hacktricks/binary-exploitation/common-binary-protections-and-bypasses/no-exec-nx.md

43 lines
3.1 KiB
Markdown
Raw Permalink Normal View History

2024-04-06 16:25:58 +00:00
# No-exec / NX
2024-07-18 16:04:36 +00:00
{% hint style="success" %}
2024-07-18 16:14:56 +00:00
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
2024-04-06 16:25:58 +00:00
2024-07-18 16:04:36 +00:00
<details>
2024-04-06 16:25:58 +00:00
2024-07-18 16:04:36 +00:00
<summary>Support HackTricks</summary>
2024-04-06 16:25:58 +00:00
2024-07-18 16:04:36 +00:00
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
2024-04-06 16:25:58 +00:00
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
2024-07-18 16:04:36 +00:00
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
2024-04-06 16:25:58 +00:00
</details>
2024-07-18 16:04:36 +00:00
{% endhint %}
2024-04-06 16:25:58 +00:00
## Basic Information
The **No-Execute (NX)** bit, also known as **Execute Disable (XD)** in Intel terminology, is a hardware-based security feature designed to **mitigate** the effects of **buffer overflow** attacks. When implemented and enabled, it distinguishes between memory regions that are intended for **executable code** and those meant for **data**, such as the **stack** and **heap**. The core idea is to prevent an attacker from executing malicious code through buffer overflow vulnerabilities by putting the malicious code in the stack for example and directing the execution flow to it.
## Bypasses
2024-04-06 19:44:17 +00:00
* It's possible to use techniques such as [**ROP**](../rop-return-oriented-programing/) **to bypass** this protection by executing chunks of executable code already present in the binary.
2024-04-06 16:25:58 +00:00
* [**Ret2libc**](../rop-return-oriented-programing/ret2lib/)
2024-04-12 01:30:25 +00:00
* [**Ret2syscall**](../rop-return-oriented-programing/rop-syscall-execv/)
2024-04-06 16:25:58 +00:00
* **Ret2...**
2024-07-18 16:04:36 +00:00
{% hint style="success" %}
2024-07-18 16:14:56 +00:00
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
2024-04-06 16:25:58 +00:00
2024-07-18 16:04:36 +00:00
<details>
2024-04-06 16:25:58 +00:00
2024-07-18 16:04:36 +00:00
<summary>Support HackTricks</summary>
2024-04-06 16:25:58 +00:00
2024-07-18 16:04:36 +00:00
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
2024-04-06 16:25:58 +00:00
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
2024-07-18 16:04:36 +00:00
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
2024-04-06 16:25:58 +00:00
</details>
2024-07-18 16:04:36 +00:00
{% endhint %}