Huh? How does that work exactly? I've heard of /proc fuckery before but didn't know you could disable aslr with it.
If you have /proc available, you don't even need to disable ASLR (all mappings are available to you)
Hey you know what, I've used dd to write into process memory but haven't actually used it to disable KASLR, so it's possible I am misremembering. My bad.
:(
Sounds super 1337 and I hope it's actually possible somehow.
Parse /proc/<pid>/maps to find the relevant target_addr in your process-under-attack. And then its a matter of:
$ dd if=shellcode.bin of=/proc/<pid>/mem bs=1 seek=$((target_addr)) ...
https://github.com/arget13/DDexec
What legitimate purpose does this feature serve? Why should a process be able to write into the virtual memory of another process?
If you have /proc available, you don't even need to disable ASLR (all mappings are available to you)
Hey you know what, I've used dd to write into process memory but haven't actually used it to disable KASLR, so it's possible I am misremembering. My bad.
:(
Sounds super 1337 and I hope it's actually possible somehow.
Parse /proc/<pid>/maps to find the relevant target_addr in your process-under-attack. And then its a matter of:
See also: DDExechttps://github.com/arget13/DDexec
What legitimate purpose does this feature serve? Why should a process be able to write into the virtual memory of another process?