The other day I was working on a pwn challenge and I noticed something interesting: its version of libc had partial RELRO enabled. To redirect control flow I tried overwriting one of libc’s GOT entries with a one_gadget, but I didn’t have enough register control to pop a shell. That got me thinking: what if we could use libc’s GOT as a sort of jump table? This is a technique (itself a specific kind of JOP) I’d like to dub1 called “GOT-oriented programming” (GOP).
No pages have linked to this URL yet.