Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Find ASLR collision bash one-liner.
LIMIT=100000000; BASE=$(cat /proc/self/maps | grep stack | cut -d- -f1); CNT=0; while true; do A=$(cat /proc/self/maps | grep stack | cut -d- -f1); [ "$A" = "$BASE" ] && break; [ $((CNT % 1000)) -eq 0 ] && echo $CNT ; CNT=$((CNT+1)); [ $CNT -gt $LIMIT ] && break; done; [ $CNT -ne $LIMIT ] && echo "ASLR collision found after: $CNT re-launch." || echo "Could not find collision in 100 mlns forks."
@mgeeky

This comment has been minimized.

Copy link
Owner Author

mgeeky commented Nov 22, 2016

For the record:

  • x86 ( Linux protostar 2.6.32-5-686 #1 SMP Mon Oct 3 04:15:24 UTC 2011 i686 GNU/Linux)
    ASLR collision found after: 903 re-launch. (it takes no more than couple of seconds )

  • x86_64 ( Linux work 4.6.0-kali1-amd64 #1 SMP Debian 4.6.4-1kali1 (2016-07-21) x86_64 GNU/Linux )
    ASLR collision found after: 304610 re-launch. (it took roughly 16 minutes )

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.