Breaking And Entering Post-ASLR Linux

1. If an attempt to overflow a buffer or smash the stack fails under Linux; if you have discovered that your expliot variables' addresses are random each time you try to access them, the version of the particular distribution that you are using will, most likely, have a number of protection mechanisms enabled, that are, in turn, hindering your endeavours.
2.  
3.  
4. This simple HOW-TO shows how to disable the most vital protections in Linux, in order to allow buffer overflowing, and stack smashing. The relative protections are listed below, along with how to disable them:
5.  
6. ADDRESS SPACE LAYOUT RANDOMIZATION (ASLR):
7. Disable:
8. sudo echo 0 > /proc/sys/kernel/randomize_va_space
9.  
10. Re-Enable:
11. sudo echo 2 > /proc/sys/kernel/randomize_va_space
12.  
13.  
14. EXECUTABLE STACK PROTECTION:
15. Compile your programs (using gcc) with the '-z execstack' option. (Without the quotes.)
16.  
17. Example:
18. gcc -o exploit -z execstack exploit.c
19.  
20.  
21. STACK SMASHING PROTECTION:
22. Compile your programs (using gcc) with the '-fno-stack-protector' option. (Without the quotes.)
23.  
24. Example:
25. gcc -o exploit -fno-stack-protector exploit.c
26.  
27.  
28. A typical exploitable program would be compiled as:
29. gcc -o <program> -fno-stack-protector -z execstack <source_file>