Almost every program nowadays is compiled with W^X (--no_execstack) by default which means the memory is not executable and writable at once (Windows equivalent is DEP). Still a good example of how a basic overflow can lead to arbitrary code execution. A follow-up post using ROP or return-to-libc would be interesting, with W^X enabled.
My favourite resource for these types of exploits used to be phiral.com (see Wayback Machine circa March 2007 [1], since it doesn't exist anymore), belonging to author Jon Erickson who wrote "Hacking: the Art of Exploitation" [2].
The protection only protects under some circumstances not all. So this demo still seems valid. Also the protection comes at a cost of extra code (and extra execution time).
This means to me that any IoT device probably does not have stack protection.
[+] [-] cedricvg|10 years ago|reply
[+] [-] vampire_dk|10 years ago|reply
[+] [-] juanuys|10 years ago|reply
[1] https://web.archive.org/web/20070305111749/http://phiral.com...
[2] https://en.wikipedia.org/wiki/Hacking:_The_Art_of_Exploitati...
[+] [-] vampire_dk|10 years ago|reply
[+] [-] trampi|10 years ago|reply
[+] [-] dimdimdim|10 years ago|reply
http://www.pentesteracademy.com/topics?v=nhr
[+] [-] Ecco|10 years ago|reply
[+] [-] nautical|10 years ago|reply
[+] [-] dmeeze|10 years ago|reply
[+] [-] anewhnaccount|10 years ago|reply
[+] [-] amenod|10 years ago|reply
Does anyone know how common stack protector is in the wild?
[+] [-] pm24601|10 years ago|reply
The protection only protects under some circumstances not all. So this demo still seems valid. Also the protection comes at a cost of extra code (and extra execution time).
This means to me that any IoT device probably does not have stack protection.
[+] [-] Liru|10 years ago|reply
[+] [-] nautical|10 years ago|reply