{"id":13539095,"url":"https://github.com/xairy/easy-linux-pwn","last_synced_at":"2025-04-05T15:06:02.909Z","repository":{"id":37334565,"uuid":"180017142","full_name":"xairy/easy-linux-pwn","owner":"xairy","description":"A set of Linux binary exploitation tasks for beginners on various architectures","archived":false,"fork":false,"pushed_at":"2021-12-26T23:55:58.000Z","size":49,"stargazers_count":531,"open_issues_count":0,"forks_count":93,"subscribers_count":20,"default_branch":"master","last_synced_at":"2025-03-29T14:06:44.622Z","etag":null,"topics":["arm","mips","powerpc","pwn","rop","shellcode","x86"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc-by-4.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/xairy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-04-07T20:03:13.000Z","updated_at":"2025-03-25T04:25:47.000Z","dependencies_parsed_at":"2022-07-12T11:54:58.557Z","dependency_job_id":null,"html_url":"https://github.com/xairy/easy-linux-pwn","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xairy%2Feasy-linux-pwn","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xairy%2Feasy-linux-pwn/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xairy%2Feasy-linux-pwn/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xairy%2Feasy-linux-pwn/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/xairy","download_url":"https://codeload.github.com/xairy/easy-linux-pwn/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247353731,"owners_count":20925329,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["arm","mips","powerpc","pwn","rop","shellcode","x86"],"created_at":"2024-08-01T09:01:20.148Z","updated_at":"2025-04-05T15:06:02.889Z","avatar_url":"https://github.com/xairy.png","language":"Python","funding_links":[],"categories":["\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing"],"sub_categories":["\u003ca id=\"41ae40ed61ab2b61f2971fea3ec26e7c\"\u003e\u003c/a\u003e漏洞利用"],"readme":"Easy Linux PWN\n==============\n\nThis is a set of Linux binary exploitation tasks for beginners. Right now they are only oriented on stack buffer-overflows.\n\nI've created these tasks to learn how to do simple binary exploitation on different architectures.\nFor educational purposes while solving the tasks you have to follow a set of rules listed below.\nThe tasks are made deliberately small and some of the rules are deliberately unrealistic.\nContrary to most CTF challenges, in these tasks the solution is given to you, you just have to implement it.\n\n\n## Rules\n\n1. All tasks must be solved using the suggested approach even if there are other easier ways.\n\n2. All tasks must be solved with specific protections assumed to be enabled or disabled (even if the architecture, the toolchain or the environment doesn't support it).\n\n3. All tasks assume a dynamically linked libc with a known binary.\n\n4. All ROP chains must be built manually.\n\n\n## Tasks\n\n### Suggested approaches\n\n1. [01-local-overflow](src/01-local-overflow.c):\noverflow `buffer` and overwrite `x` with the desired value.\n\n2. [02-overwrite-ret](src/02-overwrite-ret.c):\noverwrite any of the return addresses on stack with the address of `not_called()`.\n\n3. [03-one-gadget](src/03-one-gadget.c):\njump to a [one\\_gadget](https://github.com/david942j/one_gadget) address.\nMake sure to satisfy the required constaints if there are any.\nFor some of the architectures this might require using a ROP chain, which technically makes \"one\\_gadget\" no longer \"one\".\n\n4. [04-shellcode-static](src/04-shellcode-static.c):\nallocate a shellcode on the stack that launches `/bin/sh` and jump to it.\nAssume that the shellcode address on the stack is known.\nNo need to deal with [cache coherency](https://blog.senr.io/blog/why-is-my-perfectly-good-shellcode-not-working-cache-coherency-on-mips-and-arm) on ARM, MIPS and PowerPC.\n\n5. [05-shellcode-dynamic](src/05-shellcode-dynamic.c):\nsame as the previous task, but here the stack address (and therefore the shellcode address on the stack) is unknown.\n\n6. [06-system-rop](src/06-system-rop.c):\ncompose a ROP chain to execute `system(\"/bin/sh\")`.\n\n7. [07-execve-rop](src/07-execve-rop.c):\ncompose a ROP chain to execute `execve(\"/bin/sh\", NULL, NULL)` via a syscall.\nExplicitly specify the second and third arguments.\n\n8. [08-overwrite-global](src/08-overwrite-global.c):\ncompose a ROP chain to overwrite `x` with the desired value and then jump to `not_called()`.\n\n\n### Protections\n\nBlank spaces mean the protection state is not relevant for the suggested approach.\n\n| Task | Binary\\* | Stack\\* | Libc\\* | Canary | NX | RELRO |\n| :---: | :---: | :---: | :---: | :---: | :---: | :---: |\n| [01-local-overflow](src/01-local-overflow.c) | | | | No | | |\n| [02-overwrite-ret](src/02-overwrite-ret.c) | Known | | Known | No | | |\n| [03-one-gadget](src/03-one-gadget.c) | Known | | Known | No | | |\n| [04-shellcode-static](src/04-shellcode-static.c) | | Known | | No | No | |\n| [05-shellcode-dynamic](src/05-shellcode-dynamic.c) | Known | | Known | No | No | |\n| [06-system-rop](src/06-system-rop.c) | Known | | Known | No | | |\n| [07-execve-rop](src/07-execve-rop.c) | Known | | Known | No | | |\n| [08-overwrite-global](src/08-overwrite-global.c) | Known | | Known | No | | |\n\n__\\*__ - refers to the address of the binary, stack or libc. This allows to specify a more fine-grained control than traditional ASLR/PIE.\n\nTo disable ALSR:\n\n``` bash\necho 0 | sudo tee /proc/sys/kernel/randomize_va_space\n```\n\nTo enable ASLR:\n\n``` bash\necho 2 | sudo tee /proc/sys/kernel/randomize_va_space\n```\n\n\n## Solutions\n\nThese solutions are provided only for reference and are not portable (they contain hardcoded addresses and offsets and were only tested in a single environment).\n\n| Task | x86 | x86-64 | arm | arm64 | mips | mips64 | ppc | ppc64 | sparc64 |\n| :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: |\n| [01-local-overflow](src/01-local-overflow.c) | [+](pwn/x86/01-local-overflow.py) | [+](pwn/x86-64/01-local-overflow.py) | [+](pwn/arm/01-local-overflow.py) | [+](pwn/arm64/01-local-overflow.py) | [+](pwn/mips/01-local-overflow.py) | [+](pwn/mips64/01-local-overflow.py) | [+](pwn/ppc/01-local-overflow.py) | [+](pwn/ppc64/01-local-overflow.py) | [+](pwn/sparc64/01-local-overflow.py) |\n| [02-overwrite-ret](src/02-overwrite-ret.c) | [+](pwn/x86/02-overwrite-ret.py) | [+](pwn/x86-64/02-overwrite-ret.py) | [+](pwn/arm/02-overwrite-ret.py) | [+](pwn/arm64/02-overwrite-ret.py) | [+](pwn/mips/02-overwrite-ret.py) | [+](pwn/mips64/02-overwrite-ret.py) | [+](pwn/ppc/02-overwrite-ret.py) | [+](pwn/ppc64/02-overwrite-ret.py) | [+](pwn/sparc64/02-overwrite-ret.py) |\n| [03-one-gadget](src/03-one-gadget.c) | [+](pwn/x86/03-one-gadget.py) | [+](pwn/x86-64/03-one-gadget.py) | | [+](pwn/arm64/03-one-gadget.py) | | | | | |\n| [04-shellcode-static](src/04-shellcode-static.c) | [+](pwn/x86/04-shellcode-static.py) | [+](pwn/x86-64/04-shellcode-static.py) | [+](pwn/arm/04-shellcode-static.py) | [+](pwn/arm64/04-shellcode-static.py) | [+](pwn/mips/04-shellcode-static.py) | [+](pwn/mips64/04-shellcode-static.py) | [+](pwn/ppc/04-shellcode-static.py) | [+](pwn/ppc64/04-shellcode-static.py) | |\n| [05-shellcode-dynamic](src/05-shellcode-dynamic.c) | [+](pwn/x86/05-shellcode-dynamic.py) | [+](pwn/x86-64/05-shellcode-dynamic.py) | [+](pwn/arm/05-shellcode-dynamic.py) | [+](pwn/arm64/05-shellcode-dynamic.py) | [+](pwn/mips/05-shellcode-dynamic.py) | [+](pwn/mips64/05-shellcode-dynamic.py) | [+](pwn/ppc/05-shellcode-dynamic.py) | | |\n| [06-system-rop](src/06-system-rop.c) | [+](pwn/x86/06-system-rop.py) | [+](pwn/x86-64/06-system-rop.py) | [+](pwn/arm/06-system-rop.py) | [+](pwn/arm64/06-system-rop.py) | [+](pwn/mips/06-system-rop.py) | [+](pwn/mips64/06-system-rop.py) | [+](pwn/ppc/06-system-rop.py) | [+](pwn/ppc64/06-system-rop.py) | |\n| [07-execve-rop](src/07-execve-rop.c) | [+](pwn/x86/07-execve-rop.py) | [+](pwn/x86-64/07-execve-rop.py) | [+](pwn/arm/07-execve-rop.py) | [+](pwn/arm64/07-execve-rop.py) | [+](pwn/mips/07-execve-rop.py) | [+](pwn/mips64/07-execve-rop.py) | [+](pwn/ppc/07-execve-rop.py) | [+](pwn/ppc64/07-execve-rop.py) | |\n| [08-overwrite-global](src/08-overwrite-global.c) | [+](pwn/x86/08-overwrite-global.py) | [+](pwn/x86-64/08-overwrite-global.py) | [+](pwn/arm/08-overwrite-global.py) | [+](pwn/arm64/08-overwrite-global.py) | [+](pwn/mips/08-overwrite-global.py) | [+](pwn/mips64/08-overwrite-global.py) | [+](pwn/ppc/08-overwrite-global.py) | [+](pwn/ppc64/08-overwrite-global.py) | |\n\n\n## Prerequisites\n\nThe tasks were tested on x86-64 CPU machine with Linux Mint 19.1 and the following software versions:\n\n| Software | Version |\n| :---: | :---: |\n| GCC | (Ubuntu 7.3.0-27ubuntu1~18.04) 7.3.0 |\n| glibc | (Ubuntu GLIBC 2.27-3ubuntu1) 2.27 |\n| QEMU | 2.11.1(Debian 1:2.11+dfsg-1ubuntu7.12) |\n| GDB | (Ubuntu 8.1-0ubuntu3) 8.1.0.20180409-git |\n| pwntools | 3.12.2 |\n| Ropper | 1.11.13 |\n\nIssues:\n\n1. `qemu-ppc64` requires a newer QEMU (with [this](https://patchwork.kernel.org/patch/10243489/) patch), so you'll need to build QEMU from source.\nIf the manually built QEMU doesn't know where to look for dynamic libs, run `export QEMU_LD_PREFIX=/etc/qemu-binfmt/ppc64/` before using `pwntools`.\n\n2. `ropper` has poor support for `ppc` and `ppc64`, so [this](https://github.com/sashs/Ropper/pull/98) patch is recommended to recognize more gadgets.\n\n3. `ropper` doesn't recognize `ppc64` binaries automatically and requires [this](https://github.com/sashs/Ropper/pull/100) patch (you may also explicitly provide `--arch PPC64`).\n\n4. `pwntools` doesn't set arch name for GDB for `sparc64` correctly and requires [this](https://github.com/Gallopsled/pwntools/pull/1292) patch.\n\n5. `ropper` (nor `ROPgadget`) doesn't support `sparc64` and requires [this](https://github.com/sashs/Ropper/pull/101) patch.\n\n\n### Setup\n\nInstall packages:\n\n``` bash\nsudo apt-get install build-essential\nsudo apt-get install gcc-arm-linux-gnueabihf gcc-aarch64-linux-gnu gcc-mips-linux-gnu gcc-mips64-linux-gnuabi64 gcc-powerpc-linux-gnu gcc-powerpc64-linux-gnu gcc-sparc64-linux-gnu\nsudo apt-get install libc6-dev:i386 libc6-armhf-cross libc6-arm64-cross libc6-mips-cross libc6-mips64-cross libc6-powerpc-cross libc6-ppc64-cross libc6-sparc64-cross\nsudo apt-get install qemu-user\nsudo apt-get install gdb gdb-multiarch\n\n# These are probably not required, but just in case:\n# sudo apt-get install gcc-7-multilib gcc-multilib-arm-linux-gnueabi gcc-multilib-mips-linux-gnu gcc-multilib-mips64-linux-gnuabi64 gcc-multilib-powerpc-linux-gnu gcc-multilib-powerpc64-linux-gnu\n```\n\nBuild the binaries:\n\n``` bash\n./build.sh\n```\n\nInstall pwntools and ropper (assuming that you have `pip` installed):\n\n``` bash\npip install --user pwntools ropper\n```\n\nSetup `qemu-binfmt` for QEMU and pwntools:\n\n``` bash\nsudo mkdir /etc/qemu-binfmt\nsudo ln -s /usr/arm-linux-gnueabihf/ /etc/qemu-binfmt/arm\nsudo ln -s /usr/aarch64-linux-gnu /etc/qemu-binfmt/aarch64\nsudo ln -s /usr/mips-linux-gnu/ /etc/qemu-binfmt/mips\nsudo ln -s /usr/mips64-linux-gnuabi64/ /etc/qemu-binfmt/mips64\nsudo ln -s /usr/powerpc-linux-gnu/ /etc/qemu-binfmt/ppc\nsudo ln -s /usr/powerpc64-linux-gnu/ /etc/qemu-binfmt/ppc64\nsudo ln -s /usr/sparc64-linux-gnu/ /etc/qemu-binfmt/sparc64\n```\n\n\n### More\n\nIn case you want to run the binaries and QEMU manually:\n\n``` bash\ngdbserver --no-disable-randomization localhost:1234 ./bin/x86/00-hello-pwn\ngdbserver --no-disable-randomization localhost:1234 ./bin/x86-64/00-hello-pwn\nqemu-arm -L /usr/arm-linux-gnueabihf/ -g 1234 ./bin/arm/00-hello-pwn\nqemu-aarch64 -L /usr/aarch64-linux-gnu/ -g 1234 ./bin/arm64/00-hello-pwn\nqemu-mips -L /usr/mips-linux-gnu/ -g 1234 ./bin/mips/00-hello-pwn\nqemu-mips64 -L /usr/mips64-linux-gnuabi64/ -g 1234 ./bin/mips64/00-hello-pwn\nqemu-ppc -L /usr/powerpc-linux-gnu/ -g 1234 ./bin/ppc/00-hello-pwn\nqemu-ppc64 -L /usr/powerpc64-linux-gnu/ -g 1234 ./bin/ppc64/00-hello-pwn\nqemu-sparc64 -L /usr/sparc64-linux-gnu/ -g 1234 ./bin/sparc64/00-hello-pwn\n```\n\n``` bash\ngdb -q -ex \"set architecture i386\" -ex \"set solib-search-path /lib/i386-linux-gnu/\" -ex \"target remote localhost:1234\" ./bin/x86/00-hello-pwn\ngdb -q -ex \"target remote localhost:1234\" ./bin/x86-64/00-hello-pwn\ngdb-multiarch -q -ex \"set architecture arm\" -ex \"set solib-absolute-prefix /usr/arm-linux-gnueabihf/\" -ex \"target remote localhost:1234\" ./bin/arm/00-hello-pwn\ngdb-multiarch -q -ex \"set architecture aarch64\" -ex \"set solib-absolute-prefix /usr/aarch64-linux-gnu/\" -ex \"target remote localhost:1234\" ./bin/arm64/00-hello-pwn\ngdb-multiarch -q -ex \"set architecture mips\" -ex \"set solib-absolute-prefix /usr/mips-linux-gnu/\" -ex \"target remote localhost:1234\" ./bin/mips/00-hello-pwn\ngdb-multiarch -q -ex \"set architecture mips64\" -ex \"set solib-absolute-prefix /usr/mips64-linux-gnuabi64/\" -ex \"target remote localhost:1234\" ./bin/mips64/00-hello-pwn\ngdb-multiarch -q -ex \"set architecture powerpc:common\" -ex \"set solib-absolute-prefix /usr/powerpc-linux-gnu/\" -ex \"target remote localhost:1234\" ./bin/ppc/00-hello-pwn\ngdb-multiarch -q -ex \"set architecture powerpc:common64\" -ex \"set solib-absolute-prefix /usr/powerpc64-linux-gnu/\" -ex \"target remote localhost:1234\" ./bin/ppc64/00-hello-pwn\ngdb-multiarch -q -ex \"set architecture sparc:v9\" -ex \"set solib-absolute-prefix /usr/sparc64-linux-gnu/\" -ex \"target remote localhost:1234\" ./bin/sparc64/00-hello-pwn\n```\n\nIf you want to do full system emulation, you can do that either manually via `qemu-system-*` or via [arm_now](https://github.com/nongiach/arm_now).\n\n\n## Materials\n\nI'm not aiming to provide a thoroughly collected list of materials to learn binary exploitation here, so for the most part you should rely on your own ability to find them.\nI'll still put here some links that I have found helpful.\n\n[Linux syscall tables](https://w3challs.com/syscalls/)\n\n### x86 and x86-64\n\nCountless tutorials available online for these architectures.\n\n### arm\n\n[INTRODUCTION TO ARM ASSEMBLY BASICS](https://azeria-labs.com/writing-arm-assembly-part-1/) [articles]\n\n[ARM shellcode and exploit development](https://github.com/invictus1306/Workshop-BSidesMunich2018/blob/master/workshop_slides.pdf) [slides]\n\n### arm64\n\n[ARM Architecture Reference Manual ARMv8, for ARMv8-A architecture profile](https://static.docs.arm.com/ddi0487/b/DDI0487B_a_armv8_arm.pdf) [book]\n\n[Introduction to A64 Instruction Set](https://blog.linuxplumbersconf.org/2014/ocw//system/presentations/2361/original/02%20-%20a64-isa-intro-final.pdf) [slides]\n\n[ROP-ing on Aarch64 - The CTF Style](https://blog.perfect.blue/ROPing-on-Aarch64) [article]\n\n[GoogleCTF - forced-puns](https://0xabe.io/ctf/exploit/2016/05/02/GoogleCTF-forced-puns.html) [article]\n\n### mips\n\n[MIPS IV Instruction Set](http://math-atlas.sourceforge.net/devel/assembly/mips-iv.pdf) [book]\n\n[MIPS Calling Convention](https://courses.cs.washington.edu/courses/cse410/09sp/examples/MIPSCallingConventionsSummary.pdf) [article]\n\n[EXPLOITING BUFFER OVERFLOWS ON MIPS ARCHITECTURES](https://www.vantagepoint.sg/papers/MIPS-BOF-LyonYang-PUBLIC-FINAL.pdf) [article]\n\n[Exploiting a MIPS Stack Overflow](http://www.devttys0.com/2012/10/exploiting-a-mips-stack-overflow/) [article]\n\nNotes:\n\n1. `mips` has branch delay slot.\n\n### mips64\n\n[MIPS64 Architecture For Programmers Volume II: The MIPS64 Instruction Set](https://scc.ustc.edu.cn/zlsc/lxwycj/200910/W020100308600769158777.pdf) [book]\n\n[Linux MIPS ELF reverse engineering tips](https://www.cr0.org/paper/mips.elf.external.resolution.txt) [article]\n\nNotes:\n\n1. `mips64` has branch delay slot.\n\n2. Functions expect to be called through `$t9`.\n\n### ppc\n\n[PowerPC User Instruction Set Architecture Book I Version 2.01](http://math-atlas.sourceforge.net/devel/assembly/ppc_isa.pdf) [book]\n\n[POWERPC FUNCTION CALLING CONVENTION](https://g4laad.re/part-6-powerpc-stack-and-function/) [article]\n\n[Router Exploitation](https://www.recurity-labs.com/research/FX_Router_Exploitation.pdf) [slides]\n\n[CVE-2017-3881 Cisco Catalyst RCE Proof-Of-Concept](https://artkond.com/2017/04/10/cisco-catalyst-remote-code-execution/) [article]\n\n[How To Cook Cisco](https://embedi.org/blog/how-cook-cisco/) [article]\n\n### ppc64\n\n[PowerPC User Instruction Set Architecture Book I Version 2.01](http://math-atlas.sourceforge.net/devel/assembly/ppc_isa.pdf) [book]\n\n[64-bit PowerPC ELF Application Binary Interface Supplement 1.9](https://refspecs.linuxfoundation.org/ELF/ppc64/PPC-elf64abi-1.9.html) [article]\n\n[Deeply understand 64-bit PowerPC ELF ABI - Function Descriptors](https://www.ibm.com/developerworks/community/blogs/5894415f-be62-4bc0-81c5-3956e82276f3/entry/deeply_understand_64_bit_powerpc_elf_abi_function_descriptors?lang=en) [article]\n\nNotes:\n\n1. Functions expect a correct value of `$r2` when called.\n\n### sparc\n\n[The SPARC Architecture Manual Version 8](https://www.gaisler.com/doc/sparcv8.pdf) [book]\n\n[Function Call and Return in SPARC combined with Sliding Register Windows](http://www.mathcs.emory.edu/~cheung/Courses/255/Syllabus/8-SPARC/func-call+ret.html) [article]\n\n[When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC](https://hovav.net/ucsd/dist/sparc.pdf) [paper]\n\n[Buffer Overflows On the SPARC Architecture](http://www.davidlitchfield.com/sparc_buffer_overflows.pdf) [article]\n\n### sparc64\n\n[The SPARC Architecture Manual Version 9](https://cr.yp.to/2005-590/sparcv9.pdf) [book]\n\n[SPARC V9 ABI Features](https://docs.oracle.com/cd/E19120-01/open.solaris/816-5138/advanced-2/index.html) [article]\n\nNotes:\n\n1. `sparc64` has branch delay slot.\n\n2. `sparc64` has stack bias of 2047 bytes.\n\n3. `sparc64` CPU used by QEMU has 8 register windows.\n\n4. Figure out why and when `vulnerable()` register window gets loaded from the stack, none of the linked ROP tutorials mention it :)\n\n\n## Someday\n\nSome ideas for more tasks:\n\nXX-dup2-rop,\nXX-aaw-rop,\nXX-format-string,\nXX-reverse-shell,\nXX-oneshot-write,\nXX-oneshot-syscall,\nXX-bruteforce-aslr,\nXX-bruteforce-canary,\nXX-overwrite-got,\nXX-partial-ret,\nXX-partial-got,\nXX-sleep-shellcode,\nXX-mprotect-shellcode,\nXX-nonull-shellcode,\nXX-alphanum-shellcode,\nXX-shellcode-encoder,\nXX-nop-sled,\nXX-ret-sled,\nXX-canary-master,\nXX-canary-leak,\nXX-magic-gadget,\nXX-stack-pivot,\nXX-egghunt\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxairy%2Feasy-linux-pwn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxairy%2Feasy-linux-pwn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxairy%2Feasy-linux-pwn/lists"}