How to find the libc version without having its local copy.
Scenario
Todays scenario is similar to the one described in my previous artice:
- we have the binary vulnerable to ret2libc
- we managed to leak the address of puts in memory
- but we don’t have the libc given, so we can’t calculate the offsets in memory
Solution
- Leak the address of any function in memory
- Go to libc database 1 or 2
- Fill the form with function name and last 3 characters of address and press search
- Download provided libc binary or use the offsets provided by database
