The article Smashing the Stack for Fun and Profit by Aleph One is the seminal work in bringing the method of stack-based buffer overflows to the masses. However, a problem with Smashing the Stack is that it was published in 1996—modern defenses (which are enabled by default) frustrate would be hackers who try to follow the tutorial, only to find that the examples do not work.
As the 20th anniversary of Smashing the Stack approaches, this blog post tries to show how the sample code must be compiled so that the resulting executables are 32-bit and vulnerable as described.
This guide assumes you are running Ubuntu 14.04 or later. The directions would be similar if you are running a Debian or Ubuntu derivative. If you are not running a Linux-based system already, you can install an Ubuntu 14.04 in a virtual machine with Virtualbox.
Install necessary packages
If you are running 64-bit (amd64) Ubuntu 14.04 or later, then you need add the necessary 32-bit libraries:
sudo dpkg --add-architecture i386 sudo apt-get update sudo apt-get install libc6:i386 libncurses5:i386 libstdc++6:i386 \ g++-multilib build-essential gdb
If you are running 32-bit (x86) Ubuntu 14.04 or later:
sudo apt-get update sudo apt-get install build-essential gdb
Compiling the example code
In order to compile the example, code you need to disable the security features that have been enabled since Smashing the Stack has been written. Here’s an example of how to compile example1.c:
gcc -m32 -fno-stack-protector -z execstack -D_FORTIFY_SOURCE=0 \ -o example1 example1.c
This is what the different compile switches do:
-m32: compile for 32-bit
-fno-stack-protector: disable stack canaries
-z execstack: ensure the stack is executable (disable NX bit protection)
-D_FORTIFY_SOURCE=0: disable FORTIFY_SOURCE
Before running programs you need to disable ASLR for your system so that addresses are predictable.
To disable ASLR:
sudo sysctl -w kernel.randomize_va_space=0
To re-enable ASLR:
sudo sysctl -w kernel.randomize_va_space=2
Reading Smashing the Stack
You are now ready to read Smashing the Stack. Because of some minor mistakes in the original article, I recommend you read a revised version in the links below.
- Smashing the Stack for Fun & Profit : Revived, formatted/revised by avicoder
- Smashing The Stack For Fun And Profit (Revised PDF version), based on HTML version by Prabhaker Mateti
- Smashing The Stack For Fun And Profit (Original Phrack article)