Eh..

You might never guess that I begin to learn information security from reverse engineer. Yeah…But that is just a begin, I give up it and start studying Web Security. Finding system vulnerabilities is extremely difficult for newbie. You might trouble shootings a few. Here are some tips to those beginners who don’t want to give up learning:

1) In linux(here I used debian9 as an example)

Close ASLR

echo 0 > /proc/sys/kernel/randomize_va_space

  • This command can greatly help newbie to utilize shellcode without difficult bypassing. It closes the address randomize protection service by system.

Shutdown the gcc protection

gcc -fno-stack-protector -z execstack YourInputCFile.c -o YourOutPutFile

  • The compiling options close the stack protection and DEP(only in early version of gcc)

If you use the newest version of gcc…

apt install execstack

then

execstack -s TheExecutiveFile You have to install this to force stack being executable. Remember use su or sudo to run these two commands in a non-privilege user.

2) In Windows

  • install Windows XP Service Pack 1 , the most convenient methods, LoL

Remember, DO NOT SHUTDOWN THOSE PROTECTIONS IN YOUR WORKING SYSTEM. Plz use virtual machine to do those tasks!

3) Some Tools

linux

  • gdb, gcc, IDA Pro, strace

Windows

  • ollydbg, windbg, gcc

End

Once you master the beginning skills, you could try to bypass protection, which simulates a more realistic environment.