├── ASLR-Bypass ├── memoryleak │ ├── exploit.py │ ├── garbage │ └── pattern └── ret2plt │ ├── exploit.py │ ├── exploit_pwn.py │ ├── ret2plt │ └── ret2plt.c ├── Misc ├── badchars.txt ├── cmdShell.py └── struct_helper.py ├── OSCP-Exercises ├── brainpan │ ├── exploit.py │ └── fuzzer.py ├── crossfire │ ├── PoC.py │ ├── crossfire.tar.gz │ ├── exploit.py │ └── fuzzer.py ├── ftp │ ├── exploit.py │ └── fuzzer.py └── slmail │ ├── exploit.py │ └── fuzzer.py ├── README.md └── ROP-Emporium └── 32Bit ├── ROP_Notes.md ├── badchars32 ├── badchars.py ├── badchars32 ├── exploit.py ├── flag.txt └── rop.txt ├── callme32 ├── callme.py ├── callme32 ├── encrypted_flag.txt ├── key1.dat ├── key2.dat ├── libcallme32.so └── rop.txt ├── fluff32 ├── exploit.py ├── flag.txt ├── fluff32 └── notes.md ├── ret2win32 ├── exploit.py ├── exploit_struct.py ├── flag.txt ├── peda-session-ret2win32.txt ├── ret2win32 └── rop.txt ├── split32 ├── exploit.py ├── flag.txt ├── peda-session-split32.txt ├── rop.txt └── split32 └── write32 ├── exploit.py ├── flag.txt ├── peda-session-write432.txt ├── rop.txt └── write432 /ASLR-Bypass/memoryleak/exploit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ASLR-Bypass/memoryleak/exploit.py -------------------------------------------------------------------------------- /ASLR-Bypass/memoryleak/garbage: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ASLR-Bypass/memoryleak/garbage -------------------------------------------------------------------------------- /ASLR-Bypass/memoryleak/pattern: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ASLR-Bypass/memoryleak/pattern -------------------------------------------------------------------------------- /ASLR-Bypass/ret2plt/exploit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ASLR-Bypass/ret2plt/exploit.py -------------------------------------------------------------------------------- /ASLR-Bypass/ret2plt/exploit_pwn.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ASLR-Bypass/ret2plt/exploit_pwn.py -------------------------------------------------------------------------------- /ASLR-Bypass/ret2plt/ret2plt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ASLR-Bypass/ret2plt/ret2plt -------------------------------------------------------------------------------- /ASLR-Bypass/ret2plt/ret2plt.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ASLR-Bypass/ret2plt/ret2plt.c -------------------------------------------------------------------------------- /Misc/badchars.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/Misc/badchars.txt -------------------------------------------------------------------------------- /Misc/cmdShell.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/Misc/cmdShell.py -------------------------------------------------------------------------------- /Misc/struct_helper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/Misc/struct_helper.py -------------------------------------------------------------------------------- /OSCP-Exercises/brainpan/exploit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/OSCP-Exercises/brainpan/exploit.py -------------------------------------------------------------------------------- /OSCP-Exercises/brainpan/fuzzer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/OSCP-Exercises/brainpan/fuzzer.py -------------------------------------------------------------------------------- /OSCP-Exercises/crossfire/PoC.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/OSCP-Exercises/crossfire/PoC.py -------------------------------------------------------------------------------- /OSCP-Exercises/crossfire/crossfire.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/OSCP-Exercises/crossfire/crossfire.tar.gz -------------------------------------------------------------------------------- /OSCP-Exercises/crossfire/exploit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/OSCP-Exercises/crossfire/exploit.py -------------------------------------------------------------------------------- /OSCP-Exercises/crossfire/fuzzer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/OSCP-Exercises/crossfire/fuzzer.py -------------------------------------------------------------------------------- /OSCP-Exercises/ftp/exploit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/OSCP-Exercises/ftp/exploit.py -------------------------------------------------------------------------------- /OSCP-Exercises/ftp/fuzzer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/OSCP-Exercises/ftp/fuzzer.py -------------------------------------------------------------------------------- /OSCP-Exercises/slmail/exploit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/OSCP-Exercises/slmail/exploit.py -------------------------------------------------------------------------------- /OSCP-Exercises/slmail/fuzzer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/OSCP-Exercises/slmail/fuzzer.py -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/README.md -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/ROP_Notes.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ROP-Emporium/32Bit/ROP_Notes.md -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/badchars32/badchars.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ROP-Emporium/32Bit/badchars32/badchars.py -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/badchars32/badchars32: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ROP-Emporium/32Bit/badchars32/badchars32 -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/badchars32/exploit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ROP-Emporium/32Bit/badchars32/exploit.py -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/badchars32/flag.txt: -------------------------------------------------------------------------------- 1 | ROPE{a_placeholder_32byte_flag!} 2 | -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/badchars32/rop.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ROP-Emporium/32Bit/badchars32/rop.txt -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/callme32/callme.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ROP-Emporium/32Bit/callme32/callme.py -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/callme32/callme32: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ROP-Emporium/32Bit/callme32/callme32 -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/callme32/encrypted_flag.txt: -------------------------------------------------------------------------------- 1 | SMSA~gXxekhieactt`L''tnl|E}p|y>]! 2 | -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/callme32/key1.dat: -------------------------------------------------------------------------------- 1 |  2 |  -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/callme32/key2.dat: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/callme32/libcallme32.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ROP-Emporium/32Bit/callme32/libcallme32.so -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/callme32/rop.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ROP-Emporium/32Bit/callme32/rop.txt -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/fluff32/exploit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ROP-Emporium/32Bit/fluff32/exploit.py -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/fluff32/flag.txt: -------------------------------------------------------------------------------- 1 | ROPE{a_placeholder_32byte_flag!} 2 | -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/fluff32/fluff32: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ROP-Emporium/32Bit/fluff32/fluff32 -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/fluff32/notes.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ROP-Emporium/32Bit/fluff32/notes.md -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/ret2win32/exploit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ROP-Emporium/32Bit/ret2win32/exploit.py -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/ret2win32/exploit_struct.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ROP-Emporium/32Bit/ret2win32/exploit_struct.py -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/ret2win32/flag.txt: -------------------------------------------------------------------------------- 1 | ROPE{a_placeholder_32byte_flag!} 2 | -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/ret2win32/peda-session-ret2win32.txt: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/ret2win32/ret2win32: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ROP-Emporium/32Bit/ret2win32/ret2win32 -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/ret2win32/rop.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ROP-Emporium/32Bit/ret2win32/rop.txt -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/split32/exploit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ROP-Emporium/32Bit/split32/exploit.py -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/split32/flag.txt: -------------------------------------------------------------------------------- 1 | ROPE{a_placeholder_32byte_flag!} 2 | -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/split32/peda-session-split32.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ROP-Emporium/32Bit/split32/peda-session-split32.txt -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/split32/rop.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ROP-Emporium/32Bit/split32/rop.txt -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/split32/split32: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ROP-Emporium/32Bit/split32/split32 -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/write32/exploit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ROP-Emporium/32Bit/write32/exploit.py -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/write32/flag.txt: -------------------------------------------------------------------------------- 1 | ROPE{a_placeholder_32byte_flag!} 2 | -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/write32/peda-session-write432.txt: -------------------------------------------------------------------------------- 1 | break *0x080486da 2 | 3 | -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/write32/rop.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ROP-Emporium/32Bit/write32/rop.txt -------------------------------------------------------------------------------- /ROP-Emporium/32Bit/write32/write432: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tagnullde/Exploit-Development/HEAD/ROP-Emporium/32Bit/write32/write432 --------------------------------------------------------------------------------