Note: If you have a term you'd like added to the list, add an Issue or open a Pull Request.
-
ASLR (Address Space Layout Randomization): Security measure in modern OSes to randomize stack and libc addresses on each program execution.
-
Binary: A binary is the output file from compiling a C or C++ file. Anything in the binary has a constant address (usually... see PIE.)
-
Canary: A canary is some (usually random) value that is used to verify that nothing has been overrwritten. Programs may place canaries in memory, and check that they still have the exact same value after running potentially dangerous code, verifying the integrity of that memory.
-
GOT (Global Offset Table): The GOT is a table of addresses stored in the data section of memory. Executed programs use it to look up the runtime addresses of global variables that are unknown at compile time.
-
Heap: The heap is a far more reliable memory space similar to the stack. However, usage of the heap has to be invoked by the coder, so heap problems are often their own category of exploitation
-
libc: A binary is dynamically linked and has a libc file. This means that the whole set of standard library functions are located somewhere in the memory used by the program.
-
NX (Non-Executable): Security measure in modern OSes to separate processor instructions (code) and data (everything that's not code.) This prevents memory from being both executable and writable.
-
PIE (Position Independent Executable): Essentially ASLR, but for the binary itself. When this protection is enabled, locations of actual code in the binary are randomized.
-
PLT (Procedure Linkage Table): The PLT is essentially a wrapper function for all functions directly called in the binary. Only used in dynamically linked binaries.
-
ROP (Return Oriented Programming): Reusing tiny bits of code throughout the binary to construct commands we want to execute.
-
Stack: The stack is part of the memory for a binary. Local variables and pointers are often stored here. The stack can be randomized.
TODO: ADD MORE.
-
mprotect(): This is the function responsible for setting page pivilieges. If you can call this function with your own arbitrary arguments, you can effectively bypass NX protection. -
system(): This function can be used to execute commands or even other binaries if called properly. I think it defaults to sh to handle commands on most Linux flavors.
-
Arbitrary: This word is used to imply the fullness of control that you might have given an exploit. If you've achieved arbitrary code execution, that means you can run, read, or write whatever commands you choose.
-
Reliable: Reliable in the context of binary exploitation is almost exactly the same as regular use. An exploit is said to be reliable if it works across different runs consistently. It might seem dumb to define this work, but somtimes with exploits you will only have the option to make an unreliable exploit.