jfoote / exploitable Goto Github PK
View Code? Open in Web Editor NEWThe 'exploitable' GDB plugin
License: Other
exploitable's People
Contributors
Stargazers
Watchers
Forkers
joshbressers fleas scdeny blaquee anestisb jordyn techvoltage d4nnyk idkwim shubham3063 rc0r tecknicaltom movingname tomasuh neilbryant cirosantilli x01vvd01x alexmgr bnagy flyboy9 tink2hack velocitystorm hodgesds hotelzululima lucabongiorni bahtiyarb-ef technet-24 c0de3 eunchong bshastry greg5678 somebody365 ababook gitcollect hackertool eteran solo-rey nimdakey vnclouds kcwu fatgrass dyjakan chubbymaggie triplekill thelongestusernameofall solertis cldrn enovella krodyx redteamcaliber benquike likebreath c002 sbahra houcy bet4it tacixat windhl sploitamos sireof fuzzamos 0xricksanchez anh-q labba fkie-cad rakhithjk attackgithub ma3k4h3d l9sk crackercat seabreg certcc modulexcite center1 pombredanne fxlb ahmadzuhd thinkycx asdyxcyxc mmg1 dhvssigrun f0829 zeta1999 swarupsro qutcoder timb-machine-mirrors threezerobravoteam dastan silentsoul04 mm0ck3r henices jackysun10 foreverowl yourbutterfly tin-z wlingze mrpineman 1flurry dtpeters hal3002exploitable's Issues
Distribution request
Would it be possible to tag the current master branch for release? I am a developer for the ArchAssault project and we would like to distribute this project.
Thanks
-m option doesn't work
I don't do python, but it looks like it was refactored incorrectly?
This:
if args.machine:
c.target = target
gdb.write(c.getMachineString(c))(in exploitable.py) "works" but it's probably better to fix up the __init__ in classifier.py
Also, there's a reference in getMachineString to result.append("PROCESSOR:{}".format(self.target.arch.upper())) # X86/X64/ARM/UNKNOWN that's broken but I didn't look into that, I just commented it out.
TBH the -v output is cleaner and more useful imho.
Add exploitability visualization
Now that the exploitable plugin and triage script are writing results to a JSON file, the triage script should support some visualization (or seamless integration with a visualization tool) of aggregate results.
PyPi package?
Given that it's a Python project and it introduces a new binary, perhaps it's a good idea to create a PyPi entry for it so that installation would be as easy as pip install exploitable?
Test against other (or specific) GDB versions in travis-ci
Need to update the travis-ci script to dpkg -i old versions of GDB and re-run the x86 tests against them. See also:
- GDB 7.4 for ubuntu 13 here: https://launchpad.net/ubuntu/precise/amd64/gdb/7.4-2012.04-0ubuntu2.1 (link is on that page)
- GDB 7.2 for ubuntu 13 (32-bit) here: https://launchpad.net/bilimbitest/angry/i386/gdb/7.2-1ubuntu11
Note that as-of this writing travis installs GDB 7.4 by default.
Add install script
I need to make a setup.py or similar so that integrating this plug into other tools (such as Peach fuzzer) is easier.
Does this work with lldb?
Any chance this can triage crashes with lldb, especially on OS X? Or is there something else out there that does?
Thanks for such an excellent project!
Travis-CI script is broken
The test script cannot access the private S3 bucket that contains the ARM compilers; I think I accidentally deleted the travis IAM role.
exploitable error
Hello
I get the following error:
Can you tell me why?
__main__:99: UserWarning: GDB v7.11 may not support required Python API
/home/wmmw/src/exploitable/exploitable/lib/classifier.py:198: UserWarning: Error while analyzing rule SegFaultOnPc (3/22): There is no member named _sifields.
Traceback (most recent call last):
File "/home/wmmw/src/exploitable/exploitable/lib/classifier.py", line 193, in getClassification
match = rule.matches()
File "/home/wmmw/src/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/wmmw/src/exploitable/exploitable/lib/analyzers/x86.py", line 96, in isSegFaultOnPcNotNearNull
return self.isSegFaultOnPc() and not self.isFaNearNull()
File "/home/wmmw/src/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/wmmw/src/exploitable/exploitable/lib/analyzers/x86.py", line 334, in isSegFaultOnPc
self.faultingAddress() == self.target.pc()
File "/home/wmmw/src/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/wmmw/src/exploitable/exploitable/lib/analyzers/x86.py", line 329, in faultingAddress
return self.target.si_addr()
File "/home/wmmw/src/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/wmmw/src/exploitable/exploitable/lib/gdb_wrapper/x86.py", line 572, in si_addr
str(gdb.parse_and_eval("$_siginfo._sifields._sigfault.si_addr"))
gdb.error: There is no member named _sifields.
rule.tag, e, traceback.format_exc()))
/home/wmmw/src/exploitable/exploitable/lib/classifier.py:198: UserWarning: Error while analyzing rule DestAv (8/22): There is no member named _sifields.
Traceback (most recent call last):
File "/home/wmmw/src/exploitable/exploitable/lib/classifier.py", line 193, in getClassification
match = rule.matches()
File "/home/wmmw/src/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/wmmw/src/exploitable/exploitable/lib/analyzers/x86.py", line 149, in isDestAvNotNearNull
return self.isDestAv() and not self.isFaNearNull()
File "/home/wmmw/src/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/wmmw/src/exploitable/exploitable/lib/analyzers/x86.py", line 342, in isDestAv
dest_op.eval() == self.faultingAddress()
File "/home/wmmw/src/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/wmmw/src/exploitable/exploitable/lib/analyzers/x86.py", line 329, in faultingAddress
return self.target.si_addr()
File "/home/wmmw/src/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/wmmw/src/exploitable/exploitable/lib/gdb_wrapper/x86.py", line 572, in si_addr
str(gdb.parse_and_eval("$_siginfo._sifields._sigfault.si_addr"))
gdb.error: There is no member named _sifields.
rule.tag, e, traceback.format_exc()))
/home/wmmw/src/exploitable/exploitable/lib/classifier.py:198: UserWarning: Error while analyzing rule SegFaultOnPcNearNull (12/22): There is no member named _sifields.
Traceback (most recent call last):
File "/home/wmmw/src/exploitable/exploitable/lib/classifier.py", line 193, in getClassification
match = rule.matches()
File "/home/wmmw/src/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/wmmw/src/exploitable/exploitable/lib/analyzers/x86.py", line 194, in isSegFaultOnPcNearNull
return self.isSegFaultOnPc() and self.isFaNearNull()
File "/home/wmmw/src/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/wmmw/src/exploitable/exploitable/lib/analyzers/x86.py", line 334, in isSegFaultOnPc
self.faultingAddress() == self.target.pc()
File "/home/wmmw/src/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/wmmw/src/exploitable/exploitable/lib/analyzers/x86.py", line 329, in faultingAddress
return self.target.si_addr()
File "/home/wmmw/src/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/wmmw/src/exploitable/exploitable/lib/gdb_wrapper/x86.py", line 572, in si_addr
str(gdb.parse_and_eval("$_siginfo._sifields._sigfault.si_addr"))
gdb.error: There is no member named _sifields.
rule.tag, e, traceback.format_exc()))
/home/wmmw/src/exploitable/exploitable/lib/classifier.py:198: UserWarning: Error while analyzing rule DestAvNearNull (15/22): There is no member named _sifields.
Traceback (most recent call last):
File "/home/wmmw/src/exploitable/exploitable/lib/classifier.py", line 193, in getClassification
match = rule.matches()
File "/home/wmmw/src/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/wmmw/src/exploitable/exploitable/lib/analyzers/x86.py", line 212, in isDestAvNearNull
return self.isDestAv() and self.isFaNearNull()
File "/home/wmmw/src/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/wmmw/src/exploitable/exploitable/lib/analyzers/x86.py", line 342, in isDestAv
dest_op.eval() == self.faultingAddress()
File "/home/wmmw/src/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/wmmw/src/exploitable/exploitable/lib/analyzers/x86.py", line 329, in faultingAddress
return self.target.si_addr()
File "/home/wmmw/src/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/wmmw/src/exploitable/exploitable/lib/gdb_wrapper/x86.py", line 572, in si_addr
str(gdb.parse_and_eval("$_siginfo._sifields._sigfault.si_addr"))
gdb.error: There is no member named _sifields.
rule.tag, e, traceback.format_exc()))
Description: Access violation
Short description: AccessViolation (21/22)
Exploitability Classification: UNKNOWN
Explanation: The target crashed due to an access violation but there is not enough additional information available to determine exploitability.
Exploitable may crash in non-English GDB
As @rc0r reported in #29, certain invocations of exploitable may crash when run under non-English GDB. He submitted a patch to fix the particular issue he ran into, but I'm leaving this issue open to motivate me to look for other occurrences and solve the issue systemically (including adding CI support).
travis-CI tests are broken due to changes in travis-CI, again
exploitable/tests/bin/testUncategorizedSignal.test
Traceback (most recent call last):
File "/home/travis/build/jfoote/exploitable/exploitable/exploitable.py", line 92, in <module>
import lib.arch as arch
File "/home/travis/build/jfoote/exploitable/exploitable/lib/arch.py", line 41, in <module>
from lib.gdb_wrapper.arm import ArmTarget
File "/home/travis/build/jfoote/exploitable/exploitable/lib/gdb_wrapper/arm.py", line 71, in <module>
from lib.gdb_wrapper.x86 import Target, Operand, Instruction
File "/home/travis/build/jfoote/exploitable/exploitable/lib/gdb_wrapper/x86.py", line 59, in <module>
import hashlib
File "/opt/python/2.7.9/lib/python2.7/hashlib.py", line 138, in <module>
_hashlib.openssl_md_meth_names)
Should probably wait a few days to see if this fixes itself. It could be a latent issue in my logic, or something I have no control over. Note that hashlib is used to generate backtrace hashes.
Int conversion error on GDB7.6/ubuntu-32bit
On
Linux cracker 3.11.0-12-generic #19-Ubuntu SMP Wed Oct 9 16:12:00 UTC 2013 i686 i686 i686 GNU/Linux
GNU gdb (GDB) 7.6.1-ubuntu
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-linux-gnu".
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/.
This happens:
++ pwd
-
PROJECT_DIR=/home/user0/exploitable
-
BUILD_DIR=/home/user0/exploitable/build
-
echo starting
starting -
[[ -z build ]]
-
for cmd in '$@'
-
build
-
mkdir -p /home/user0/exploitable/build
-
pushd /home/user0/exploitable/exploitable/tests
~/exploitable/exploitable/tests ~/exploitable -
make
Makefile:31: warning: overriding commands for targettestStackCodeExecution.test' Makefile:25: warning: ignoring old commands for targettestStackCodeExecution.test'
Makefile:35: warning: overriding commands for targettestStackBufferOverflow.test' Makefile:25: warning: ignoring old commands for targettestStackBufferOverflow.test'
Makefile:38: warning: overriding commands for targettestReturnAv.test' Makefile:25: warning: ignoring old commands for targettestReturnAv.test'
cc -o ./bin/testAbortSignal.test testAbortSignal.c
cc -o ./bin/testBadInstruction.test testBadInstruction.c
cc -o ./bin/testBenignSignal.test testBenignSignal.c
cc -o ./bin/testBlockMoveAv.test testBlockMoveAv.c
cc -o ./bin/testBranchAv.test testBranchAv.c
cc -o ./bin/testBranchAvNearNull.test testBranchAvNearNull.c
cc -o ./bin/testDestAv.test testDestAv.c
cc -o ./bin/testDestAvNearNull.test testDestAvNearNull.c
cc -o ./bin/testFloatingPointException.test testFloatingPointException.c
cc -o ./bin/testHeapError.test testHeapError.c
cc -o ./bin/testPossibleStackCorruption.test testPossibleStackCorruption.c
cc -fno-stack-protector -o ./bin/testReturnAv.test testReturnAv.c
cc -o ./bin/testSegFaultOnPc.test testSegFaultOnPc.c
cc -o ./bin/testSegFaultOnPcNearNull.test testSegFaultOnPcNearNull.c
cc -o ./bin/testSourceAv.test testSourceAv.c
cc -o ./bin/testSourceAvNearNull.test testSourceAvNearNull.c
cc -fstack-protector-all -o ./bin/testStackBufferOverflow.test testStackBufferOverflow.c
cc -o ./bin/testStackCodeExecution.test testStackCodeExecution.c
execstack -s ./bin/testStackCodeExecution.test
cc -o ./bin/testUncategorizedSignal.test testUncategorizedSignal.c -
popd
~/exploitable -
for cmd in '$@'
-
run_test
-
pushd /home/user0/exploitable
~/exploitable ~/exploitable
++ find exploitable/tests/bin -type f -
python3 triage.py -vo /home/user0/exploitable/build/result.json '$sub' exploitable/tests/bin/testStackBufferOverflow.test exploitable/tests/bin/testFloatingPointException.test exploitable/tests/bin/testDestAvNearNull.test exploitable/tests/bin/testBranchAv.test exploitable/tests/bin/testSegFaultOnPc.test exploitable/tests/bin/testStackCodeExecution.test exploitable/tests/bin/testBenignSignal.test exploitable/tests/bin/testSourceAv.test exploitable/tests/bin/testReturnAv.test exploitable/tests/bin/testBranchAvNearNull.test exploitable/tests/bin/testUncategorizedSignal.test exploitable/tests/bii
n/testBlockMoveAv.test exploitable/tests/bin/testBadInstruction.test exploitable/tests/bin/testHeapError.test exploitable/tests/bin/testSourceAvNearNull.test exploitable/tests/bin/testAbortSignal.test exploitable/tests/bin/testPossibleStackCorruption.test exploitable/tests/bin/testSegFaultOnPcNearNull.test exploitable/tests/bin/testDestAv.test
/usr/share/gdb/python/gdb/command/lib/classifier.py:248: UserWarning: Error while analyzing rule SegFaultOnPc (3/22): Python int too large to convert to C long
Traceback (most recent call last):
File "/usr/share/gdb/python/gdb/command/lib/classifier.py", line 243, in getClassification
match = rule.matches()
File "/usr/share/gdb/python/gdb/command/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/usr/share/gdb/python/gdb/command/lib/analyzers/x86.py", line 96, in isSegFaultOnPcNotNearNull
return self.isSegFaultOnPc() and not self.isFaNearNull()
File "/usr/share/gdb/python/gdb/command/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/usr/share/gdb/python/gdb/command/lib/analyzers/x86.py", line 333, in isSegFaultOnPc
self.faultingAddress() == self.target.pc()
OverflowError: Python int too large to convert to C longrule.tag, e, traceback.format_exc()))
/usr/share/gdb/python/gdb/command/lib/classifier.py:248: UserWarning: Error while analyzing rule SegFaultOnPcNearNull (12/22): Python int too large to convert to C long
Traceback (most recent call last):
File "/usr/share/gdb/python/gdb/command/lib/classifier.py", line 243, in getClassification
match = rule.matches()
File "/usr/share/gdb/python/gdb/command/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/usr/share/gdb/python/gdb/command/lib/analyzers/x86.py", line 193, in isSegFaultOnPcNearNull
return self.isSegFaultOnPc() and self.isFaNearNull()
File "/usr/share/gdb/python/gdb/command/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/usr/share/gdb/python/gdb/command/lib/analyzers/x86.py", line 333, in isSegFaultOnPc
self.faultingAddress() == self.target.pc()
OverflowError: Python int too large to convert to C longrule.tag, e, traceback.format_exc()))
/usr/share/gdb/python/gdb/command/lib/classifier.py:248: UserWarning: Error while analyzing rule SegFaultOnPc (3/22): Python int too large to convert to C long
Traceback (most recent call last):
File "/usr/share/gdb/python/gdb/command/lib/classifier.py", line 243, in getClassification
match = rule.matches()
File "/usr/share/gdb/python/gdb/command/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/usr/share/gdb/python/gdb/command/lib/analyzers/x86.py", line 96, in isSegFaultOnPcNotNearNull
return self.isSegFaultOnPc() and not self.isFaNearNull()
File "/usr/share/gdb/python/gdb/command/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/usr/share/gdb/python/gdb/command/lib/analyzers/x86.py", line 333, in isSegFaultOnPc
self.faultingAddress() == self.target.pc()
OverflowError: Python int too large to convert to C longrule.tag, e, traceback.format_exc()))
/usr/share/gdb/python/gdb/command/lib/classifier.py:248: UserWarning: Error while analyzing rule SegFaultOnPcNearNull (12/22): Python int too large to convert to C long
Traceback (most recent call last):
File "/usr/share/gdb/python/gdb/command/lib/classifier.py", line 243, in getClassification
match = rule.matches()
File "/usr/share/gdb/python/gdb/command/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/usr/share/gdb/python/gdb/command/lib/analyzers/x86.py", line 193, in isSegFaultOnPcNearNull
return self.isSegFaultOnPc() and self.isFaNearNull()
File "/usr/share/gdb/python/gdb/command/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/usr/share/gdb/python/gdb/command/lib/analyzers/x86.py", line 333, in isSegFaultOnPc
self.faultingAddress() == self.target.pc()
OverflowError: Python int too large to convert to C longrule.tag, e, traceback.format_exc()))
/usr/share/gdb/python/gdb/command/lib/classifier.py:248: UserWarning: Error while analyzing rule DestAv (8/22): Python int too large to convert to C long
Traceback (most recent call last):
File "/usr/share/gdb/python/gdb/command/lib/classifier.py", line 243, in getClassification
match = rule.matches()
File "/usr/share/gdb/python/gdb/command/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/usr/share/gdb/python/gdb/command/lib/analyzers/x86.py", line 149, in isDestAvNotNearNull
return self.isDestAv() and not self.isFaNearNull()
File "/usr/share/gdb/python/gdb/command/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/usr/share/gdb/python/gdb/command/lib/analyzers/x86.py", line 341, in isDestAv
dest_op.eval() == self.faultingAddress()
OverflowError: Python int too large to convert to C longrule.tag, e, traceback.format_exc()))
/usr/share/gdb/python/gdb/command/lib/classifier.py:248: UserWarning: Error while analyzing rule DestAvNearNull (15/22): Python int too large to convert to C long
Traceback (most recent call last):
File "/usr/share/gdb/python/gdb/command/lib/classifier.py", line 243, in getClassification
match = rule.matches()
File "/usr/share/gdb/python/gdb/command/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/usr/share/gdb/python/gdb/command/lib/analyzers/x86.py", line 211, in isDestAvNearNull
return self.isDestAv() and self.isFaNearNull()
File "/usr/share/gdb/python/gdb/command/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/usr/share/gdb/python/gdb/command/lib/analyzers/x86.py", line 341, in isDestAv
dest_op.eval() == self.faultingAddress()
OverflowError: Python int too large to convert to C longrule.tag, e, traceback.format_exc()))
(1/19) calling: gdb --batch -ex "source exploitable/exploitable.py" -ex run -ex "exploitable -p /tmp/triage.pkl" --args exploitable/tests/bin/testStackBufferOverflow.test
(2/19) calling: gdb --batch -ex "source exploitable/exploitable.py" -ex run -ex "exploitable -p /tmp/triage.pkl" --args exploitable/tests/bin/testFloatingPointException.test
(3/19) calling: gdb --batch -ex "source exploitable/exploitable.py" -ex run -ex "exploitable -p /tmp/triage.pkl" --args exploitable/tests/bin/testDestAvNearNull.test
(4/19) calling: gdb --batch -ex "source exploitable/exploitable.py" -ex run -ex "exploitable -p /tmp/triage.pkl" --args exploitable/tests/bin/testBranchAv.test
(5/19) calling: gdb --batch -ex "source exploitable/exploitable.py" -ex run -ex "exploitable -p /tmp/triage.pkl" --args exploitable/tests/bin/testSegFaultOnPc.test
(6/19) calling: gdb --batch -ex "source exploitable/exploitable.py" -ex run -ex "exploitable -p /tmp/triage.pkl" --args exploitable/tests/bin/testStackCodeExecution.test
(7/19) calling: gdb --batch -ex "source exploitable/exploitable.py" -ex run -ex "exploitable -p /tmp/triage.pkl" --args exploitable/tests/bin/testBenignSignal.test
(8/19) calling: gdb --batch -ex "source exploitable/exploitable.py" -ex run -ex "exploitable -p /tmp/triage.pkl" --args exploitable/tests/bin/testSourceAv.test
(9/19) calling: gdb --batch -ex "source exploitable/exploitable.py" -ex run -ex "exploitable -p /tmp/triage.pkl" --args exploitable/tests/bin/testReturnAv.test
(10/19) calling: gdb --batch -ex "source exploitable/exploitable.py" -ex run -ex "exploitable -p /tmp/triage.pkl" --args exploitable/tests/bin/testBranchAvNearNull.test
(11/19) calling: gdb --batch -ex "source exploitable/exploitable.py" -ex run -ex "exploitable -p /tmp/triage.pkl" --args exploitable/tests/bin/testUncategorizedSignal.test
(12/19) calling: gdb --batch -ex "source exploitable/exploitable.py" -ex run -ex "exploitable -p /tmp/triage.pkl" --args exploitable/tests/bin/testBlockMoveAv.test
(13/19) calling: gdb --batch -ex "source exploitable/exploitable.py" -ex run -ex "exploitable -p /tmp/triage.pkl" --args exploitable/tests/bin/testBadInstruction.test
(14/19) calling: gdb --batch -ex "source exploitable/exploitable.py" -ex run -ex "exploitable -p /tmp/triage.pkl" --args exploitable/tests/bin/testHeapError.test
(15/19) calling: gdb --batch -ex "source exploitable/exploitable.py" -ex run -ex "exploitable -p /tmp/triage.pkl" --args exploitable/tests/bin/testSourceAvNearNull.test
(16/19) calling: gdb --batch -ex "source exploitable/exploitable.py" -ex run -ex "exploitable -p /tmp/triage.pkl" --args exploitable/tests/bin/testAbortSignal.test
(17/19) calling: gdb --batch -ex "source exploitable/exploitable.py" -ex run -ex "exploitable -p /tmp/triage.pkl" --args exploitable/tests/bin/testPossibleStackCorruption.test
(18/19) calling: gdb --batch -ex "source exploitable/exploitable.py" -ex run -ex "exploitable -p /tmp/triage.pkl" --args exploitable/tests/bin/testSegFaultOnPcNearNull.test
(19/19) calling: gdb --batch -ex "source exploitable/exploitable.py" -ex run -ex "exploitable -p /tmp/triage.pkl" --args exploitable/tests/bin/testDestAv.test
EXPLOITABLE: StackCodeExection
exploitable/tests/bin/testStackCodeExecution.test (PossibleStackCorruption) (DestAv) (AccessViolation)
PROBABLY_EXPLOITABLE: BlockMoveAv
exploitable/tests/bin/testBlockMoveAv.test (DestAvNearNull) (SourceAvNearNull) (AccessViolation)
EXPLOITABLE: SegFaultOnPc
exploitable/tests/bin/testSegFaultOnPc.test (AccessViolation)
EXPLOITABLE: BranchAv
exploitable/tests/bin/testBranchAv.test (DestAv) (AccessViolation)
EXPLOITABLE: StackBufferOverflow
exploitable/tests/bin/testStackBufferOverflow.test (PossibleStackCorruption) (AbortSignal)
PROBABLY_EXPLOITABLE: BranchAvNearNull
exploitable/tests/bin/testBranchAvNearNull.test (DestAvNearNull) (AccessViolation)
EXPLOITABLE: PossibleStackCorruption
exploitable/tests/bin/testReturnAv.test (AccessViolation)
exploitable/tests/bin/testPossibleStackCorruption.test (AccessViolation)
EXPLOITABLE: DestAv
exploitable/tests/bin/testDestAv.test (AccessViolation)
EXPLOITABLE: BadInstruction
exploitable/tests/bin/testBadInstruction.test
PROBABLY_EXPLOITABLE: SegFaultOnPcNearNull
exploitable/tests/bin/testSegFaultOnPcNearNull.test (AccessViolation)
PROBABLY_EXPLOITABLE: DestAvNearNull
exploitable/tests/bin/testDestAvNearNull.test (AccessViolation)
PROBABLY_NOT_EXPLOITABLE: SourceAvNearNull
exploitable/tests/bin/testSourceAvNearNull.test (AccessViolation)
PROBABLY_NOT_EXPLOITABLE: FloatingPointException
exploitable/tests/bin/testFloatingPointException.test
PROBABLY_NOT_EXPLOITABLE: BenignSignal
exploitable/tests/bin/testBenignSignal.test
UNKNOWN: SourceAv
exploitable/tests/bin/testSourceAv.test (AccessViolation)
UNKNOWN: AbortSignal
exploitable/tests/bin/testHeapError.test
exploitable/tests/bin/testAbortSignal.test
UNKNOWN: UncategorizedSignal
exploitable/tests/bin/testUncategorizedSignal.test
- popd
~/exploitable - python3 -c 'import json, sys; from triage import *; sys.exit(sorted(filter(lambda x: x[1], json.load(open('''/home/user0/exploitable/build/result.json''')))) != sorted(filter(lambda x: x[1], json.load(open('''/home/user0/exploitable/test/x86-expected.json''')))))'
Target path is /usr/share/gdb/python/gdb/command
testing for x86, for ARM and more args, see scripts in test/ dir
test/x86.sh build run_test clean
Traceback (most recent call last):
File "setup.py", line 68, in
run("test/x86.sh build run_test clean")
File "setup.py", line 30, in run
subprocess.check_call(shlex.split(cmd))
File "/usr/lib/python2.7/subprocess.py", line 540, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['test/x86.sh', 'build', 'run_test', 'clean']' returned non-zero exit status 1
Support for Python 3.x
Hi,
Just wondering if yo have on mind porting it to Python 3.X as it's the default for GDB in Debian based distros (like Ubuntu).
Thanks!
gdb 7.12 This script must be run in GDB: ', 'No module named gdb
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/.
Find the GDB manual and other documentation resources online at:
http://www.gnu.org/software/gdb/documentation/.
For help, type "help".
Type "apropos word" to search for commands related to "word".
(gdb) source /usr/local/lib/python2.7/dist-packages/exploitable-1.32-py2.7.egg/exploitable/exploitable.py
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/exploitable-1.32-py2.7.egg/exploitable/exploitable.py", line 65, in
raise ImportError("This script must be run in GDB: ", str(e))
ImportError: ('This script must be run in GDB: ', 'No module named gdb')
H
``
Add per-test-case checking
I need to modify the integration tests such that they support checking individual test cases (via the exploitable plugin) rather than all of the test cases for a given platform (via triage.py). This will make contributing test cases easier, and thus mandating that all bug fixes, feature adds, etc. come with test cases less cumbersome for contributors.
Clarify license
There are three or four (at least) different licenses and copyrights here, in files that all depend on one another.
gdb.error: There is no member named _sifields. When running exploitable even though it exists.
Hi!
I wrote a map fuzzer for this: https://github.com/SwagSoftware/Kisak-Strike and found a couple of crashes.
When I try to use exploitable to analyze them I am getting these errors.
`GNU gdb (Ubuntu 9.2-0ubuntu1~20.04.1) 9.2
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/.
Find the GDB manual and other documentation resources online at:
http://www.gnu.org/software/gdb/documentation/.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./bspfuzz...
(gdb) r test.bsp master01.bsp 27015 < outputs/master01/crashes/id:000000,sig:11,src:000001,time:41812685,execs:3059647,op:havoc,rep:4
Starting program: /home/cyberhacker/Finalcsgo/game/bspfuzz test.bsp master01.bsp 27015 < outputs/master01/crashes/id:000000,sig:11,src:000001,time:41812685,execs:3059647,op:havoc,rep:4
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
dedicated.so loaded at 0x7ffff77ec000
engine.so loaded at 0x7ffff5de1000
Reading from /home/cyberhacker/Finalcsgo/game/test.bsp
[New Thread 0x7ffff5525700 (LWP 522991)]
#Module /home/cyberhacker/Finalcsgo/game/bin/linux64/stdshader_dbg failed to load! Error: ((null))
#Module stdshader_dbg failed to load! Error: ((null))
#Console initialized.
#Loading VPK file hashes for pure server operation.
#Loading VPK file hashes for pure server operation.
#Loading VPK file hashes for pure server operation.
#Module /home/cyberhacker/Finalcsgo/game/csgo/bin/matchmaking_ds_client.so failed to load! Error: ((null))
#Module /home/cyberhacker/Finalcsgo/game/csgo/bin/server_valve failed to load! Error: ((null))
#Module /home/cyberhacker/Finalcsgo/game/csgo/bin/linux64/server_valve failed to load! Error: ((null))
#Module /home/cyberhacker/Finalcsgo/game/bin/csgo/bin/server_valve failed to load! Error: ((null))
#Module /home/cyberhacker/Finalcsgo/game/bin/csgo/bin/linux64/server_valve failed to load! Error: ((null))
#Module server_valve failed to load! Error: ((null))
#Module /home/cyberhacker/Finalcsgo/game/csgo/bin/server failed to load! Error: ((null))
#Game.dll loaded for "Counter-Strike: Global Offensive"
#CGameEventManager::AddListener: event 'server_pre_shutdown' unknown.
#CGameEventManager::AddListener: event 'game_newmap' unknown.
#CGameEventManager::AddListener: event 'finale_start' unknown.
#CGameEventManager::AddListener: event 'round_start' unknown.
#CGameEventManager::AddListener: event 'round_end' unknown.
#CGameEventManager::AddListener: event 'difficulty_changed' unknown.
#CGameEventManager::AddListener: event 'player_connect' unknown.
#CGameEventManager::AddListener: event 'player_disconnect' unknown.
#GameTypes: missing mapgroupsSP entry for game type/mode (custom/custom).
#GameTypes: missing mapgroupsSP entry for game type/mode (cooperative/cooperative).
#GameTypes: missing mapgroupsSP entry for game type/mode (cooperative/coopmission).
Failed to load gamerulescvars.txt, game rules cvars might not be reported to management tools.
Server is hibernating
[S_API] SteamAPI_Init(): SteamAPI_IsSteamRunning() did not locate a running instance of Steam.
[S_API] SteamAPI_Init(): Loaded '/home/cyberhacker/.local/share/Steam/linux64/steamclient.so' OK.
[S_API FAIL] SteamAPI_Init() failed; create pipe failed.Particles: Missing 'particles/money_fx.pcf'
No web api auth key specified - workshop downloads will be disabled.
maxplayers set to 64
Unknown command "cl_bobamt_vert"
Unknown command "cl_bobamt_lat"
Unknown command "cl_bob_lower_amt"
Unknown command "cl_viewmodel_shift_left_amt"
Unknown command "cl_viewmodel_shift_right_amt"
Unknown command "cl_teamid_overhead"
Unknown command "cl_teamid_overhead_maxdist"
[Detaching after vfork from child process 522992]
[New Thread 0x7fffe2f6b700 (LWP 522994)]
[New Thread 0x7fffe2e6a700 (LWP 522995)]
---- Host_NewGame ----
Entering the loop bullshit....
Starting the loop.
Waiting for user input:
Got user input from terminal. Time to try to load the thing:
Thread 1 "bspfuzz" received signal SIGSEGV, Segmentation fault.
CollisionBSPData_LoadTextures (pBSPData=0x7ffff72323e0 <g_BSPData>)
at /home/cyberhacker/Finalcsgo/Kisak-Strike/engine/cmodel_bsp.cpp:352
352 out->name = &pBSPData->map_texturenames[index];
(gdb) source /home/cyberhacker/crashwalkshit/exploitable/exploitable/exploitable.py
(gdb) exploitable -v
/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/classifier.py:197: UserWarning: Error while analyzing rule SegFaultOnPc (3/22): There is no member named _sifields.
Traceback (most recent call last):
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/classifier.py", line 193, in getClassification
match = rule.matches()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/analyzers/x86.py", line 96, in isSegFaultOnPcNotNearNull
return self.isSegFaultOnPc() and not self.isFaNearNull()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/analyzers/x86.py", line 334, in isSegFaultOnPc
self.faultingAddress() == self.target.pc()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/analyzers/x86.py", line 329, in faultingAddress
return self.target.si_addr()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/gdb_wrapper/x86.py", line 572, in si_addr
str(gdb.parse_and_eval("$_siginfo._sifields._sigfault.si_addr"))
gdb.error: There is no member named _sifields.
warnings.warn("Error while analyzing rule {}: {}\n{}".format(
/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/classifier.py:197: UserWarning: Error while analyzing rule SegFaultOnPcNearNull (12/22): There is no member named _sifields.
Traceback (most recent call last):
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/classifier.py", line 193, in getClassification
match = rule.matches()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/analyzers/x86.py", line 194, in isSegFaultOnPcNearNull
return self.isSegFaultOnPc() and self.isFaNearNull()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/analyzers/x86.py", line 334, in isSegFaultOnPc
self.faultingAddress() == self.target.pc()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/analyzers/x86.py", line 329, in faultingAddress
return self.target.si_addr()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/gdb_wrapper/x86.py", line 572, in si_addr
str(gdb.parse_and_eval("$_siginfo._sifields._sigfault.si_addr"))
gdb.error: There is no member named _sifields.
warnings.warn("Error while analyzing rule {}: {}\n{}".format(
/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/classifier.py:197: UserWarning: Error while analyzing rule SourceAvNearNull (16/22): There is no member named _sifields.
Traceback (most recent call last):
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/classifier.py", line 193, in getClassification
match = rule.matches()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/analyzers/x86.py", line 237, in isSourceAvNearNull
return self.isSourceAv() and self.isFaNearNull()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/analyzers/x86.py", line 350, in isSourceAv
source_op.eval() == self.faultingAddress()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/analyzers/x86.py", line 329, in faultingAddress
return self.target.si_addr()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/gdb_wrapper/x86.py", line 572, in si_addr
str(gdb.parse_and_eval("$_siginfo._sifields._sigfault.si_addr"))
gdb.error: There is no member named _sifields.
warnings.warn("Error while analyzing rule {}: {}\n{}".format(
/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/classifier.py:197: UserWarning: Error while analyzing rule SourceAv (19/22): There is no member named _sifields.
Traceback (most recent call last):
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/classifier.py", line 193, in getClassification
match = rule.matches()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/analyzers/x86.py", line 226, in isSourceAvNotNearNull
return self.isSourceAv() and not self.isFaNearNull()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/analyzers/x86.py", line 350, in isSourceAv
source_op.eval() == self.faultingAddress()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/analyzers/x86.py", line 329, in faultingAddress
return self.target.si_addr()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/gdb_wrapper/x86.py", line 572, in si_addr
str(gdb.parse_and_eval("$_siginfo._sifields._sigfault.si_addr"))
gdb.error: There is no member named _sifields.
warnings.warn("Error while analyzing rule {}: {}\n{}".format(
'exploitable' version 1.32
Linux cyberhacker-h8-1131sc 5.4.0-135-generic #152-Ubuntu SMP Wed Nov 23 20:19:22 UTC 2022 x86_64
Python Exception <class 'gdb.error'> There is no member named _sifields.:
Error occurred in Python: There is no member named _sifields.`
I do not know why this happens.
When I run p $_siginfo in the debugger i get this output:
(gdb) p $_siginfo $1 = {si_signo = 11, si_errno = 0, si_code = 1, _sifields = {_pad = {0 <repeats 28 times>}, _kill = {si_pid = 0, si_uid = 0}, _timer = {si_tid = 0, si_overrun = 0, si_sigval = {sival_int = 0, sival_ptr = 0x0}}, _rt = { si_pid = 0, si_uid = 0, si_sigval = {sival_int = 0, sival_ptr = 0x0}}, _sigchld = {si_pid = 0, si_uid = 0, si_status = 0, si_utime = 0, si_stime = 0}, _sigfault = {si_addr = 0x0, _addr_lsb = 0, _addr_bnd = { _lower = 0x0, _upper = 0x0}}, _sigpoll = {si_band = 0, si_fd = 0}}}
also this command returns this:
(gdb) p $_siginfo._sifields._sigfault $9 = {si_addr = 0x0, _addr_lsb = 0, _addr_bnd = {_lower = 0x0, _upper = 0x0}}
but when I try to access the si_addr element I get the error:
(gdb) p $_siginfo._sifields._sigfault.si_addr There is no member named _sifields.
However this does not make sense. When I try to run the same commands in another binary it works perfectly:
(gdb) p $_siginfo._sifields._sigfault $3 = {si_addr = 0x0, _addr_lsb = 0, _addr_bnd = {_lower = 0x0, _upper = 0x0}} (gdb) p $_siginfo._sifields._sigfault.si_addr $4 = (void *) 0x0
The application I am trying to fuzz is multithreaded but I do not think that it has that much of an effect in this case.
pyenv virtualenv not detected
Folks,
Looks like you're not properly detecting being inside a pyenv virtual environment. It does not have the same sys attribute that you're checking for. It does have a few environmental variables that get set:
- PYENV_VIRTUAL_INIT=1
- VIRTUAL_ENV=/blerg
- PYENV_VIRTUAL_ENV=/blerg
Lack of opcode support can lead to inaccurate classification
In many cases the exploitable plugin doesn't examine the opcode of the faulting instruction, which can lead to misleading results. For example, if an access violation occurs on a generally innocuous instruction like a CMP, this is (accurately) identified as as Write Access Violation, but it is inaccurately classified as EXPLOITABLE.
Tests failed
I got this error when i try to python2 setup.py test?How to fix it
`running test
testing for x86, for ARM and more args, see scripts in test/ dir
test/x86.sh build run_test clean
++ pwd
- PROJECT_DIR=/home/porlock/rhg/exploitable-master
- BUILD_DIR=/home/porlock/rhg/exploitable-master/build
- echo starting
starting - [[ -z build ]]
- for cmd in $@
- build
- mkdir -p /home/porlock/rhg/exploitable-master/build
- pushd /home/porlock/rhg/exploitable-master/exploitable/tests
~/rhg/exploitable-master/exploitable/tests ~/rhg/exploitable-master - make
Makefile:31: warning: overriding recipe for target 'testStackCodeExecution.test'
Makefile:25: warning: ignoring old recipe for target 'testStackCodeExecution.test'
Makefile:35: warning: overriding recipe for target 'testStackBufferOverflow.test'
Makefile:25: warning: ignoring old recipe for target 'testStackBufferOverflow.test'
Makefile:38: warning: overriding recipe for target 'testReturnAv.test'
Makefile:25: warning: ignoring old recipe for target 'testReturnAv.test'
cc -fstack-protector-all -o ./bin/testStackBufferOverflow.test testStackBufferOverflow.c
cc -o ./bin/testBlockMoveAv.test testBlockMoveAv.c
cc -fno-stack-protector -o ./bin/testReturnAv.test testReturnAv.c
cc -o ./bin/testSourceAv.test testSourceAv.c
cc -o ./bin/testAbortSignal.test testAbortSignal.c
cc -o ./bin/testDestAv.test testDestAv.c
cc -o ./bin/testBranchAv.test testBranchAv.c
cc -o ./bin/testFloatingPointException.test testFloatingPointException.c
cc -o ./bin/testBenignSignal.test testBenignSignal.c
cc -o ./bin/testHeapError.test testHeapError.c
cc -o ./bin/testSourceAvNearNull.test testSourceAvNearNull.c
cc -o ./bin/testSegFaultOnPc.test testSegFaultOnPc.c
cc -o ./bin/testDestAvNearNull.test testDestAvNearNull.c
cc -o ./bin/testBranchAvNearNull.test testBranchAvNearNull.c
cc -o ./bin/testUncategorizedSignal.test testUncategorizedSignal.c
cc -o ./bin/testPossibleStackCorruption.test testPossibleStackCorruption.c
cc -o ./bin/testStackCodeExecution.test testStackCodeExecution.c
execstack -s ./bin/testStackCodeExecution.test
cc -o ./bin/testBadInstruction.test testBadInstruction.c
cc -o ./bin/testSegFaultOnPcNearNull.test testSegFaultOnPcNearNull.c
cc -o ./bin/testDeepStack.test testDeepStack.c - popd
~/rhg/exploitable-master - for cmd in $@
- run_test
- pushd /home/porlock/rhg/exploitable-master
~/rhg/exploitable-master ~/rhg/exploitable-master
++ pwd - export PYTHONPATH=:/home/porlock/rhg/exploitable-master/exploitable
- PYTHONPATH=:/home/porlock/rhg/exploitable-master/exploitable
- failed=
- set +e
- set +x
verbose script debugging disabled
testSourceAv.test: result=SourceAv expected=[u'SourceAv']
testStackBufferOverflow.test: result=PossibleStackCorruption expected=[u'StackBufferOverflow']
testSourceAvNearNull.test: result=SourceAvNearNull expected=[u'SourceAvNearNull']
testBenignSignal.test: result=BenignSignal expected=[u'BenignSignal']
testUncategorizedSignal.test: result=UncategorizedSignal expected=[u'UncategorizedSignal']
testDeepStack.test: result=BranchAv expected=[u'PossibleStackCorruption', u'BranchAv']
testBlockMoveAv.test: result=BlockMoveAv expected=[u'BlockMoveAv']
testPossibleStackCorruption.test: result=PossibleStackCorruption expected=[u'PossibleStackCorruption']
testSegFaultOnPcNearNull.test: result=SegFaultOnPcNearNull expected=[u'SegFaultOnPcNearNull']
testAbortSignal.test: result=AbortSignal expected=[u'AbortSignal']
testBranchAv.test: result=BranchAv expected=[u'BranchAv']
testDestAv.test: result=DestAv expected=[u'DestAv']
testReturnAv.test: result=SegFaultOnPc expected=[u'SegFaultOnPc']
testDestAvNearNull.test: result=DestAvNearNull expected=[u'DestAvNearNull']
testBadInstruction.test: result=BadInstruction expected=[u'BadInstruction']
Traceback (most recent call last):
File "", line 1, in
File "/usr/lib/python2.7/pickle.py", line 1384, in load
return Unpickler(file).load()
File "/usr/lib/python2.7/pickle.py", line 864, in load
dispatchkey
File "/usr/lib/python2.7/pickle.py", line 886, in load_eof
raise EOFError
EOFError
testHeapError.test:
testStackCodeExecution.test: result=StackCodeExecution expected=[u'StackCodeExecution']
testBranchAvNearNull.test: result=BranchAvNearNull expected=[u'BranchAvNearNull']
testSegFaultOnPc.test: result=SegFaultOnPc expected=[u'SegFaultOnPc']
testFloatingPointException.test: result=FloatingPointException expected=[u'FloatingPointException']
~/rhg/exploitable-master
TESTS FAILED:
exploitable/tests/bin/testStackBufferOverflow.test:
result=PossibleStackCorruption expected=[u'StackBufferOverflow']
cmd=gdb --batch -ex "source exploitable/exploitable.py" -ex run -ex "exploitable -v -p /home/porlock/rhg/exploitable-master/build/triage.pkl" --args exploitable/tests/bin/testStackBufferOverflow.test
exploitable/tests/bin/testHeapError.test:
cmd=gdb --batch -ex "source exploitable/exploitable.py" -ex run -ex "exploitable -v -p /home/porlock/rhg/exploitable-master/build/triage.pkl" --args exploitable/tests/bin/testHeapError.test
Tests failed, exiting.
done
`
small typo on the readme
"It has not been has not been exhaustively tested" should be "It has not been exhaustively tested". :)
Crash in non-english gdb
I recently ran into the following:
(gdb) exploitable
ERROR:root:'NoneType' object has no attribute 'group'
Traceback (most recent call last):
File "exploitable/exploitable.py", line 209, in invoke
target = arch.getTarget(args.asan_log, args.backtrace_limit)
File "exploitable/lib/arch.py", line 80, in getTarget
arch = Target._re_gdb_arch.search(str(gdb.execute("show architecture", False, True))).group(1)
AttributeError: 'NoneType' object has no attribute 'group'
Python Exception <class 'AttributeError'> 'NoneType' object has no attribute 'group':
Error occurred in Python command: 'NoneType' object has no attribute 'group'
This happens, when the output of show architecture is not in English.
I do have a quick-fix for this, that modifies some of the parsing regexes by simply
substituting currently with \w+.
If you like I could prepare a PR for this (possibly including the changes for #28, if we agree on a solution).
Add a sanity limit to stack backtraces
I don't think anyone needs to see 60k stack frames, and it takes forever. I capped it conservatively at 1000 by adding
if i > 1000:
breakto the end of lib/gdb_wrapper/x86.py in __init__ for Backtrace, which is horribly hacky but I don't the python.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.