# One gadget

A `one gadget` is an `execve("/bin/sh")` command that is directly present in gLIBC. Using this gadget it's possible to execute an arbitrary code with a single gadget. 

## Finding one gadget

It's possible to retrieve all one gadget of a libc using the tool [one\_gadget](https://github.com/david942j/one_gadget) : 

```bash
# one_gadget /tmp/libc.so.6 
0x13ea3b execl("/bin/sh", eax)
constraints:
  ebp is the GOT address of libc
  eax == NULL

0x13ea3c execl("/bin/sh", [esp])
constraints:
  ebp is the GOT address of libc
  [esp] == NULL
```

{% hint style="warning" %}
For most of `one gadget` some requirements have to be met in order to execute the gadget.
{% endhint %}