Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-14 17:07:34 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] one page modified

Browse source
This commit is contained in:
CPol 2021-03-22 11:21:45 +00:00 committed by gitbook-bot
parent bceb2bdadc
commit b37bc52e68
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
exploiting/linux-exploiting-basic-esp/README.md
View file

@ -400,6 +400,12 @@ Contiene las direcciones absolutas de las funciones que son utilizadas en un pro
or using GEF you can start a debugging session and execute `got` to see the got table.
You can see the PLT addresses with `objdump -j .plt -d ./vuln_binary`
In a binary the GOT has the addresses of the functions \(pointing to the PLT\). The goal of this exploit is to override the GOT entry of a function that is going to be executed later with the address of the PLT of the system function. Ideally, you will override the GOT of a function that is going to be called with parameters controlled by you \(so you will be able to control the parameters sent to the system function\).
If system isn't used by the script, the system function won't have an entry in the PLT. In this scenario, you will need to leak first the address of the system function.
You an find a **template** to exploit the GOT using format-strings here:
{% page-ref page="format-string-template.md" %}