# Procedure Lookup Table, Global Offset Table

* Both are part of dynamic binaries
* PLT resolves called function address of shared object
* A function call inside the binary, to a function inside a shared object is done via PLT
* __PLT__ contains dynamic address, references GOT
* __GOT__ contains the absolute address of the called functions. Dynamic linker updates the GOT
* __Lazy Linking__ is the process of loading the called SO function after they are called for the first time


## pwn

* Overwrite the GOT address of a called functions, which then will be returned instead

* Check the disassembly of the binary for SO function call
```sh
x/s <functionaddress>
x/3i <functionaddress>
```
* This is the PLT address
* Check the GOT address of the PLT. There should be `PTR` via `jmp` to the GOT address of the function

* Rewrite this address with for example `system`. Take a look where it is placed
```sh
p system
```
* Set the address of the `jmp` to GOT to `system` address
```sh
set *<foundGOTjmpAddress>=<foundSystemAddress>
```

* Fill the buffer with the argument to `system`