Task$2.$ Address Randomization

Now, we turn on the Ubuntu$$s address randomization. We run the same attack developed in Task $1.$ Can you get a shell? If not, what is the problem? How does address randomization make your attacks difficult?

sudo sysctl $-$w kernel.randomize$\_$va$\_$space$=2$

If running the vulnerable code once does not get you the root shell, how about running it for many times? You can run $./$stack in the following loop $,$ and see what will happen. If your exploit program is designed properly, you should be able to get the root shell after a while. You can modify your exploit program to increase the probability of success $($i$.$e$.,$ reduce the time that you have to wait$).$

seed@ubuntu:~$/$Desktop$ sh $-$c "while $[1]$; do $./$stack; done;"

# whoami

Root

Task$3.$ Stack Guard

Before working on this task, remember to turn off the address randomization first, or you will not know which protection helps achieve the protection.

In our previous tasks, we disabled the $$Stack Guard$$ protection mechanism in gcc when compiling the programs. In this task, you may consider repeating task $1$ in the presence of Stack Guard. To do that, you should compile the program without the $-$fno$-$stack$-$protector option. For this task, you will recompile the vulnerable program, stack.c$,$ to use GCC$$s Stack Guard, execute task $1$ again.

root@ubuntu:$/$home$/$seed$/$Desktop# sysctl $-$w kernel.randomize$\_$va$\_$space$=0$

kernel.randomize$\_$va$\_$space $=0$

root@ubuntu:$/$home$/$seed$/$Desktop# gcc $-$o stack stack.c

root@ubuntu:$/$home$/$seed$/$Desktop# chmod u$+$s stack

root@ubuntu:$/$home$/$seed$/$Desktop# exit

exit

seed@ubuntu:~$/$Desktop$ $./$stack

$***$ stack smashing detected $***$: $./$stack terminated

Segmentation fault $($core dumped$)$

Task$4.$ Non$-$executable Stack

Before working on this task, remember to turn off the address randomization first, or you will not know which protection helps achieve the protection.

In our previous tasks, we intentionally make stacks executable. In this task, we recompile our vulnerable program using the noexecstack option, and repeat the attack in Task $1.$ Can you get a shell? If not, what is the problem? How does this protection scheme make your attacks difficult. You can use the following instructions to turn on the non$-$executable stack protection.

gcc $-$o stack $-$fno$-$stack$-$protector $-$z noexecstack stack.c

It should be noted that non$-$executable stack only makes it impossible to run shellcode on the stack, but it does not prevent buffer$-$overflow attacks, because there are other ways to run malicious code after exploiting a buffer$-$overflow vulnerability. The return$-$to$-$libc attack is an example.

root@ubuntu:$/$home$/$seed$/$Desktop# sysctl $-$w kernel.randomize$\_$va$\_$space$=0$

kernel.randomize$\_$va$\_$space $=0$

root@ubuntu:$/$home$/$seed$/$Desktop# gcc $-$o stack $-$z noexecstack $-$fno$-$stack$-$protector stack.c$`$

root@ubuntu:$/$home$/$seed$/$Desktop# chmod u$+$s stack

root@ubuntu:$/$home$/$seed$/$Desktop# exit

exit

seed@ubuntu:~$/$Desktop$ $./$stack

Segmentation fault $($core dumped$)$ pleas provide screenshot from powershellfor each task so important i want the answer in screenshots please