This has been tested on Arch Linux. It will only work if your home directory
is "/home/jc". You should probably try the "UbuntuSupport" branch.
- Use the command below to disable
aslr
for an instance of
bash. Every child process will have aslr disabled.
setarch `uname -m` -R /bin/bash
export PS1="(no aslr) $PS1"
-
Construct the binairies,
vulnandhak, withmake. -
./hak | ./vulnto send the payload.
NOTE: If there is a segmentation fault (highly likely), that is most likely
from an invalid return address. Update goal in hak.c to the address given
by vuln, and continue from step 2.
Try the Linux instructions. I'm not sure if all the tools can be found on a Mac.
Follow the instructions here.