mirror of
https://github.com/HackTricks-wiki/hacktricks.git
synced 2025-10-10 18:36:50 +00:00
21 lines
1.0 KiB
Markdown
21 lines
1.0 KiB
Markdown
# One Gadget
|
|
|
|
{{#include ../../banners/hacktricks-training.md}}
|
|
|
|
## Basic Information
|
|
|
|
[**One Gadget**](https://github.com/david942j/one_gadget) inaruhusu kupata shell badala ya kutumia **system** na **"/bin/sh". One Gadget** itapata ndani ya maktaba ya libc njia fulani ya kupata shell (`execve("/bin/sh")`) kwa kutumia tu **anwani** moja.\
|
|
Hata hivyo, kawaida kuna baadhi ya vizuizi, ambavyo ni vya kawaida na rahisi kuepukwa kama `[rsp+0x30] == NULL` Kwa kuwa unadhibiti thamani ndani ya **RSP** unahitaji tu kutuma thamani zaidi za NULL ili kuepuka kizuizi hicho.
|
|
|
|
.png>)
|
|
```python
|
|
ONE_GADGET = libc.address + 0x4526a
|
|
rop2 = base + p64(ONE_GADGET) + "\x00"*100
|
|
```
|
|
Ili kufikia anwani iliyoonyeshwa na One Gadget unahitaji **kuongeza anwani ya msingi ambapo `libc`** imepakiwa.
|
|
|
|
> [!TIP]
|
|
> One Gadget ni **msaada mzuri kwa mbinu za Arbitrary Write 2 Exec** na inaweza **kurahisisha minyororo ya ROP** kwani unahitaji tu kuita anwani moja (na kutimiza mahitaji).
|
|
|
|
{{#include ../../banners/hacktricks-training.md}}
|