pwn-exploits

SKILL.md

| PIE | Enabled | Need address leak for code/data addresses | | PIE | Disabled | Can use hardcoded addresses directly | | NX | Enabled | Cannot execute shellcode on stack, use ROP | | NX | Disabled | Can write shellcode to buffer and execute | | Stack Canary | Enabled | Need canary leak or bypass technique |

| Stack Canary | Disabled | Direct buffer overflow exploitation | | RELRO Full | Enabled | Cannot overwrite GOT entries | | RELRO Partial | Enabled | Can overwrite GOT for hijacking |

| Generate cyclic pattern | cyclic(500) | | Find offset from crash | cyclicfind(b'caaa') or cyclicfind(0x61616161) | | Pack 64-bit integer | p64(0x401000) | | Pack 32-bit integer | p32(0x08048000) | | Unpack 64-bit bytes | u64(data.ljust(8, b'\x00')) | | Unpack 32-bit bytes | u32(data.ljust(4, b'\x00')) |

Original anzeigen