Practicing buffer overflow attack in Ubuntu

Question

I am trying to learn to use buffer overflow attack in Ubuntu. Unfortunately, I cannot turn off Address Space Layout Randomization (ASLR) feature in this OS, which is turned on by default. I have tried some work around found in some fedora books:

echo "0" > /proc/sys/kernel/randomize_va_space

but for some reason the protection's still there. Please give me some suggestions. Thanks.

[edit]Actually the above command was not successful, it said "Permission Denied", even with sudo. How can I fix that?

[adding] I kept on getting segmetation fault error when it shows an address in stack. Is it related to non-executable stack in ubuntu :(?

You need execstack (apt-get install execstack) to disable NX on a per-app basis. — Rushyo, Sep 04 '12 at 12:26
Related: http://stackoverflow.com/questions/5194666/disable-randomization-of-memory-addresses — 0fnt, Feb 14 '13 at 07:09

score 10 · Accepted Answer · answered Jul 02 '09 at 07:58

10

You will need root perms before attempting it, and if I'm not mistaken, to restart once you've done it.

 sudo -i
 echo "0" > /proc/sys/kernel/randomize_va_space

answered Jul 02 '09 at 07:58

scragar

6,764
28
36

I have tried it as you said, but after restarting ubuntu I viewed that file and the previous value in that file was unchanged :|. Thanks. – wakandan Jul 02 '09 at 08:56
3

Of course it changed back after reboot; /proc is a volatile directory. Try recompiling the kernel with randomize_va_space turned off :) – MoshiBin Jul 02 '09 at 18:07
Thank you for answering this, it is going to come in handy in the next couple of days. – Javed Ahamed Jul 27 '09 at 21:54
@wakandan - I believe "restart" refers to your program, not ubuntu. When you restart ubuntu, the protection is set to it's initial value (enabled). – James Caccese Jul 30 '09 at 00:49

score 2 · Answer 2 · answered Jun 06 '10 at 14:41

2

found it myself

you have to compile this way:

gcc -fno-stack-protector -z execstack -o OUTPUT INPUT.c

answered Jun 06 '10 at 14:41

IP-Sh0k

29
1

score 1 · Answer 3 · answered Feb 13 '13 at 18:50

1

You can turn off ASLR for a particular process by launching with setarch

For 32 bit programs:

setarch i386 -R yourProgram

For 64 bit programs:

setarch x86_64 -R yourProgram

answered Feb 13 '13 at 18:50

Stephen

2,613
1
24
42

score 1 · Answer 4 · edited Sep 04 '12 at 12:07

1

gcc compile with -fno-stack-protector

edited Sep 04 '12 at 12:07

Florent

12,310
10
49
58

answered Nov 07 '09 at 11:54

nononn

19
1

score 1 · Answer 5 · answered Nov 07 '09 at 11:59

1

to echo to files with root acces using sudo you can use the following code:

echo "0" | sudo tee /proc/sys/kernel/randomize_va_space

answered Nov 07 '09 at 11:59

knittl

246,190
53
318
364

Practicing buffer overflow attack in Ubuntu

5 Answers5

Linked