ROPSHELL 
ropshell> use 9ee1a1aa1bbd6bf8d7f3a90c0ea5d135 (download)
name         : libc.so.6 (x86_64/ELF)
base address : 0x28700
total gadgets: 16847

ropshell> suggest "stack pivoting"
> 0x0005a120 : mov rsp, rdx; ret
> 0x0003653a : xchg eax, esp; ret
> 0x0005a121 : mov esp, edx; ret
> 0x0008a201 : mov esp, eax; mov rax, r12; pop r12; ret
> 0x000e9163 : lea rsp, [rbp - 0x10]; pop r12; pop r13; pop rbp; ret
> 0x0016dd74 : xchg esp, edi; jmp [rsi + 0xf]
> 0x00171662 : xchg esp, ebp; jmp [rsi + 0x66]
> 0x000e9164 : lea esp, [rbp - 0x10]; pop r12; pop r13; pop rbp; ret
> 0x00042317 : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x001a6799 : movsxd rsp, edi; clc ; jmp [rsi + 0x66]
> 0x0008a211 : mov esp, ebp; pop rbx; pop rbp; mov rax, r12; pop r12; ret
> 0x000722b0 : movsxd rsp, esp; mov rdx, r12; call [r13 + 0x38]
> 0x0011dc6f : lea rsp, [ebp - 0x18]; mov eax, r12d; pop rbx; pop r12; pop r13; pop rbp; ret
> 0x0015fab5 : mov esp, esp; lea rsi, [rsp + 8]; call [rax]
> 0x00043804 : lea esp, [rcx + rax]; mov r13, rax; mov rdi, r12; call rbx
> 0x0015d030 : push rax; pop rsp; lea rsi, [rax + 0x48]; mov rax, [rdi + 8]; jmp [rax + 0x18]
> 0x0015f4e0 : lea esp, [rax + 0x23b0]; xor esi, esi; mov [rax + 0x23b0], 1; mov rax, [rax + 0x23b8]; mov rdi, r12; call [rax + 0x28]
> 0x0004da83 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact