diff options
| author | dusoleil <howcansocksbereal@gmail.com> | 2022-03-12 21:22:36 -0500 | 
|---|---|---|
| committer | dusoleil <howcansocksbereal@gmail.com> | 2022-03-13 23:27:30 -0400 | 
| commit | 6bc9c69c534447ecec79ae551d8f6b3e50c71eba (patch) | |
| tree | 14e25a35e9328d187c31bdb58527a4e28874c9fd | |
| parent | 8897faa7387f8103df9dfdb54149d59bfde0e681 (diff) | |
| download | nsploit-6bc9c69c534447ecec79ae551d8f6b3e50c71eba.tar.gz nsploit-6bc9c69c534447ecec79ae551d8f6b3e50c71eba.zip | |
sploit: add status logging to rev module
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
| -rw-r--r-- | sploit/rev/ldd.py | 2 | ||||
| -rw-r--r-- | sploit/rev/r2.py | 11 | 
2 files changed, 13 insertions, 0 deletions
| diff --git a/sploit/rev/ldd.py b/sploit/rev/ldd.py index d162207..1a28c7c 100644 --- a/sploit/rev/ldd.py +++ b/sploit/rev/ldd.py @@ -1,9 +1,11 @@  from sploit.util import run_cmd_cached +from sploit.log import ilog  import re  from collections import namedtuple as nt  def get_libraries(elf): +    ilog(f'Retrieving linked libraries of {elf} with ldd...')      out = run_cmd_cached(['ldd',elf])      out = [re.split(r'\s+',lib)[1:] for lib in out]      Lib = nt("Lib", "name path addr") diff --git a/sploit/rev/r2.py b/sploit/rev/r2.py index c7a8a65..ffa6dd4 100644 --- a/sploit/rev/r2.py +++ b/sploit/rev/r2.py @@ -1,6 +1,7 @@  from sploit.mem import Symtbl  from sploit.arch import arch  from sploit.util import run_cmd_cached +from sploit.log import ilog  import re  from collections import namedtuple as nt @@ -9,7 +10,9 @@ def run_cmd(binary,cmd):      return run_cmd_cached(['r2','-q','-c',cmd,'-e','scr.color=false',binary])  def get_elf_symbols(elf): +    ilog(f'Retrieving symbols of {elf} with r2...')      out = {} +      cmd_syms = 'is'      out_syms = run_cmd(elf,cmd_syms)      out_syms = [re.split(r'\s+',sym) for sym in out_syms][4:] @@ -39,6 +42,8 @@ def get_elf_symbols(elf):      return Symtbl(**out)  def get_locals(binary,func): +    ilog(f'Retrieving local stack frame of {func} in {binary} with r2...') +      addr = hex(func)      cmd_locals = f's {func};af;aafr;aaft;afvf'      out = run_cmd(binary,cmd_locals) @@ -47,6 +52,8 @@ def get_locals(binary,func):      return Symtbl(**out)  def ret_gadget(binary): +    ilog(f'Searching for a ret gadget in {binary} with r2...') +      cmd_ret = '/R/ ret~ret'      out = run_cmd(binary,cmd_ret)      out = out[0] @@ -55,6 +62,8 @@ def ret_gadget(binary):      return int(out,0)  def rop_gadget(binary,gad): +    ilog(f'Searching for "{gad}" gadgets in {binary} with r2...') +      cmd_gad = f'"/R/q {gad}"'      out = run_cmd(binary,cmd_gad)      Gad = nt("Gad", "addr asm") @@ -68,6 +77,8 @@ def rop_gadget_exact(binary,gad):              return g  def get_call_returns(binary,xref_from,xref_to): +    ilog(f'Getting return addresses of calls from {xref_from} to {xref_to} in {binary} with r2...') +      cmd_xrefs = f's {hex(xref_from)};af;axq'      xrefs = run_cmd(binary,cmd_xrefs)      xrefs = [re.split(r'\s+',x) for x in xrefs] | 
