Global Offset Table (GOT) and Procedure Linkage Table (PLT) - Binary Exploitation PWN101
5.2 هزار بار بازدید -
2 سال پیش
-
In this video we will
In this video we will see how the Global Offset Table (GOT) and the Procedure Linkage Table (PLT) work together in order to make the execution of the binary possible. We will dig into the GOT and PLT from a binary exploitation (PWN) perspective, aiming at understanding how attacks like ret2plt or GOT overwrites are carried on. We will also debug the invocation of the Dynamic Linker when it is time to resolve the address of a given function at runtime, a process known as Lazy Binding.
Binary Exploitation playlist: Binary Exploitation PWN101
Additional Resources:
- GOT and PLT from Live Overflow: Global Offset Table (GOT) and Procedu...
- GOT and PLT for pwning: https://systemoverlord.com/2017/03/19...
- PLT and GOT: https://ir0nstone.gitbook.io/notes/ty...
- What is PLT/GOT?: https://reverseengineering.stackexcha...
- What is the GOT: https://ctf101.org/binary-exploitatio...
- PLT and GOT: The key to code sharing and dynamic libraries https://www.technovelty.org/linux/plt...
- Pwn the GOT!: https://blog.fxiao.me/got-plt/
- Dynamic Linking: https://refspecs.linuxfoundation.org/...
- Linkers series (20 parts): https://lwn.net/Articles/276782/
- Linkers & Loaders by John R. Levine: http://www.staroceans.org/e-book/Link...
00:00 - Intro
01:27 - Checking binary protections
02:11 - Disassembling the binary
02:38 - Imported functions
03:58 - PLT and GOT
04:12 - Additional Resources
06:15 - PLT and GOT
07:08 - Procedure Linkage Table
08:36 - Global Offset Table
10:05 - Invoking the Dynamic Linker
10:27 - Lazy Binding
12:58 - Recap
14:04 - Debugging the binary
15:07 - .plt, .got and .got.plt
15:36 - .got vs .got.plt
14:04 - Debugging the binary
18:20 - ld, the Dynamic Linker
19:14 - Debugging the binary
19:29 - GOT entries after calling the Dynamic Linker
20:57 - Theory behind GOT overwrite attack
22:39 - Outro[*]
Exploit code, not people.
Twitter: @Razvieu
*Outro track: Etsu - Selcouth
GG
Binary Exploitation playlist: Binary Exploitation PWN101
Additional Resources:
- GOT and PLT from Live Overflow: Global Offset Table (GOT) and Procedu...
- GOT and PLT for pwning: https://systemoverlord.com/2017/03/19...
- PLT and GOT: https://ir0nstone.gitbook.io/notes/ty...
- What is PLT/GOT?: https://reverseengineering.stackexcha...
- What is the GOT: https://ctf101.org/binary-exploitatio...
- PLT and GOT: The key to code sharing and dynamic libraries https://www.technovelty.org/linux/plt...
- Pwn the GOT!: https://blog.fxiao.me/got-plt/
- Dynamic Linking: https://refspecs.linuxfoundation.org/...
- Linkers series (20 parts): https://lwn.net/Articles/276782/
- Linkers & Loaders by John R. Levine: http://www.staroceans.org/e-book/Link...
00:00 - Intro
01:27 - Checking binary protections
02:11 - Disassembling the binary
02:38 - Imported functions
03:58 - PLT and GOT
04:12 - Additional Resources
06:15 - PLT and GOT
07:08 - Procedure Linkage Table
08:36 - Global Offset Table
10:05 - Invoking the Dynamic Linker
10:27 - Lazy Binding
12:58 - Recap
14:04 - Debugging the binary
15:07 - .plt, .got and .got.plt
15:36 - .got vs .got.plt
14:04 - Debugging the binary
18:20 - ld, the Dynamic Linker
19:14 - Debugging the binary
19:29 - GOT entries after calling the Dynamic Linker
20:57 - Theory behind GOT overwrite attack
22:39 - Outro[*]
Exploit code, not people.
Twitter: @Razvieu
*Outro track: Etsu - Selcouth
GG
2 سال پیش
در تاریخ 1401/03/16 منتشر شده
است.
5,249
بـار بازدید شده