Skip to content

3.5.0
Compare
Choose a tag to compare
@TethysSvensson TethysSvensson released this 26 Mar 20:19
· 1456 commits to dev since this release
3.5.0
5545681

3.5.0

  • b584ca3 Fixed an issue running setup.py on ARM
  • #822 Enabled relative leaks with MemLeak
    • This should be useful for e.g. heap-relative leaks
  • #832 Changed all internal imports to use absolute imports (no functional changes)
  • a12d0b6 Move STDOUT, PIPE, PTY constants to globals
    • process(..., stdin=process.PTY) --> process(..., stdin=PTY)
  • #828 Use PR_SET_PTRACER for all process() and ssh.process() instances
    • This simplifies debugging on systems with YAMA ptrace enabled
  • Various documentation enhancements
    • In particular, the gdb, elf, and ssh docs are much better
  • #833 Performance enhancements for adb module
  • d0267f3 packing.fit() now treats large offsets as cyclic patterns (e.g. 0x61616161 behaves the same as "aaaa")
  • #835 Added ssh.checksec
    • Reports the kernel version and other relevant information on connection
  • #857 Slightly shortened execve shellcode
  • 300f8e0 Slightly speed up processing of large ELF files
  • #861 Adds support for extracting IKCONFIG configs from Linux kernel images, and extends checksec to report on any insecure configurations discovered
  • #871 Moves all of the basic syscall templates to shellcraft/common and exposes them via symlinks. Closed #685
    • Should not have any visible effects from any documented APIs
    • shellcraft.arch.os.syscall_function() still works the same
    • We now have the ability to differentiate between the connect syscall, and a TCP connect helper
  • #887 sh_string now returns a quoted empty string '' rather than just an empty string
  • #839 Exposes a huge amount of functionality via corefiles which was not previously availble. See the docs for examples.
    • process().corefile will automatically instantiate a Corefile for the process
    • QEMU-emulated processes are supported
    • Native processes are supported, including extraction of coredumps from apport crash logs
    • Native processes can be dumped while running, in a manner similar to GDB's gcore script
  • #875 Added documentation (and tests) for AArch64 shellcode
  • #882 The ROP class now respects context.bytes instead of using the hard-coded value of 4 (fixed #879)
  • #869 Added several fields to the process class (uid, gid, suid, sgid) which are recorded at execution time, based on the file permissions
  • #868 Changed the way that ssh.process() works internally, and it now returns a more specialized class, ssh_process.
    • Added ssh_process.corefile for fetching remote corefiles
    • Added ssh_process.ELF for getting an ELF of the remote executable
    • The uid, gid, and suid, and sgid which are recorded at execution time, based on the file permissions
  • #865 Fixes ELF.read to support contiguous memory reads across non-contiguous file-backed segments
  • #862 Adds a symlink= argument to ssh.set_working_directory, which will automatically symlink all of the files in the "old" working directory into the "new" working directory
Assets 2
Loading