So I recently came across a the book “Hacking: The Art of Exploitation” while browsing at chapters and decided to pick it up. I've always been curious as to how exploits really work and my security class in university wasn't very thorough with how it worked, I guess they were afraid or something? This post is to kind of show absolutely how ridiculous they were for thinking that any of the buffer overflow material was dangerous. The book comes with cd that you can use to boot into and have a machine for executing all the code against but being that I already have VM’s a plenty I decided it would be a more interesting exercise to use those ones instead. I write this post as more of a reminder for myself when I try this on another machine and eventually run into a frustration loop. There are two main things that you will need to know if you want to run the examples from the book on modern machines.
Step 1: Compile with -fno-pointer-protection
Turns out that programs will complain if you just compile programs like the following:
$ gcc overflow.c -o overflow
Instead you must include an option to allow for buffer overflowing
$ gcc overflow.c -o overflow -fno-stack-protection
Without this option you will try to run the program and run into messages saying something like ‘Stack smashing detected’ which will immediately halt the program, which is obviously not very useful.
Step 2: Disable ASLR
Many of the examples in the book have you using gdb to view the address location of stack in memory. When you try to run some of the examples that have to deal with overflowing and jumping to a specific memory address you will find that the addresses are different every time you run the program. That’s due to ASLR or Address space layout randomization so that you can’t make programs jump to a specific address. To turn that off you simply need to run the following command:
$ sudo bash -c 'echo 0 > /proc/sys/kernel/randomize_va_space'
So after running into these technical difficulties I was able to get the buffer overflow examples running without an issue. It should show readers, hopefully teachers in the field, that these examples are very trivial and not very threatening but instead already blocked by modern tools and operating systems. The learning value exceeds the danger of someone using one of these techniques anywhere in the real world.