You might never guess that I begin to learn information security from reverse engineer. Yeah…But that is just a begin, I give up it and start studying Web Security. Finding system vulnerabilities is extremely difficult for newbie. You might trouble shootings a few. Here are some tips to those beginners who don’t want to give up learning:
1) In linux(here I used debian9 as an example)
echo 0 > /proc/sys/kernel/randomize_va_space
- This command can greatly help newbie to utilize shellcode without difficult bypassing. It closes the address randomize protection service by system.
Shutdown the gcc protection
gcc -fno-stack-protector -z execstack YourInputCFile.c -o YourOutPutFile
- The compiling options close the stack protection and DEP(only in early version of gcc)
If you use the newest version of gcc…
apt install execstack
execstack -s TheExecutiveFile
You have to install this to force stack being executable. Remember use su or
sudo to run these two commands in a non-privilege user.
2) In Windows
- install Windows XP Service Pack 1 , the most convenient methods, LoL
Remember, DO NOT SHUTDOWN THOSE PROTECTIONS IN YOUR WORKING SYSTEM. Plz use virtual machine to do those tasks!
3) Some Tools
- gdb, gcc, IDA Pro, strace
- ollydbg, windbg, gcc
Once you master the beginning skills, you could try to bypass protection, which simulates a more realistic environment.