For one of my uni projects, part of my contribution was to set up a debian virtual machine. The setup of this machine was very similar to my kali installation earlier on this blog. However, this machine should be vulnerable, so I disabled a very important feature: ASLR.
Address space randomized layout basically means memory addresses and locations get randomized. This stops an everyday hacker from knowing the locations of executable code that get loaded from the OS in memory; in turn, this means it makes it harder for a hacker to "get shell". This makes something called 'zero-day-attacks' harder; a vulnerability in a OS could be discovered, but the user would not know how to access where that vulnerability was loaded into memory.
I have specifically turned this feature off in a debian machine, but nearly every operating system today will use this feature to prevent hackers from very simple exploits such as dropping a shell, buffer overflows and buffer underflows.
To turn this feature off on a linux installtion, you can follow these steps I found off the internet:
- Open a terminal
- "su" to switch to the super user
- "nano /etc/sysctl.conf"
- at the very end of that text file add "kernel.randomize_va_space=0"
- hit 'ctrl+x' and hit y to save and then hit enter to save
- back in your terminal window type "sysctl -p"
It's now turned off permanently. As well as being useful for hacking, this can also be useful for debugging your programs as variables in your programs should be given the same location and you can directly see their values in memory!