├── .gitignore ├── README.md ├── linux_arm_stack ├── arm_pwn_typo │ ├── exp.py │ ├── exp_rop.py │ ├── pwn.md │ └── typo ├── arm_pwn_websrv │ ├── backdoor │ ├── exp.py │ ├── pwn.md │ ├── test_shellcode.py │ ├── websrv_easy │ │ ├── webroot │ │ │ └── index.html │ │ ├── websrv │ │ └── websrv_nofork │ └── websrv_hard │ │ ├── test │ │ ├── webroot │ │ └── index.html │ │ └── websrv └── qemu_system.md ├── linux_mips_stack ├── mips_iot_cc │ ├── exp.py │ ├── img │ │ └── diff.png │ └── pwn.md ├── mips_pwn_1 │ ├── exp.py │ ├── exp_rop.py │ ├── pwm.md │ └── pwn └── mips_pwn_Mplogin │ ├── Mplogin │ ├── Mplogin.zip │ ├── exp.py │ └── pwn.md ├── linux_x86_format_string ├── exp1.py ├── format_string_exp.md ├── leakmemory ├── leakmemory.c ├── overwrite └── overwrite.c ├── linux_x86_heap └── how2heap │ ├── first_fit │ ├── first_fit.c │ └── pwn.md ├── linux_x86_stack_overflow ├── pwn0_stack_overflow │ ├── core │ ├── exp.py │ ├── pwn0 │ ├── pwn0.c │ └── pwn0.md ├── pwn1_ret2shellcode │ ├── exp.py │ ├── pwn1.md │ └── ret2shellcode ├── pwn2_ret2syscall │ ├── exp.py │ ├── pwn2.md │ └── ret2syscall ├── pwn3_ret2libc │ ├── exp1.py │ ├── exp2.py │ ├── exp3.py │ ├── pwn3.md │ ├── ret2libc1 │ ├── ret2libc2 │ └── ret2libc3 ├── pwn4_ret2csu │ ├── exp.py │ ├── pwn4 │ ├── pwn4.c │ └── pwn4.md └── pwn5_ret2dlresolve │ ├── exp1.py │ ├── exp2.py │ ├── exp3.py │ ├── norelro_32 │ ├── norelro_64 │ ├── partial_relro_32 │ ├── pwn5.c │ └── pwn5.md └── test ├── test └── test.c /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/.gitignore -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/README.md -------------------------------------------------------------------------------- /linux_arm_stack/arm_pwn_typo/exp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_arm_stack/arm_pwn_typo/exp.py -------------------------------------------------------------------------------- /linux_arm_stack/arm_pwn_typo/exp_rop.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_arm_stack/arm_pwn_typo/exp_rop.py -------------------------------------------------------------------------------- /linux_arm_stack/arm_pwn_typo/pwn.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_arm_stack/arm_pwn_typo/pwn.md -------------------------------------------------------------------------------- /linux_arm_stack/arm_pwn_typo/typo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_arm_stack/arm_pwn_typo/typo -------------------------------------------------------------------------------- /linux_arm_stack/arm_pwn_websrv/backdoor: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_arm_stack/arm_pwn_websrv/backdoor -------------------------------------------------------------------------------- /linux_arm_stack/arm_pwn_websrv/exp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_arm_stack/arm_pwn_websrv/exp.py -------------------------------------------------------------------------------- /linux_arm_stack/arm_pwn_websrv/pwn.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_arm_stack/arm_pwn_websrv/pwn.md -------------------------------------------------------------------------------- /linux_arm_stack/arm_pwn_websrv/test_shellcode.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_arm_stack/arm_pwn_websrv/test_shellcode.py -------------------------------------------------------------------------------- /linux_arm_stack/arm_pwn_websrv/websrv_easy/webroot/index.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_arm_stack/arm_pwn_websrv/websrv_easy/webroot/index.html -------------------------------------------------------------------------------- /linux_arm_stack/arm_pwn_websrv/websrv_easy/websrv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_arm_stack/arm_pwn_websrv/websrv_easy/websrv -------------------------------------------------------------------------------- /linux_arm_stack/arm_pwn_websrv/websrv_easy/websrv_nofork: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_arm_stack/arm_pwn_websrv/websrv_easy/websrv_nofork -------------------------------------------------------------------------------- /linux_arm_stack/arm_pwn_websrv/websrv_hard/test: -------------------------------------------------------------------------------- 1 | vuln 2 | -------------------------------------------------------------------------------- /linux_arm_stack/arm_pwn_websrv/websrv_hard/webroot/index.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_arm_stack/arm_pwn_websrv/websrv_hard/webroot/index.html -------------------------------------------------------------------------------- /linux_arm_stack/arm_pwn_websrv/websrv_hard/websrv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_arm_stack/arm_pwn_websrv/websrv_hard/websrv -------------------------------------------------------------------------------- /linux_arm_stack/qemu_system.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_arm_stack/qemu_system.md -------------------------------------------------------------------------------- /linux_mips_stack/mips_iot_cc/exp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_mips_stack/mips_iot_cc/exp.py -------------------------------------------------------------------------------- /linux_mips_stack/mips_iot_cc/img/diff.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_mips_stack/mips_iot_cc/img/diff.png -------------------------------------------------------------------------------- /linux_mips_stack/mips_iot_cc/pwn.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_mips_stack/mips_iot_cc/pwn.md -------------------------------------------------------------------------------- /linux_mips_stack/mips_pwn_1/exp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_mips_stack/mips_pwn_1/exp.py -------------------------------------------------------------------------------- /linux_mips_stack/mips_pwn_1/exp_rop.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_mips_stack/mips_pwn_1/exp_rop.py -------------------------------------------------------------------------------- /linux_mips_stack/mips_pwn_1/pwm.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_mips_stack/mips_pwn_1/pwm.md -------------------------------------------------------------------------------- /linux_mips_stack/mips_pwn_1/pwn: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_mips_stack/mips_pwn_1/pwn -------------------------------------------------------------------------------- /linux_mips_stack/mips_pwn_Mplogin/Mplogin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_mips_stack/mips_pwn_Mplogin/Mplogin -------------------------------------------------------------------------------- /linux_mips_stack/mips_pwn_Mplogin/Mplogin.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_mips_stack/mips_pwn_Mplogin/Mplogin.zip -------------------------------------------------------------------------------- /linux_mips_stack/mips_pwn_Mplogin/exp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_mips_stack/mips_pwn_Mplogin/exp.py -------------------------------------------------------------------------------- /linux_mips_stack/mips_pwn_Mplogin/pwn.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_mips_stack/mips_pwn_Mplogin/pwn.md -------------------------------------------------------------------------------- /linux_x86_format_string/exp1.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_format_string/exp1.py -------------------------------------------------------------------------------- /linux_x86_format_string/format_string_exp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_format_string/format_string_exp.md -------------------------------------------------------------------------------- /linux_x86_format_string/leakmemory: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_format_string/leakmemory -------------------------------------------------------------------------------- /linux_x86_format_string/leakmemory.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_format_string/leakmemory.c -------------------------------------------------------------------------------- /linux_x86_format_string/overwrite: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_format_string/overwrite -------------------------------------------------------------------------------- /linux_x86_format_string/overwrite.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_format_string/overwrite.c -------------------------------------------------------------------------------- /linux_x86_heap/how2heap/first_fit: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_heap/how2heap/first_fit -------------------------------------------------------------------------------- /linux_x86_heap/how2heap/first_fit.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_heap/how2heap/first_fit.c -------------------------------------------------------------------------------- /linux_x86_heap/how2heap/pwn.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_heap/how2heap/pwn.md -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn0_stack_overflow/core: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn0_stack_overflow/core -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn0_stack_overflow/exp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn0_stack_overflow/exp.py -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn0_stack_overflow/pwn0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn0_stack_overflow/pwn0 -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn0_stack_overflow/pwn0.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn0_stack_overflow/pwn0.c -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn0_stack_overflow/pwn0.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn0_stack_overflow/pwn0.md -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn1_ret2shellcode/exp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn1_ret2shellcode/exp.py -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn1_ret2shellcode/pwn1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn1_ret2shellcode/pwn1.md -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn1_ret2shellcode/ret2shellcode: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn1_ret2shellcode/ret2shellcode -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn2_ret2syscall/exp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn2_ret2syscall/exp.py -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn2_ret2syscall/pwn2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn2_ret2syscall/pwn2.md -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn2_ret2syscall/ret2syscall: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn2_ret2syscall/ret2syscall -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn3_ret2libc/exp1.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn3_ret2libc/exp1.py -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn3_ret2libc/exp2.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn3_ret2libc/exp2.py -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn3_ret2libc/exp3.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn3_ret2libc/exp3.py -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn3_ret2libc/pwn3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn3_ret2libc/pwn3.md -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn3_ret2libc/ret2libc1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn3_ret2libc/ret2libc1 -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn3_ret2libc/ret2libc2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn3_ret2libc/ret2libc2 -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn3_ret2libc/ret2libc3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn3_ret2libc/ret2libc3 -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn4_ret2csu/exp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn4_ret2csu/exp.py -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn4_ret2csu/pwn4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn4_ret2csu/pwn4 -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn4_ret2csu/pwn4.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn4_ret2csu/pwn4.c -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn4_ret2csu/pwn4.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn4_ret2csu/pwn4.md -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn5_ret2dlresolve/exp1.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn5_ret2dlresolve/exp1.py -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn5_ret2dlresolve/exp2.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn5_ret2dlresolve/exp2.py -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn5_ret2dlresolve/exp3.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn5_ret2dlresolve/exp3.py -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn5_ret2dlresolve/norelro_32: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn5_ret2dlresolve/norelro_32 -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn5_ret2dlresolve/norelro_64: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn5_ret2dlresolve/norelro_64 -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn5_ret2dlresolve/partial_relro_32: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn5_ret2dlresolve/partial_relro_32 -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn5_ret2dlresolve/pwn5.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn5_ret2dlresolve/pwn5.c -------------------------------------------------------------------------------- /linux_x86_stack_overflow/pwn5_ret2dlresolve/pwn5.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/linux_x86_stack_overflow/pwn5_ret2dlresolve/pwn5.md -------------------------------------------------------------------------------- /test/test: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/test/test -------------------------------------------------------------------------------- /test/test.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/pwn-exercise-iot/HEAD/test/test.c --------------------------------------------------------------------------------