ret2plt
PLT, or Procedure Linkage Table. These are stubs that look up the addresses in the .got.plt section, and either jump to the right address, or trigger the code in the linker to look up the address. (If the address has not been filled in to .got.plt yet.) 漏洞程序 #include <stdio.h> void vuln() { puts("Come get me"); char buffer[20]; gets(buffer); } int main() { vuln(); return 0; } 32位ret2plt plt分析 程序保护 //gcc source.c -o vuln-32 -no-pie -fno-stack-protector -z execstack -m32 └─$ checksec --file=./vuln-32 [*] '/home/kali/exploits/ret2plt/vuln-32' Arch: i386-32-little RELRO: Partial RELRO Stack: No canary found NX: NX enabled PIE: No PIE (0x8048000) plt节 .plt节可执行 [0xf7fe4450]> iS~.plt 10 0x000002f0 0x18 0x080482f0 0x18……