Software: Apache. PHP/5.4.45 

uname -a: Linux webm056.cluster010.gra.hosting.ovh.net 5.15.167-ovh-vps-grsec-zfs-classid #1 SMP Tue
Sep 17 08:14:20 UTC 2024 x86_64 

uid=243112(mycochar) gid=100(users) groups=100(users)  

Safe-mode: OFF (not secure)

/home/mycochar/www/image/photo/go/src/cmd/go/testdata/script/   drwxr-xr-x
Free 0 B of 0 B (0%)
Your ip: 216.73.216.77 - Server ip: 213.186.33.19
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    

[Enumerate]    [Encoder]    [Tools]    [Proc.]    [FTP Brute]    [Sec.]    [SQL]    [PHP-Code]    [Backdoor Host]    [Back-Connection]    [milw0rm it!]    [PHP-Proxy]    [Self remove]
    


Viewing file:     trampoline_reuse_test.txt (2.72 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
# Verify PPC64 does not reuse a trampoline which is too far away.
# This tests an edge case where the direct call relocation addend should
# be ignored when computing the distance from the direct call to the
# already placed trampoline
[short] skip
[!GOARCH:ppc64] [!GOARCH:ppc64le] skip
[GOOS:aix] skip

# Note, this program does not run. Presumably, 'DWORD $0' is simpler to
# assembly 2^26 or so times.
#
# We build something which should be laid out as such:
#
# bar.Bar
# main.Func1
# bar.Bar+400-tramp0
# main.BigAsm
# main.Func2
# bar.Bar+400-tramp1
#
# bar.Bar needs to be placed far enough away to generate relocations
# from main package calls. and main.Func1 and main.Func2 are placed
# a bit more than the direct call limit apart, but not more than 0x400
# bytes beyond it (to verify the reloc calc).

go build

-- go.mod --

module foo

go 1.19

-- main.go --

package main

import "foo/bar"

func Func1()

func main() {
        Func1()
        bar.Bar2()
}

-- foo.s --

TEXT main·Func1(SB),0,$0-0
        CALL bar·Bar+0x400(SB)
        CALL main·BigAsm(SB)
// A trampoline will be placed here to bar.Bar

// This creates a gap sufficiently large to prevent trampoline reuse
#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0;
#define NOP256 NOP64 NOP64 NOP64 NOP64
#define NOP2S10 NOP256 NOP256 NOP256 NOP256
#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10
#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12
#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14
#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16
#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18
#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20
#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22
#define BIGNOP NOP2S24 NOP2S24
TEXT main·BigAsm(SB),0,$0-0
        // Fill to the direct call limit so Func2 must generate a new trampoline.
        // As the implicit trampoline above is just barely unreachable.
        BIGNOP
        MOVD $main·Func2(SB), R3

TEXT main·Func2(SB),0,$0-0
        CALL bar·Bar+0x400(SB)
// Another trampoline should be placed here.

-- bar/bar.s --

#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0;
#define NOP256 NOP64 NOP64 NOP64 NOP64
#define NOP2S10 NOP256 NOP256 NOP256 NOP256
#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10
#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12
#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14
#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16
#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18
#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20
#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22
#define BIGNOP NOP2S24 NOP2S24 NOP2S10
// A very big not very interesting function.
TEXT bar·Bar(SB),0,$0-0
        BIGNOP

-- bar/bar.go --

package bar

func Bar()

func Bar2() {
}

Enter:
 
Select:
 

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

Search
  - regexp 
Upload
 
[ ok ]

Make Dir
 
[ ok ]
Make File
 
[ ok ]

Go Dir
 
Go File
 

--[ x2300 Locus7Shell v. 1.0a beta Modded by #!physx^ | www.LOCUS7S.com | Generation time: 0.0065 ]--