-
Notifications
You must be signed in to change notification settings - Fork 7
/
ropchain.py
30 lines (29 loc) · 995 Bytes
/
ropchain.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
import os, sys
import random
import time
# open the target binary
target_binary = open("/usr/bin/grep","r")
# initiate global variables
rop_gadgets = list()
# define the fuzzing function
def fuzz_target(target_binary):
# collect all the rop gadgets
for line in target_binary:
if "ropgadget" in line:
rop_gadgets.append(line)
# begin fuzzing the target
while len(rop_gadgets) > 0:
# select a random gadget in rop_gadgets
target_gadget = random.choice(rop_gadgets)
# execute the fuzzing process
os.system(f"ROPgadget --binary {target_binary} --gadget {target_gadget}")
# remove used gadget from rop_gadgets
rop_gadgets.remove(target_gadget)
# exploitation function
def exploit_target(target_binary):
# compile rop chain to enable the code execution
os.system(f"ROPchain --binary {target_binary}")
# main
if __name__ == "__main__":
fuzz_target(target_binary)
exploit_target(target_binary)