scrap

# ExecShield- Disallows executing any code stored in the stack
# --> Results in Buffer overflow attacks not working

# Disable Fedora's default "ExecShield":
su root
sysctl -w kernel.exec-shield=0




# Ubuntu and several linux based systems use address space randomization
# Address space randomization- Randomize starting address of heap and stack
# --> Makes guessing the exact address difficult
# --> Guessing addresses is one of critical steps of buffer-overflow attacks

# Disable address space randomization feature
su root
sysctl -w kernel.randomize_va_space=0






# Further protection against buffer overflow attacks (and other attacks that use shell programs)
# --> Shell programs automatically drop their privileges(when invoked)
# --> Even if attack "fools" a privileged "Set-UID" program to invole shell
#		may not retain privileges


# '/bin/sh' is symbolic link to 'bash' or 'zsh'
# replace 'bash' with 'zsh' --> link zsh program to /bin/sh
cd /bin
rm sh
ln -s /bin/zsh /bin/sh





# Stack Guard- GCC compiler implements security mechanism to prevent buffer overflows
# --> *** Bufferoverflow won't work in presence of this protection

# Disable Stack Guard during compilation
gcc -fno-stack-protector <example.c>








su root
sysctl -w kernel.randomize_va_space=0
exit


gcc -z execstack -fno-stack-protector -o call_shellcode call_shellcode.c
./call_shellcode

su root
gcc -o stack -z execstack -fno-stack-protector stack.c
chmod 4755 stack
exit


//Edit exploit.c
gcc -o exploit exploit.c
./exploit
./stack

# turn on randomization
sysctl -w kernel.randomize_va_space=2
sh -c "while [ 1 ]; do ./stack; done;"