A few years ago I was playing around with some examples from the infamous 1996 article, "Smashing the Stack for Fun and Profit".
I was somewhat dismayed to find all these new fangled protections like ASLR and Stack Protection that made executing simple buffer overflows much more difficult! I realize that these are good things but as a student of security it did raise the bar of difficulty for writing real-world exploits.
You need to compile your programs with the necessary flags to turn off these protections or if that isn't an option you need to try and use various counter measures like NOP slides, heap sprays, stack cookie replacement etc. I wish I had been around to enjoy what seems like must have been the golden era of the 90's when writing buffer overflows was relatively easy.
> I wish I had been around to enjoy what seems like must have been the golden era of the 90's when writing buffer overflows was relatively easy.
There are a lot of more primitive computing devices which don't have such protections. For example, ASLR was added to android as late as version 4.0 (2011).
I was somewhat dismayed to find all these new fangled protections like ASLR and Stack Protection that made executing simple buffer overflows much more difficult! I realize that these are good things but as a student of security it did raise the bar of difficulty for writing real-world exploits.
You need to compile your programs with the necessary flags to turn off these protections or if that isn't an option you need to try and use various counter measures like NOP slides, heap sprays, stack cookie replacement etc. I wish I had been around to enjoy what seems like must have been the golden era of the 90's when writing buffer overflows was relatively easy.