Penetration Testing: Re: buffer overflows

[kalgecin <kalgecin () gmail com>]

as i said earlier. i didn't disable any protection other than the va
patch. all the gcc and other protections were left on

On 1/12/09, ArcSighter Elite <arcsighter () gmail com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Sanjay R wrote:
> > Hi,
> > as suggested by Fuggiano, by default, gcc has stack protection
> > (StackShield). so, if you got the error similar to
> > **** Stack Smashing detected****.. try to disable it by
> > gcc --no-stack-protector -o vuln vuln.c
> >  Please let us also know if still you are not able to run the
> > examples, so that we will also be aware of this.
> > -sanjay
> >
> > On Fri, Jan 9, 2009 at 5:17 PM, kalgecin <kalgecin () gmail com> wrote:
> > > All i did was disable the va randromization by running
> > > "echo 0 > /proc/sys/kernel/randomize_va_space"
> > > The inbuilt gcc protection and other means of protection were enabled.
> > >
> > > On 1/9/09, Giuseppe Fuggiano <giuseppe.fuggiano () gmail com> wrote:
> > > > 2009/1/8 kalgecin <kalgecin () gmail com>:
> > > > > after reading many papers on the subject only to be disappointed to
> > > > > find out that the examples don't work, i decided to write my own
> > > > > please read it at <kalgecin.b0x.com>.
> > > > > i need all the comments that you can offer either positive or negative.
> > > > Did you disable the stack protector compiling that examples?
> > > >
> > > > --
> > > > Giuseppe Fuggiano
> As said linux enable ASLR and StackProtection by default, you need to
> disable such protections in order to successfully follow any example.
> Secondly, you need to enumerate in order to find some custom kernel
> patches that may be installed in your system.
>
> Sincerely.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFJa0dMH+KgkfcIQ8cRAmd2AJwJ0gBVhIlBHWtfaAqLay4ZabNojgCfcPaj
> LXHydwALoeHkg/PALvKrvgU=
> =9VRl
> -----END PGP SIGNATURE-----
-- 
Sent from Gmail for mobile | mobile.google.com