Couple questions regarding the material in this lab:
What is a plt sub?
This was mentioned in the lab solution. I understand this is how the program is getting the puts@plt function address in libc. I am just curious if this is true for all function calls to libc. Is there always a plt sub address that can be used to discover the address of a function in libc? Hope this make sense =p
Why do I not get a root shell at the end of the exercise?
I would think that I would gain priv escalation from the permissions of the binary w/sticky bit. Not sure why I am not getting a root shell