├── ExploitMe ├── .gitignore ├── ExploitMe.sln └── ExploitMe_1 │ ├── ExploitMe_1.vcxproj │ ├── ExploitMe_1.vcxproj.filters │ └── main.c ├── ExploitMe_1.exe ├── ExploitMe_1.pdb ├── README.md ├── exploit.py ├── mapfile ├── sce.py ├── screenshot ├── 0_ropgadget.png ├── 10_checkMem.gif ├── 11_continue.gif ├── 12_ret.gif ├── 13_pebear.png ├── 14_kernel32base.png ├── 15_checkgadget.png ├── 16_pwned.gif ├── 1_DisableASLR.png ├── 2_editExploit.png ├── 3_runExploit.png ├── 4_findPid.png ├── 5_attach.png ├── 5_attach2.png ├── 6_WinDbg_k.png ├── 6_WinDbg_k2.png ├── 6_WinDbg_~.png ├── 6_WinDbg_~0s.png ├── 7_WinDbg_gu.png ├── 8_enterExploit.gif └── 9_ret2Main.gif ├── setting.bat ├── shellcode.exe └── shellcode ├── .gitignore ├── shellcode.sln ├── shellcode ├── function_order.txt ├── mapfile ├── shellcode.cpp ├── shellcode.vcxproj └── shellcode.vcxproj.filters └── shellcode_test ├── shellcode_test.vcxproj ├── shellcode_test.vcxproj.filters └── test.cpp /ExploitMe/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/ExploitMe/.gitignore -------------------------------------------------------------------------------- /ExploitMe/ExploitMe.sln: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/ExploitMe/ExploitMe.sln -------------------------------------------------------------------------------- /ExploitMe/ExploitMe_1/ExploitMe_1.vcxproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/ExploitMe/ExploitMe_1/ExploitMe_1.vcxproj -------------------------------------------------------------------------------- /ExploitMe/ExploitMe_1/ExploitMe_1.vcxproj.filters: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/ExploitMe/ExploitMe_1/ExploitMe_1.vcxproj.filters -------------------------------------------------------------------------------- /ExploitMe/ExploitMe_1/main.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/ExploitMe/ExploitMe_1/main.c -------------------------------------------------------------------------------- /ExploitMe_1.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/ExploitMe_1.exe -------------------------------------------------------------------------------- /ExploitMe_1.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/ExploitMe_1.pdb -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/README.md -------------------------------------------------------------------------------- /exploit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/exploit.py -------------------------------------------------------------------------------- /mapfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/mapfile -------------------------------------------------------------------------------- /sce.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/sce.py -------------------------------------------------------------------------------- /screenshot/0_ropgadget.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/screenshot/0_ropgadget.png -------------------------------------------------------------------------------- /screenshot/10_checkMem.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/screenshot/10_checkMem.gif -------------------------------------------------------------------------------- /screenshot/11_continue.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/screenshot/11_continue.gif -------------------------------------------------------------------------------- /screenshot/12_ret.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/screenshot/12_ret.gif -------------------------------------------------------------------------------- /screenshot/13_pebear.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/screenshot/13_pebear.png -------------------------------------------------------------------------------- /screenshot/14_kernel32base.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/screenshot/14_kernel32base.png -------------------------------------------------------------------------------- /screenshot/15_checkgadget.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/screenshot/15_checkgadget.png -------------------------------------------------------------------------------- /screenshot/16_pwned.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/screenshot/16_pwned.gif -------------------------------------------------------------------------------- /screenshot/1_DisableASLR.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/screenshot/1_DisableASLR.png -------------------------------------------------------------------------------- /screenshot/2_editExploit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/screenshot/2_editExploit.png -------------------------------------------------------------------------------- /screenshot/3_runExploit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/screenshot/3_runExploit.png -------------------------------------------------------------------------------- /screenshot/4_findPid.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/screenshot/4_findPid.png -------------------------------------------------------------------------------- /screenshot/5_attach.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/screenshot/5_attach.png -------------------------------------------------------------------------------- /screenshot/5_attach2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/screenshot/5_attach2.png -------------------------------------------------------------------------------- /screenshot/6_WinDbg_k.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/screenshot/6_WinDbg_k.png -------------------------------------------------------------------------------- /screenshot/6_WinDbg_k2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/screenshot/6_WinDbg_k2.png -------------------------------------------------------------------------------- /screenshot/6_WinDbg_~.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/screenshot/6_WinDbg_~.png -------------------------------------------------------------------------------- /screenshot/6_WinDbg_~0s.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/screenshot/6_WinDbg_~0s.png -------------------------------------------------------------------------------- /screenshot/7_WinDbg_gu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/screenshot/7_WinDbg_gu.png -------------------------------------------------------------------------------- /screenshot/8_enterExploit.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/screenshot/8_enterExploit.gif -------------------------------------------------------------------------------- /screenshot/9_ret2Main.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/screenshot/9_ret2Main.gif -------------------------------------------------------------------------------- /setting.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/setting.bat -------------------------------------------------------------------------------- /shellcode.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/shellcode.exe -------------------------------------------------------------------------------- /shellcode/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/shellcode/.gitignore -------------------------------------------------------------------------------- /shellcode/shellcode.sln: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/shellcode/shellcode.sln -------------------------------------------------------------------------------- /shellcode/shellcode/function_order.txt: -------------------------------------------------------------------------------- 1 | ?entryPoint@@YAHXZ -------------------------------------------------------------------------------- /shellcode/shellcode/mapfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/shellcode/shellcode/mapfile -------------------------------------------------------------------------------- /shellcode/shellcode/shellcode.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/shellcode/shellcode/shellcode.cpp -------------------------------------------------------------------------------- /shellcode/shellcode/shellcode.vcxproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/shellcode/shellcode/shellcode.vcxproj -------------------------------------------------------------------------------- /shellcode/shellcode/shellcode.vcxproj.filters: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/shellcode/shellcode/shellcode.vcxproj.filters -------------------------------------------------------------------------------- /shellcode/shellcode_test/shellcode_test.vcxproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/shellcode/shellcode_test/shellcode_test.vcxproj -------------------------------------------------------------------------------- /shellcode/shellcode_test/shellcode_test.vcxproj.filters: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/shellcode/shellcode_test/shellcode_test.vcxproj.filters -------------------------------------------------------------------------------- /shellcode/shellcode_test/test.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LJP-TW/Windows-Pwn-Step-by-Step/HEAD/shellcode/shellcode_test/test.cpp --------------------------------------------------------------------------------