Definitely don't compile and run these as executables, this is just for research purposes.
First, download the private ssh key that should have been provided to you.
Using the provided ssh key you will first need to access the VM:
ssh -i /Downloads/mySSHKey.pem azureuser@10.0.0.249
Now install the build-essential packages including the GNU C Compiler (GCC) and GNU Debugger (GDB):
sudo apt-get install build-essential
Then disable address space layout randomisation:
sudo bash -c 'echo 0 > /proc/sys/kernel/randomize_va_space'
Then install the rust compiler, rustup rust installer and version manager, and cargo package manager from the rust website:
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
Now install git:
sudo apt install git-all
Then clone this repository in a directory of your choice:
git clone https://github.com/callumadair/Buffer-Busting.git
Now navigate to the source code files and perform the following steps:
- Compile the C code using the gcc compiler excluding stack protections such as canaries, for example:
gcc overflow.c -o overflow -fno-stack-protector
- Now using gdb, capture the execution of the program:
gdb ./overflow
- Now disassamble the program:
disas main
- Locate the call to
strcpy
then add a breakpoint so that we can capture the state of the memory addresses, for example:break *0000...
- Now , run the program with
r
- View the memory addresses using
x/100wx $esp
- Continue the execution:
c
- View the memory addresses again:
x/100wx $esp
- Compile the rust code using the rust compiler, for example:
rustc overflow_unsafe.rs
- Run the overflow, for example:
./overflow_unsafe