akde/infosec

Click Here

  • ASLR Address Space Layout Randomization

    ASLR Address Space Lay­out Ran­dom­iza­tion is a tech­nique which ran­dom­izes address­es in the stack and heap. If address­es of func­tions are ran­dom­ized (e.g. from shared libraries like libc), then an attack­er can­not use a pre­de­fined exploit with hard-cod­ed addresses. Linux Dis­able ASLR: echo 0 > /proc/sys/kernel/randomize_va_space Enable ASLR: echo 2 > /proc/sys/kernel/randomize_va_space In GDB, ASLR is…

  • Stack protection

    The stack can be pro­tect­ed against buffer overflows. Stack protection with canaries Like in a coal mine, a canary can pro­vide an indi­ca­tion if some­thing goes wrong. Here, a canary is a defined val­ues which is added between the buffer (where an attack­er will start writ­ing the pay­load) and the SFP Stack Frame Point­er and…

  • gdb

    Gen­er­al pur­pose debugger. Hint: gbd dis­ables ASRL by default.  Commands Gen­er­al set disassembly-flavor intel/att Process han­dling run runs a pro­gramm with­out parameters run `python -c 'print("a")'‘ runs a pro­gram with a parameter run < <(python -c 'print("a")') runs a pro­gram and enters the giv­en string into STDIN c continue si step one instruction Break­points break $f…

  • Modifying PE files

    PE Portable Exe­cu­tung or DLL Dynam­ic Link­ing Libraries can be edit­ed to remove or add capa­bil­i­ties or own code. Read and modify a PE file The fol­low­ing Python3 script reads a file, prints out a head­er, mod­i­fied it to remove ASLR and write a new file with­out this flag. f = pefile.PE('filename.exe') print(hex(f.OPTIONAL_HEADER.DllCharacteristics)) // print as hex to…