Updated the shellcodez and targets in my hfsunsshd to include a working ROP chain for Solaris 11.0 (SunSSH 2.0) on x86. I had to re-write the shellcode for 11.0 as dup2() and execve() have different argument conventions on Solaris 11 systems, also had some additional NULL in the stack address required to mprotect(). I will not be adding more targets or architectures to this (at least publicly) as it now contains the most recent x86 Solaris systems - enjoy! https://github.com/hackerhouse-opensource/exploits/blob/master/hfsunsshdx.tgz