ret2libc

glibc is the happiest place on Earth. It has it all. So how do we use it?

We're going to solve baby_boi which is a simple buffer overflow that leaks the address of printf to us.

(It is the 3rd problem in the zero to hero pwn set.)

For the last week or two I've been saying that glibc is Walmart, it has everything you could ever want in it.

For now we're going to practice taking that address and using it.

Here's the rough outline:

• Read the leak
• Match the leak to a known glibc (perhaps using https://libc.rip/)
• Find the base of glibc (the very first address in the segment, it ends in 0x000)
• Use pwntools to find the other things inside of glibc
• Use ROPgadget --binary baby_boi to get argument loaders
• Jump around in there calling whatever we want