Assume that we detect­ed a buffer over­flow vul­ner­a­bil­i­ty, but we don’t have enough space on the stack for our shellcode or the bina­ry’s stack is marked as not-exe­cutable (DEP enabled). Then we can try to call a com­mon library which is also loaded (wie the plt). Walkthrough of a ret2lib attack Before we start, dis­able ASLR as…