BUU_PWN_EXP
这里会放我做过的pwn题的exp,只有exp,没有wp。(blog里有wp)
里面一般是直接用的buu平台提供的libc,所以很少写LibcSearch.
下面是目录,直接搜索可以找到对应的具体位置
tree /f
│ README.md
│
├─0x01_0x0F(Finish)
│ 0x2.rip.py
│ 0x3.warmup_csaw_2016.py
│ 0x4.pwn1_sctf_2016.py
│ 0x5.ciscn_2019_n_1.py
│ 0x6.jarvisoj_level0.py
│ 0x7.ciscn_2019_c_1(EXP1).py
│ 0x7.ciscn_2019_c_1(EXP2).py
│ 0x7.ciscn_2019_c_1(EXP3).py
│ 0x8.[OGeek2019]babyrop(EXP1).py
│ 0x8.[OGeek2019]babyrop(EXP2).py
│ 0x9.[第五空间2019 决赛]PWN5.py
│ 0xA.get_started_3dsctf_2016(EXP1).py
│ 0xA.get_started_3dsctf_2016(EXP2).py
│ 0xB.ciscn_2019_en_2.py
│ 0xC.jarvisoj_level2.py
│ 0xD.ciscn_2019_n_8.py
│ 0xE.not_the_same_3dsctf_2016.py
│ 0xF.bjdctf_2020_babystack.py
│
├─0x10_0x1F(Finish)
│ 0x10.[HarekazeCTF2019]baby_rop.py
│ 0x11.jarvisoj_level2_x64.py
│ 0x12.ciscn_2019_n_5(EXP1).py
│ 0x12.ciscn_2019_n_5(EXP2).py
│ 0x13.ciscn_2019_ne_5.py
│ 0x14.others_shellcode.py
│ 0x14.铁人三项(第五赛区)_2018_rop.py
│ 0x15.bjdctf_2020_babyrop.py
│ 0x16.babyheap_0ctf_2017.py
│ 0x17.pwn2_sctf_2016.py
│ 0x18.ciscn_2019_s_3.py
│ 0x19.[HarekazeCTF2019]baby_rop2.py
│ 0x1A.jarvisoj_fm.py
│ 0x1B.jarvisoj_tell_me_something.py
│ 0x1C.jarvisoj_level4.py
│ 0x1D.jarvisoj_level3.py
│ 0x1E.[Black Watch 入群题]PWN.py
│ 0x1F.bjdctf_2020_babystack2.py
│
├─0x20_0x2F(Finish)
│ 0x20.jarvisoj_level3_x64.py
│ 0x21.picoctf_2018_rop chain.py
│ 0x22.[ZJCTF 2019]EasyHeap.py
│ 0x23.bjdctf_2020_babyrop2.py
│ 0x24.jarvisoj_test_your_memory.py
│ 0x25.bjdctf_2020_router.py
│ 0x26.hitcontraining_uaf.py
│ 0x27.picoctf_2018_buffer overflow 1.py
│ 0x28.pwnable_orw.py
│ 0x29.wustctf2020_getshell.py
│ 0x2A.cmcc_simplerop.py
│ 0x2B.babyfengshui_33c3_2016.py
│ 0x2C.picoctf_2018_buffer overflow 2.py
│ 0x2D.xdctf2015_pwn200.py
│ 0x2E.mrctf2020_shellcode.py
│ 0x2F.bbys_tu_2016.py
│
└─0x30_0x3F(Updating)
0x30.jarvisoj_level1(EXP1).py
0x30.jarvisoj_level1(EXP2).py
0x31.inndy_rop(EXP1).py
0x31.inndy_rop(EXP2).py
0x31.inndy_rop(EXP3).py
0x31.inndy_rop(EXP4).py
0x35.others_babystack.py
0x36.pwnable_start.py