Huh? How does that work exactly? I've heard of /proc fuckery before but didn't know you could disable aslr with it.

▲ PhilipRoman 6 hours ago | parent | next [-]

If you have /proc available, you don't even need to disable ASLR (all mappings are available to you)

▲ stackghost 6 hours ago | parent | prev [-]

Hey you know what, I've used dd to write into process memory but haven't actually used it to disable KASLR, so it's possible I am misremembering. My bad.

▲ dominicq 6 hours ago | parent [-]

Sounds super 1337 and I hope it's actually possible somehow.

	▲	aa-jv 6 hours ago \| parent [-]
		Parse /proc/<pid>/maps to find the relevant target_addr in your process-under-attack. And then its a matter of: `$ dd if=shellcode.bin of=/proc/<pid>/mem bs=1 seek=$((target_addr)) ...` See also: DDExec https://github.com/arget13/DDexec