Code snippets testing system security features like Buffer Overflow, String format, etc.

Code snippets testing system security features like Buffer Overflow, String format, etc.

Code snippets testing system security features like Buffer Overflow, String format, etc.
With Penetration Techiques:
+ Buffer Overflow
+ Format String
+ Decompilation
+ ReEngineering

Debugging Access Control - Setuid drop privilege

Debugging Access Control – Setuid drop privilege

Basic Knowledge:
+ Canary is an advanced signal to an attack or harmful manipulation
+ Stack canary is a piece of data infront of the return pointer. Check Canary value to the original canary value.
+ If the value of the canary has been manipulated, then dump out.
+ This way to prevent buffer overflow attacks.

Usage and Compilations:
Compilations using stack protector:
—— Buffer Overflow —–
– gcc -fno-stack-protector -z execstack bufo.c -o bufo
– ./bufo perl -e 'print "A"x12'
– ./bufo perl -e 'print "A"x32' | Segmentation fault
—– Access Control Compilations —–
– gcc -fno-stack-protector -z execstack setuidDropPrivilege.c -o setuidDropPrivilege
– ./setuidDropPrivilege <message>
– example ./setuidDropPrivilege AAAAA
output: setuid
—– Format String —–
– gcc -fno-stack-protector -z execstack formatstr.c -o formatstr
– ./formatstr
– output b 0x80496f8
—- Prevent Bufo ——
– gcc -fno-stack-protector -z execstack preventBufo.c -o preventBufo
– ./preventBufo

Download : SystemSecurity.zip (8.9 KB)
Source : https://github.com/alkutnikar