Sup' all,
I'm currently working on my ROP skills and trying out ROPeme[1]. So what ROPeme does is that it helps exploit developers / researchers to generate ROP gadgets easily. For those who wants to find out more about ROP or return-oriented programming, try this tutorial: http://www.exploit-db.com/wp-content/themes/exploit/docs/28479.pdf It's a step-by-step guide to perform your first ROP on Linux.
Anyway, I went to the site and git cloned the ropeme folder onto my '/opt/' directory. When I tried to run './ropshell.py', I get the following error message:
So basing on a hunch while thinking it was a long-shot, I went ahead and opened up gadgets.py and changed every occurence of 'distorm' to 'distorm3'. Unexpectedly, it worked!
Solution to make ROPeme work with distorm3 (I'm using Kali Backtrack[2])
1. Open up 'gadgets.py'
2. Do a 'replace' for every 'distorm' to 'distorm3'*
3. Save and exit
4. Issue the following command: # python ropshell.py
5. Celebrate a little and move on to actually do ROP.
*Needless to say, you'll need to have 'distorm3' installed on your linux.
Happy kittehz, happy ROPping ;)
- JS
References:
[1] ROPeme - http://www.vnsecurity.net/2010/08/ropeme-rop-exploit-made-easy/
[2] Kali Backtrack - http://www.kali.org/
I'm currently working on my ROP skills and trying out ROPeme[1]. So what ROPeme does is that it helps exploit developers / researchers to generate ROP gadgets easily. For those who wants to find out more about ROP or return-oriented programming, try this tutorial: http://www.exploit-db.com/wp-content/themes/exploit/docs/28479.pdf It's a step-by-step guide to perform your first ROP on Linux.
Anyway, I went to the site and git cloned the ropeme folder onto my '/opt/' directory. When I tried to run './ropshell.py', I get the following error message:
File "ropshell.py", line 24, in <module>I tried googling but it was a futile exercise. Then I did an apt-cache search distorm and found 'distorm3' in the distro. And of course, I went ahead to 'apt-get install distorm3' and found out that I actually had that in already. Drats! Now what?!
import gadgets
File "/opt/ropeme/ropeme/gadgets.py", line 21, in <module>
import distorm
ImportError: No module named distorm
So basing on a hunch while thinking it was a long-shot, I went ahead and opened up gadgets.py and changed every occurence of 'distorm' to 'distorm3'. Unexpectedly, it worked!
Solution to make ROPeme work with distorm3 (I'm using Kali Backtrack[2])
1. Open up 'gadgets.py'
2. Do a 'replace' for every 'distorm' to 'distorm3'*
3. Save and exit
4. Issue the following command: # python ropshell.py
5. Celebrate a little and move on to actually do ROP.
*Needless to say, you'll need to have 'distorm3' installed on your linux.
Happy kittehz, happy ROPping ;)
- JS
References:
[1] ROPeme - http://www.vnsecurity.net/2010/08/ropeme-rop-exploit-made-easy/
[2] Kali Backtrack - http://www.kali.org/