Skip to content

Instantly share code, notes, and snippets.

@ppmx
Created December 2, 2018 21:45
Show Gist options
  • Select an option

  • Save ppmx/10dcd0804503affb92584e03718d17d6 to your computer and use it in GitHub Desktop.

Select an option

Save ppmx/10dcd0804503affb92584e03718d17d6 to your computer and use it in GitHub Desktop.
sys_getdents filename extraction
#include <dirent.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <unistd.h>
struct linux_dirent {
unsigned long d_ino;
unsigned long d_off;
unsigned short d_reclen;
char d_name[];
};
int main()
{
int fd, syscall_rv;
char buffer[1024];
if ((fd = open("./passwd/", O_RDONLY | O_DIRECTORY)) == -1) {
printf("[!] open() failed\n");
return -1;
}
if ((syscall_rv = syscall(SYS_getdents, fd, buffer, 1024)) == -1) {
printf("[!] syscall failed()\n");
return -1;
}
printf("[+] read %d bytes using SYS_getdents.\n", syscall_rv);
printf("[+] start extraction of filenames.\n");
for (size_t buffer_index = 0; buffer_index < syscall_rv; ) {
// jump above d_ino, d_off and d_reclen with the offset 18:
printf("%s\n", buffer + buffer_index + 18);
// increment with d_reclen:
buffer_index += *((unsigned short *) (buffer + buffer_index + 16));
}
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment