This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import subprocess | |
import sys | |
from packaging.version import Version | |
def main(argv): | |
if len(argv) != 2: | |
print(f"usage: {argv[0]} <elf>") | |
sys.exit(1) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import sys | |
import subprocess | |
import tempfile | |
import struct | |
def get_modversions(module): | |
with tempfile.NamedTemporaryFile("rb") as tf: | |
subprocess.check_call(["objcopy", "-O", "binary", "--only-section=__versions", module, tf.name]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import subprocess | |
import binascii | |
import tempfile | |
def dis(s): | |
if not isinstance(s, bytes): | |
s = binascii.unhexlify(s.replace(" ", "").strip()) | |
with tempfile.NamedTemporaryFile("wb") as f: | |
f.write(s) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ socat file:`tty`,raw,echo=0,escape=0xc tcp:10.0.2.3:9999,connect-timeout=0.5 | |
MicroPython v1.12-165-g7f2a08834-dirty on 2020-12-07; Linux version 4.15.0-72-generic with x86_64 | |
Type "help()" for more information. | |
>>> | |
>>> | |
>>> | |
>>> | |
>>> 5 + 5 | |
10 | |
>>> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from struct_access import container_of, partial_struct | |
from kernel_ffi import current | |
task_struct = partial_struct("task_struct") | |
p = task_struct(current()) | |
# p.<TAB> | |
from struct_access import dump_struct |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from kernel_ffi import KP_ARGS_MODIFY, callback, current, ftrace, kprobe | |
# create struct casters | |
tcphdr = partial_struct("tcphdr") | |
sk_buff = partial_struct("sk_buff") | |
net_protocol_s = partial_struct("net_protocol") | |
def swap16(n): | |
n = n & 0xffff |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from kernel_ffi import callback, current, str as s | |
task_struct = partial_struct("task_struct") | |
file_operations = partial_struct("file_operations") | |
real_urandom_read = urandom_read | |
no_random_progs = ["ssh-keygen"] | |
def my_urandom_read(filp, buf, count, ppos): | |
# technically should take task lock for 'comm' but meh. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This patches dropbear server to allow passwordless root logins, without checking /etc/passwd | |
and others. Useful if you just want to run dropbear and don't have a fully configured filesystem | |
with users. | |
diff -ruN dropbear-2019.78/common-session.c dropbear-2019.78_auto_root/common-session.c | |
--- dropbear-2019.78/common-session.c 2019-03-27 16:15:23.000000000 +0200 | |
+++ dropbear-2019.78_auto_root/common-session.c 2019-12-30 12:08:49.051546574 +0200 | |
@@ -616,15 +616,13 @@ | |
if (ses.authstate.pw_passwd) | |
m_free(ses.authstate.pw_passwd); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import sys | |
import subprocess | |
import tempfile | |
def get_modinfo(module): | |
with tempfile.NamedTemporaryFile("r") as tf: | |
subprocess.check_call(["objcopy", "-O", "binary", "--only-section=.modinfo", module, tf.name]) | |
modinfo = tf.read() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from kernel_ffi import kprobe, KP_ARGS_WATCH, str as s | |
from struct_access import partial_struct | |
filename = partial_struct("filename") | |
def do_filp_open_hook(dfd, fn): # don't have to receive all args if you don't need | |
print("do_filp_open: fd {} name {!r}".format(dfd, s(int(filename(fn).name)))) | |
kp = kprobe("do_filp_open", KP_ARGS_WATCH, do_filp_open_hook) |
NewerOlder