Setup a buffer overflow testing environment
1 June 2010 12:38 2 messages
License : Copyright Emeric Nasi, some rights reserved
This work is licensed under a Creative Commons Attribution 4.0 International License.
If you are interested in GNU Linux security you might want to learn how to exploit buffers overflow.
Most modern Linux distributions and compilers have built-in functions against stack smashing and heap smashing. That is why it is not that easy to setup a testing environment.
Here are a few steps to do it.
I Install the OS
You should never test security exploits on your own machine. So the first thing we will do is to install a virtual one.
1 - Install VirtualBox
You can find it at http://www.virtualbox.org/wiki/Linux_Downloads, or use your favorite package manager.
2 - Download Debian 5
You can find minimal CD installation here http://www.debian.org/CD/netinst/.
This CD should not exceed 200Mo and the installed system won’t have any protection against buffer overflows.
3 - Create a new virtual machine
Choose the system Linux - Debian
Use minimal settings, you will just use it to test exploits not anything else.
Add your Debian ISO as an optical disk.
Run your virtual machine (VM) and follow default installations.
At the end of the installation, choose a desktop environment or the default environment.
II Install the needed applications
Login as root into your new Debian VM and follow the next steps.
1 - Easy access to your VM
If you use the desktop environment install the VirtualBox add-ons
If you use console only access, install open-ssh : # apt-get install openssh-server
Then connect to you VM using ssh.
2 - Install a compiler # apt-get install gcc
# apt-get install make
3 - Install a debugger, decompiler # apt-get install gdb
3 - Install a text editor
I let you choose the one you prefer, vim or nano if you use console access. gedit, kate, emacs and many more if you use the desktop environment.
4 - Optionally
Install paxtest to verify that your system does not have any protections.#apt-get install paxtest
III Disable stack randomization
On default Debian 5 system, you can write on the stack, however starting to learn buffer overflow is not easy because of stack randomization feature.
For example, using the gdb debugger you an notice that, at the same breakpoints, the stack pointer %esp is never at the same address.(gdb) x $esp
-> random address
Another way to check if randomization feature is on is to use the kernel customizing tool sysctl:# sysctl kernel.randomize_va_space
If the value is > 0 then stack randomization is ON.
To temporarily disable this feature we will also use sysctl :# sysctl -w kernel.randomize_va_space=0
If yo want to permanently disable this feature you need to add the line
"kernel.randomize_va_space = 0" to sysctl.conf (kernel customization boot file).
IV Test stack smashing
Imagine now you want to start with a good old stack smashing.
1 - Create the test folder # mkdir smash_stack
# cd smash_stack
2 - Create the test program
Just an example :
// victim.c int main(int argc,char *argv[]) { char buffer[256]; if (argc > 1) }
3 - Compile the test program # gcc -z execstack -fno-stack-protector victim.c -o victim
4 - Is the vulnerability exploitable?
The victim program copies the first argument into a 256 length buffer. To create a buffer overflow we call victim program with a 258 length argument.# ./victim $( printf "%0258x" 0 )
-> Segmentation fault
All right, you are now ready to learn how to smash the stack!
You can get back your favorite tutorial/book.
Also in this section
20 July 2017 – Digging passwords in Linux swap
30 May 2016 – VNC to access Kali Linux on Raspberry Pi
5 December 2010 – Linux filesystem security scans
27 August 2010 – Linux security using a limited group (PAM modules)
14 August 2010 – How to secure Linux users
1 Forum posts
Thanks for this, Emeric.
I have been using the CD that comes with "Hacking: The Art of Exploitation", by Jon Erikson, running it in VMWare Player. however, I upgraded my system, and VMWare player broke. Rather than debug that, I was able to use your tutorial to get an equally effective environment running in VirtualBox where the Erikson CD does not want to run.
1. Setup a buffer overflow testing environment, 26 March 2012, 21:13, by Emeric Nasi
Glad it helped!