forked from nickcano/findlibc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path__main__.py
56 lines (48 loc) · 1.34 KB
/
__main__.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
from . import find
from parse import *
from pwn import *
import sys
def main():
# get list of symbols
log.info('Enter one symbol per line. Blank line to finish. Format <name addr>:')
symbols = {}
while True:
line = raw_input(" [?] ").strip()
if (len(line) == 0):
break
name, addr = parse("{} {}", line)
symbols[name] = int(addr[2:], 16) if (addr.startswith("0x")) else int(addr, 10)
if (len(symbols.items()) == 0):
log.failure('No symbols entered!')
return
# many outputs or first output?
log.info("")
many = (pwnlib.ui.options('Matches to return', ['first', 'all'], 0) == 1)
log.info('You chose: %s' % ('all' if many else 'first'))
# architectures to check
log.info("")
arches = ['any', 'amd64', 'i386', 'arm', 'aarch64', 'mips', 'ia64']
arch = arches[pwnlib.ui.options('Which arch', arches, 1)]
log.info('You chose: %s' % arch)
# identify
try:
results = find(symbols, many, arch)
except:
log.failure(sys.exc_info()[1])
return
# show results
if (results is None):
return
if (not many):
results = [results]
for libc, filepath in results:
log.success("libc candidate: %s" % filepath)
binshs = list(libc.search("/bin/sh"))
if (len(binshs) > 0):
log.indented("/bin/sh should be at offset 0x%08x" % binshs[0])
if __name__ == "__main__":
try:
while True:
main()
except KeyboardInterrupt:
log.info("Bye!")