Countermeasures and bypasses for Linux
When it comes to verifying which exploit protections are in place for a particular binary on Linux, a good tool to use is checksec command. This tool can be downloaded from the following location: https://github.com/slimm609/checksec.sh.
Once downloaded, you can view the protection measures by running the following command:
checksec --file=FILENAME
In the following screenshot, I have run the checksec tool on the bin/ls program on Ubuntu. Take note of the various protections that are in place:
Figure 6.5 – Verifying exploit protections using CheckSec
The primer for all exploit bypasses in Linux is the ability to control the EIP. If you are able to control the EIP, you are already on your way toward a working exploit. Countermeasures within Linux become a hindrance on your way to controlling the EIP. If you look at a buffer overflow attack, without protections such as ASLR, it would be easy to...
