a
clean:
-rm -f execve_hijack.o

BIN
src/helpers/execve_hijack
View File

Binary file not shown.

4
src/helpers/execve_hijack.c
View File

@@ -29,7 +29,8 @@ int test_time_values_injection(){
struct timespec now;
uint64_t exp, tot_exp;
ssize_t s;
fd = timerfd_create(CLOCK_REALTIME, 0);
if (fd == -1)
return -1;
@@ -39,6 +40,7 @@ int test_time_values_injection(){
if (timerfd_settime(fd, TFD_TIMER_ABSTIME, &new_value, NULL) == -1)
return -1;
printf("Timer %i started, address sent %llx\n", fd, (__u64)&new_value);

BIN
src/helpers/execve_hijack.o
View File

Binary file not shown.

2
src/helpers/peda-session-execve_hijack.txt Normal file
View File

@@ -0,0 +1,2 @@
break *(test_time_values_injection +116)