Find ASLR collision bash one-liner.

find-aslr-collision.sh

LIMIT=100000000; BASE=$(cat /proc/self/maps | grep stack | cut -d- -f1); CNT=0; while true; do A=$(cat /proc/self/maps | grep stack | cut -d- -f1); [ "$A" = "$BASE" ] && break; [ $((CNT % 1000)) -eq 0 ] && echo $CNT ; CNT=$((CNT+1)); [ $CNT -gt $LIMIT ] && break; done; [ $CNT -ne $LIMIT ] && echo "ASLR collision found after: $CNT re-launch." || echo "Could not find collision in 100 mlns forks."

For the record:

• x86 ( Linux protostar 2.6.32-5-686 #1 SMP Mon Oct 3 04:15:24 UTC 2011 i686 GNU/Linux)
  ASLR collision found after: 903 re-launch. (it takes no more than couple of seconds )

• x86_64 ( Linux work 4.6.0-kali1-amd64 #1 SMP Debian 4.6.4-1kali1 (2016-07-21) x86_64 GNU/Linux )
  ASLR collision found after: 304610 re-launch. (it took roughly 16 minutes )