├── .gitignore ├── ChainBuilder.py ├── Exrop.py ├── Gadget.py ├── LICENSE ├── README.md ├── RopChain.py ├── Solver.py ├── examples ├── CJ2017_echo │ ├── echo │ ├── exploit.py │ ├── exploit_orw.py │ └── this_is_flag.txt ├── avoid_badchars.py ├── libc.so.6 ├── open-read-write.py ├── rop_emporium │ ├── badchars │ │ ├── badchars │ │ ├── exploit.py │ │ └── flag.txt │ ├── callme │ │ ├── callme │ │ ├── encrypted_flag.txt │ │ ├── exploit.py │ │ ├── key1.dat │ │ ├── key2.dat │ │ └── libcallme.so │ ├── fluff │ │ ├── exploit.py │ │ ├── flag.txt │ │ └── fluff │ ├── pivot │ │ ├── exploit.py │ │ ├── flag.txt │ │ ├── libpivot.so │ │ └── pivot │ ├── split │ │ ├── exploit.py │ │ ├── flag.txt │ │ └── split │ └── write4 │ │ ├── exploit.py │ │ ├── flag.txt │ │ └── write4 ├── set_regs_all.py └── syscall.py └── tests ├── badchar_add ├── badchar_xor ├── basic_pop ├── find_reg ├── find_reg_2 ├── find_reg_3 ├── fixed_invalid_find_reg ├── fixed_invalid_mov ├── fixed_invalid_pop ├── invalid_no_return ├── multi_pop ├── no-return ├── pivot ├── pop ├── syscall ├── test.py └── write /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/.gitignore -------------------------------------------------------------------------------- /ChainBuilder.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/ChainBuilder.py -------------------------------------------------------------------------------- /Exrop.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/Exrop.py -------------------------------------------------------------------------------- /Gadget.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/Gadget.py -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/README.md -------------------------------------------------------------------------------- /RopChain.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/RopChain.py -------------------------------------------------------------------------------- /Solver.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/Solver.py -------------------------------------------------------------------------------- /examples/CJ2017_echo/echo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/examples/CJ2017_echo/echo -------------------------------------------------------------------------------- /examples/CJ2017_echo/exploit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/examples/CJ2017_echo/exploit.py -------------------------------------------------------------------------------- /examples/CJ2017_echo/exploit_orw.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/examples/CJ2017_echo/exploit_orw.py -------------------------------------------------------------------------------- /examples/CJ2017_echo/this_is_flag.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/examples/CJ2017_echo/this_is_flag.txt -------------------------------------------------------------------------------- /examples/avoid_badchars.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/examples/avoid_badchars.py -------------------------------------------------------------------------------- /examples/libc.so.6: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/examples/libc.so.6 -------------------------------------------------------------------------------- /examples/open-read-write.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/examples/open-read-write.py -------------------------------------------------------------------------------- /examples/rop_emporium/badchars/badchars: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/examples/rop_emporium/badchars/badchars -------------------------------------------------------------------------------- /examples/rop_emporium/badchars/exploit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/examples/rop_emporium/badchars/exploit.py -------------------------------------------------------------------------------- /examples/rop_emporium/badchars/flag.txt: -------------------------------------------------------------------------------- 1 | ROPE{a_placeholder_32byte_flag!} 2 | -------------------------------------------------------------------------------- /examples/rop_emporium/callme/callme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/examples/rop_emporium/callme/callme -------------------------------------------------------------------------------- /examples/rop_emporium/callme/encrypted_flag.txt: -------------------------------------------------------------------------------- 1 | SMSA~gXxekhieactt`L''tnl|E}p|y>]! 2 | -------------------------------------------------------------------------------- /examples/rop_emporium/callme/exploit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/examples/rop_emporium/callme/exploit.py -------------------------------------------------------------------------------- /examples/rop_emporium/callme/key1.dat: -------------------------------------------------------------------------------- 1 |  2 |  -------------------------------------------------------------------------------- /examples/rop_emporium/callme/key2.dat: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /examples/rop_emporium/callme/libcallme.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/examples/rop_emporium/callme/libcallme.so -------------------------------------------------------------------------------- /examples/rop_emporium/fluff/exploit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/examples/rop_emporium/fluff/exploit.py -------------------------------------------------------------------------------- /examples/rop_emporium/fluff/flag.txt: -------------------------------------------------------------------------------- 1 | ROPE{a_placeholder_32byte_flag!} 2 | -------------------------------------------------------------------------------- /examples/rop_emporium/fluff/fluff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/examples/rop_emporium/fluff/fluff -------------------------------------------------------------------------------- /examples/rop_emporium/pivot/exploit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/examples/rop_emporium/pivot/exploit.py -------------------------------------------------------------------------------- /examples/rop_emporium/pivot/flag.txt: -------------------------------------------------------------------------------- 1 | ROPE{a_placeholder_32byte_flag!} 2 | -------------------------------------------------------------------------------- /examples/rop_emporium/pivot/libpivot.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/examples/rop_emporium/pivot/libpivot.so -------------------------------------------------------------------------------- /examples/rop_emporium/pivot/pivot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/examples/rop_emporium/pivot/pivot -------------------------------------------------------------------------------- /examples/rop_emporium/split/exploit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/examples/rop_emporium/split/exploit.py -------------------------------------------------------------------------------- /examples/rop_emporium/split/flag.txt: -------------------------------------------------------------------------------- 1 | ROPE{a_placeholder_32byte_flag!} 2 | -------------------------------------------------------------------------------- /examples/rop_emporium/split/split: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/examples/rop_emporium/split/split -------------------------------------------------------------------------------- /examples/rop_emporium/write4/exploit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/examples/rop_emporium/write4/exploit.py -------------------------------------------------------------------------------- /examples/rop_emporium/write4/flag.txt: -------------------------------------------------------------------------------- 1 | ROPE{a_placeholder_32byte_flag!} 2 | -------------------------------------------------------------------------------- /examples/rop_emporium/write4/write4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/examples/rop_emporium/write4/write4 -------------------------------------------------------------------------------- /examples/set_regs_all.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/examples/set_regs_all.py -------------------------------------------------------------------------------- /examples/syscall.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/examples/syscall.py -------------------------------------------------------------------------------- /tests/badchar_add: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/tests/badchar_add -------------------------------------------------------------------------------- /tests/badchar_xor: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/tests/badchar_xor -------------------------------------------------------------------------------- /tests/basic_pop: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/tests/basic_pop -------------------------------------------------------------------------------- /tests/find_reg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/tests/find_reg -------------------------------------------------------------------------------- /tests/find_reg_2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/tests/find_reg_2 -------------------------------------------------------------------------------- /tests/find_reg_3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/tests/find_reg_3 -------------------------------------------------------------------------------- /tests/fixed_invalid_find_reg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/tests/fixed_invalid_find_reg -------------------------------------------------------------------------------- /tests/fixed_invalid_mov: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/tests/fixed_invalid_mov -------------------------------------------------------------------------------- /tests/fixed_invalid_pop: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/tests/fixed_invalid_pop -------------------------------------------------------------------------------- /tests/invalid_no_return: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/tests/invalid_no_return -------------------------------------------------------------------------------- /tests/multi_pop: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/tests/multi_pop -------------------------------------------------------------------------------- /tests/no-return: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/tests/no-return -------------------------------------------------------------------------------- /tests/pivot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/tests/pivot -------------------------------------------------------------------------------- /tests/pop: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/tests/pop -------------------------------------------------------------------------------- /tests/syscall: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/tests/syscall -------------------------------------------------------------------------------- /tests/test.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/tests/test.py -------------------------------------------------------------------------------- /tests/write: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d4em0n/exrop/HEAD/tests/write --------------------------------------------------------------------------------