AnouarVision/ctf-writeups

一个不断增长的世界各地 CTF 比赛题解合集。
每篇题解都会逐步讲解思考过程和解决方案。

## 比赛 ### CryptoHack

简介

| # | 挑战 | 技术 / 备注 | 题解 | |----|---------------|-------------------------------------------|---------| | 01 | Great Snakes | 运行并检查 Python 脚本 | [EN](CryptoHack/Introduction/GreatSnakes/writeup-en.md) · [IT](CryptoHack/Introduction/GreatSnakes/writeup-it.md) | | 02 | Network Attacks | 使用 JSON (pwntools) 与远程 socket 交互 | [EN](CryptoHack/Introduction/NetworkAttacks/writeup-en.md) · [IT](CryptoHack/Introduction/NetworkAttacks/writeup-it.md) |

挑战

编码

| # | 挑战 | 技术 / 备注 | 题解 | |----|---------------|-------------------------------------------|---------| | 01 | ASCII | 将 ASCII 码转换为字符 (ord/chr) 脚本 | [EN](CryptoHack/General/Encoding/ASCII/writeup-en.md) · [IT](CryptoHack/General/Encoding/ASCII/writeup-it.md) | | 02 | Hex | 将 hex 字符串解码为 bytes 和 ASCII | [EN](CryptoHack/General/Encoding/Hex/writeup-en.md) · [IT](CryptoHack/General/Encoding/Hex/writeup-it.md) | | 03 | Base64 | Base64 解码为 bytes 和 ASCII | [EN](CryptoHack/General/Encoding/Base64/writeup-en.md) · [IT](CryptoHack/General/Encoding/Base64/writeup-it.md) | | 04 | Bytes and Big Integers | 在 bytes、整数和 hex (bigint) 之间转换 | [EN](CryptoHack/General/Encoding/BytesAndBigIntegers/writeup-en.md) · [IT](CryptoHack/General/Encoding/BytesAndBigIntegers/writeup-it.md) | | 05 | Encoding Challenge | 多步解码 (hex → bytes → base64 → 等) | [EN](CryptoHack/General/Encoding/EncodingChallenge/writeup-en.md) · [IT](CryptoHack/General/Encoding/EncodingChallenge/writeup-it.md) |

XOR

| # | 挑战 | 技术 / 备注 | 题解 | |----|---------------|-------------------------------------------|---------| | 01 | XOR Starter | 将每个 ASCII 字符与单字节 key 进行 XOR (ord/chr) | [EN](CryptoHack/General/XOR/XORStarter/writeup-en.md) · [IT](CryptoHack/General/XOR/XORStarter/writeup-it.md) | | 02 | XOR Properties | 使用 XOR 代数从给定的 XOR 关系中恢复未知 key (逐字节 XOR) | [EN](CryptoHack/General/XOR/XORProperties/writeup-en.md) · [IT](CryptoHack/General/XOR/XORProperties/writeup-it.md) | | 03 | Favourite byte | 暴力破解所有 256 种可能的单字节 XOR key，并选择产生可读 ASCII 明文的那一个 | [EN](CryptoHack/General/XOR/FavouriteByte/writeup-en.md) · [IT](CryptoHack/General/XOR/FavouriteByte/writeup-it.md) | | 04 | You either know, XOR you don't | 对整个密文使用恢复的 key 进行重复 key XOR 解密。 | [EN](CryptoHack/General/XOR/YouEitherKnowXORYouDon't/writeup-en.md) · [IT](CryptoHack/General/XOR/YouEitherKnowXORYouDon't/writeup-it.md) | | 05 | Lemur XOR | 将两个二进制文件逐字节 XOR 以恢复隐藏数据 | [EN](CryptoHack/General/XOR/LemurXOR/writeup-en.md) · [IT](CryptoHack/General/XOR/LemurXOR/writeup-it.md) |

数学

| # | 挑战 | 技术 / 备注 | 题解 | |----|---------------|-------------------------------------------|---------| | 01 | Greatest Common Divisor | 使用欧几里得算法计算 gcd(a, b) | [EN](CryptoHack/General/Mathematics/GreatestCommonDivisor/writeup-en.md) · [IT](CryptoHack/General/Mathematics/GreatestCommonDivisor/writeup-it.md) | | 02 | Extended GCD | 使用欧几里得算法计算 gcd(a, b) | [EN](CryptoHack/General/Mathematics/ExtendedGCD/writeup-en.md) · [IT](CryptoHack/General/Mathematics/ExtendedGCD/writeup-it.md) | | 03 | Modular Arithmetic 1 | 通过模数减少大数以获得小余数 | [EN](CryptoHack/General/Mathematics/ModularArithmetic1/writeup-en.md) · [IT](CryptoHack/General/Mathematics/ModularArithmetic1/writeup-it.md) | | 04 | Modular Arithmetic 2 | 使用费马小定理简化巨大的幂运算。 | [EN](CryptoHack/General/Mathematics/ModularArithmetic2/writeup-en.md) · [IT](CryptoHack/General/Mathematics/ModularArithmetic2/writeup-it.md) | | 05 | Modular Inverting | 使用扩展欧几里得算法或费马小定理求**模逆** | [EN](CryptoHack/General/Mathematics/ModularInverting/writeup-en.md) · [IT](CryptoHack/General/Mathematics/ModularInverting/writeup-it.md) |

数据格式

| # | 挑战 | 技术 / 备注 | 题解 | |----|---------------|-------------------------------------------|---------| | 01 | Privacy Enhanced Email | 解析 PEM 文件并提取 RSA 私钥 | [EN](CryptoHack/General/DataFormats/PrivacyEnhancedEmail/writeup-en.md) · [IT](CryptoHack/General/DataFormats/PrivacyEnhancedEmail/writeup-it.md) |

### OliCyber

简介

软件

| # | 挑战 | 技术 / 备注 | 题解 | |----|---------------|-------------------------------------------|---------| | 01 | Architetture | 确定 ELF 架构 | [EN](Olicyber/Introduzione/Software/01%20-%20Architetture/writeup-en.md) · [IT](Olicyber/Introduzione/Software/01%20-%20Architetture/writeup-it.md) | | 02 | Librerie | 查找不常见的共享库 | [EN](Olicyber/Introduzione/Software/02%20-%20Librerie/writeup-en.md) · [IT](Olicyber/Introduzione/Software/02%20-%20Librerie/writeup-it.md) | | 03 | Sezioni | 检查 ELF 节；隐藏的 UTF-16LE 数据 | [EN](Olicyber/Introduzione/Software/03%20-%20Sezioni/writeup-en.md) · [IT](Olicyber/Introduzione/Software/03%20-%20Sezioni/writeup-it.md) | | 04 | Strings 1 | 使用 `strings` 提取字面量 | [EN](Olicyber/Introduzione/Software/04%20-%20Strings1/writeup-en.md) · [IT](Olicyber/Introduzione/Software/04%20-%20Strings1/writeup-it.md) | | 05 | Strings 2 | 使用 Ghidra 反编译器；重构 UTF-16LE | [EN](Olicyber/Introduzione/Software/05%20-%20Strings2/writeup-en.md) · [IT](Olicyber/Introduzione/Software/05%20-%20Strings2/writeup-it.md) | | 06 | Strings 3 | XOR 保护的 flag；反转 key 以恢复 | [EN](Olicyber/Introduzione/Software/06%20-%20Strings3/writeup-en.md) · [IT](Olicyber/Introduzione/Software/06%20-%20Strings3/writeup-it.md) | | 07 | Stack 1 | 通过逐字节 `movb` 在栈上构建 Flag | [EN](Olicyber/Introduzione/Software/07%20-%20Stack1/writeup-en.md) · [IT](Olicyber/Introduzione/Software/07%20-%20Stack1/writeup-it.md) | | 08 | Dynamic 1 | 使用 `ltrace` 进行动态跟踪 | [EN](Olicyber/Introduzione/Software/08%20-%20Dynamic1/writeup-en.md) · [IT](Olicyber/Introduzione/Software/08%20-%20Dynamic1/writeup-it.md) | | 09 | Dynamic 2 | 使用 `strace` 跟踪系统调用 | [EN](Olicyber/Introduzione/Software/09%20-%20Dynamic2/writeup-en.md) · [IT](Olicyber/Introduzione/Software/09%20-%20Dynamic2/writeup-it.md) |

密码学

| # | 挑战 | 技术 | 题解 | |----|--------------------------------------|---------------------------|---------| | 01 | Encoding 1 | ASCII 解码 | [EN](Olicyber/Introduzione/Crypto/01%20-%20Encoding1/writeup-en.md) · [IT](Olicyber/Introduzione/Crypto/01%20-%20Encoding1/writeup-it.md) | | 02 | Encoding 2 | Hex 解码 | [EN](Olicyber/Introduzione/Crypto/02%20-%20Encoding2/writeup-en.md) · [IT](Olicyber/Introduzione/Crypto/02%20-%20Encoding2/writeup-it.md) | | 03 | Encoding 3 | Base64 + 大端序整数 | [EN](Olicyber/Introduzione/Crypto/03%20-%20Encoding3/writeup-en.md) · [IT](Olicyber/Introduzione/Crypto/03%20-%20Encoding3/writeup-it.md) | | 04 | XOR 1 | 对两个 hex 消息进行 XOR | [EN](Olicyber/Introduzione/Crypto/04%20-%20XOR1/writeup-en.md) · [IT](Olicyber/Introduzione/Crypto/04%20-%20XOR1/writeup-it.md) | | 05 | XOR 2 | 单字节 XOR 暴力破解 | [EN](Olicyber/Introduzione/Crypto/05%20-%20XOR2/writeup-en.md) · [IT](Olicyber/Introduzione/Crypto/05%20-%20XOR2/writeup-it.md) | | 06 | One More Time Please | 多次填充 (XOR 重用) | [EN](Olicyber/Introduzione/Crypto/06%20-%20OneMoreTimePlease/writeup-en.md) · [IT](Olicyber/Introduzione/Crypto/06%20-%20OneMoreTimePlease/writeup-it.md) | | 07 | PyCryptutorial 1 | PyCryptodome 示例 (DES/AES/ChaCha20) | [EN](Olicyber/Introduzione/Crypto/07%20-%20PyCryptutotial1/writeup-en.md) · [IT](Olicyber/Introduzione/Crypto/07%20-%20PyCryptutotial1/writeup-it.md) | | 08 | Congruenze Modulari | 模同余 | [EN](Olicyber/Introduzione/Crypto/08%20-%20CongruenzeModulari/writeup-en.md) · [IT](Olicyber/Introduzione/Crypto/08%20-%20CongruenzeModulari/writeup-it.md) | | 09 | Inverso Modulare | 模逆 / 扩展欧几里得 | [EN](Olicyber/Introduzione/Crypto/09%20-%20InversoModulare/writeup-en.md) · [IT](Olicyber/Introduzione/Crypto/09%20-%20InversoModulare/writeup-it.md) | | 10 | CRT | 中国剩余定理 | [EN](Olicyber/Introduzione/Crypto/10%20-%20CRT/writeup-en.md) · [IT](Olicyber/Introduzione/Crypto/10%20-%20CRT/writeup-it.md) | | 11 | RSA Helpline | RSA 基础 | [EN](Olicyber/Introduzione/Crypto/11%20-%20RSAHelpline/writeup-en.md) · [IT](Olicyber/Introduzione/Crypto/11%20-%20RSAHelpline/writeup-it.md) | | 12 | DHelpline | Diffie–Hellman / DLP | [EN](Olicyber/Introduzione/Crypto/12%20-%20DHelpline/writeup-en.md) · [IT](Olicyber/Introduzione/Crypto/12%20-%20DHelpline/writeup-it.md) | | 13 | A Diffiecult Communication | DH 参数 + AES‑CBC | [EN](Olicyber/Introduzione/Crypto/13%20-%20ADiffiecultCommunication/writeup-en.md) · [IT](Olicyber/Introduzione/Crypto/13%20-%20ADiffiecultCommunication/writeup-it.md) | | 14 | PyCryptutorial 2 | PyCryptodome: hash/HMAC/DSA/素性检测 | [EN](Olicyber/Introduzione/Crypto/14%20-%20PyCryptutorial2/writeup-en.md) · [IT](Olicyber/Introduzione/Crypto/14%20-%20PyCryptutorial2/writeup.it.md) |

OIC

Web 安全

| # | 挑战 | 技术 | 题解 | |----|------------------|----------------------------|---------| | 01 | NoRobotsHere | `robots.txt` 枚举 | [EN](Olicyber/OIC/Web%20Security/01%20-%20NoRobotsHere/writeup-en.md) · [IT](Olicyber/OIC/Web%20Security/01%20-%20NoRobotsHere/writeup-it.md) | | 02 | Headache | HTTP 响应头 | [EN](Olicyber/OIC/Web%20Security/02%20-%20Headache/writeup-en.md) · [IT](Olicyber/OIC/Web%20Security/02%20-%20Headache/writeup-it.md) | | 03 | JustAReminder | 客户端认证 | [EN](Olicyber/OIC/Web%20Security/03%20-%20JustAReminder/writeup-en.md) · [IT](Olicyber/OIC/Web%20Security/03%20-%20JustAReminder/writeup-it.md) | | 04 | SitoVuoto | 源代码检查 | [EN](Olicyber/OIC/Web%20Security/04%20-%20SitoVuoto/writeup-en.md) · [IT](Olicyber/OIC/Web%20Security/04%20-%20SitoVuoto/writeup-it.md) | | 05 | ClickMe | 客户端变量操纵 | [EN](Olicyber/OIC/Web%20Security/05%20-%20ClickMe/writeup-en.md) · [IT](Olicyber/OIC/Web%20Security/05%20-%20ClickMe/writeup-it.md) | | 06 | CookieMonsterArmy | 会话 cookie 伪造 | [EN](Olicyber/OIC/Web%20Security/06%20-%20CookieMonsterArmy/writeup-en.md) · [IT](Olicyber/OIC/Web%20Security/06%20-%20CookieMonsterArmy/writeup-it.md) | | 07 | RickRoller | HTTP 重定向拦截 | [EN](Olicyber/OIC/Web%20Security/07%20-%20RickRoller/writeup-en.md) · [IT](Olicyber/OIC/Web%20Security/07%20-%20RickRoller/writeup-it.md) | | 08 | ATooSmallReminder | 会话 ID 枚举 | [EN](Olicyber/OIC/Web%20Security/08%20-%20ATooSmallReminder/writeup-en.md) · [IT](Olicyber/OIC/Web%20Security/08%20-%20ATooSmallReminder/writeup-it.md) | | 09 | iForgot | Git 仓库泄露 | [EN](Olicyber/OIC/Web%20Security/09%20-%20iForgot/writeup-en.md) · [IT](Olicyber/OIC/Web%20Security/09%20-%20iForgot/writeup-it.md) | | 10 | ConfuseMe | PHP 类型混淆 | [EN](Olicyber/OIC/Web%20Security/10%20-%20ConfuseMe/writeup-en.md) · [IT](Olicyber/OIC/Web%20Security/10%20-%20ConfuseMe/writeup-it.md) | | 11 | PasswordChanger3000 | IDOR / Token 伪造 | [EN](Olicyber/OIC/Web%20Security/11%20-%20PasswordChanger3000/writeup-en.md) · [IT](Olicyber/OIC/Web%20Security/11%20-%20PasswordChanger3000/writeup-it.md) | | 12 | BasicSQLi | SQL 注入 | [EN](Olicyber/OIC/Web%20Security/12%20-%20BasicSQLi/writeup-en.md) · [IT](Olicyber/OIC/Web%20Security/12%20-%20BasicSQLi/writeup-it.md) | | 13 | IGotMagic! | 文件上传 RCE | [EN](Olicyber/OIC/Web%20Security/13%20-%20IGotMagic!/writeup-en.md) · [IT](Olicyber/OIC/Web%20Security/13%20-%20IGotMagic!/writeup-it.md) | | 14 | LightOrDark | 本地文件包含 | [EN](Olicyber/OIC/Web%20Security/14%20-%20LightOrDark/writeup-en.md) · [IT](Olicyber/OIC/Web%20Security/14%20-%20LightOrDark/writeup-it.md) | | 15 | FlagsShop | 客户端价格篡改 | [EN](Olicyber/OIC/Web%20Security/15%20-%20FlagsShop/writeup-en.md) · [IT](Olicyber/OIC/Web%20Security/15%20-%20FlagsShop/writeup-it.md) | | 16 | TimeIsKey | 计时攻击 | [EN](Olicyber/OIC/Web%20Security/16%20-%20TimeIsKey/writeup-en.md) · [IT](Olicyber/OIC/Web%20Security/16%20-%20TimeIsKey/writeup-it.md) | | 17 | ZioFrank | 管理员账户接管 | [EN](Olicyber/OIC/Web%20Security/17%20-%20ZioFrank/writeup-en.md) · [IT](Olicyber/OIC/Web%20Security/17%20-%20ZioFrank/writeup-it.md) | | 18 | CStyleLogin | PHP strcmp 类型混淆 | [EN](Olicyber/OIC/Web%20Security/18%20-%20CStyleLogin/writeup-en.md) · [IT](Olicyber/OIC/Web%20Security/18%20-%20CStyleLogin/writeup-it.md) | | 19 | MakeAWish | preg_match 数组绕过 | [EN](Olicyber/OIC/Web%20Security/19%20-%20MakeAWish/writeup-en.md) · [IT](Olicyber/OIC/Web%20Security/19%20-%20MakeAWish/writeup-it.md) | | 20 | CuriousGeorge | — | [EN](Olicyber/OIC/Web%20Security/20%20-%20CuriousGeorge/writeup-en.md) · [IT](Olicyber/OIC/Web%20Security/20%20-%20CuriousGeorge/writeup-it.md) | | 21 | Sn4ckSh3nan1gans | SQL 注入 (Base64 JSON) | [EN](Olicyber/OIC/Web%20Security/21%20-%20Sn4ckSh3nan1gans/writeup-en.md) · [IT](Olicyber/OIC/Web%20Security/21%20-%20Sn4ckSh3nan1gans/writeup-it.md) | | 22 | ShellsRevenge | 文上传 RCE | [EN](Olicyber/OIC/Web%20Security/22%20-%20ShellsRevenge/writeup-en.md) · [IT](Olicyber/OIC/Web%20Security/22%20-%20ShellsRevenge/writeup-it.md) | | 23 | Admin's Secret | SQL 注入 / 认证绕过 | [EN](Olicyber/OIC/Web%20Security/23%20-%20Admin%27sSecret/writeup-en.md) · [IT](Olicyber/OIC/Web%20Security/23%20-%20Admin%27sSecret/writeup-it.md) | | 24 | TrulyRandomSignature | 可预测的 RNG 种子 | [EN](Olicyber/OIC/Web%20Security/24%20-%20TrulyRandomSignature/writeup-en.md) · [IT](Olicyber/OIC/Web%20Security/24%20-%20TrulyRandomSignature/writeup-it.md) | | 25 | TIMP | 通过 cowsay 实现命令注入 | [EN](Olicyber/OIC/Web%20Security/25%20-%20TIMP/writeup-en.md) · [IT](Olicyber/OIC/Web%20Security/25%20-%20TIMP/writeup-it.md) | | 26 | IfYouHaveNoTimeJustDon'tWait | SQL 注入 (黑名单绕过) | [EN](Olicyber/OIC/Web%20Security/26%20-%20IfYouHaveNoTimeJustDon%27tWait/writeup-en.md) · [IT](Olicyber/OIC/Web%20Security/26%20-%20IfYouHaveNoTimeJustDon%27tWait/writeup-it.md) | | 27 | ShellsRevenge2 | 文件上传 + LFI (RCE) | [EN](Olicyber/OIC/Web%20Security/27%20-%20ShellsRevenge2/writeup-en.md) · [IT](Olicyber/OIC/Web%20Security/27%20-%20ShellsRevenge2/writeup-it.md) |

网络安全

| # | 挑战 | 技术 | 题解 | |----|-----------------------------|----------------------------------|---------| | 01 | Useless | PCAP 元数据 / `capinfos` | [EN](Olicyber/OIC/Network%20Security/01%20-%20Useless/writeup-en.md) · [IT](Olicyber/OIC/Network%20Security/01%20-%20Useless/writeup-it.md) | | 02 | SniffnByte | Hex 编码的 TCP payload | [EN](Olicyber/OIC/Network%20Security/02%20-%20SniffnByte/writeup-en.md) · [IT](Olicyber/OIC/Network%20Security/02%20-%20SniffnByte/writeup-it.md) | | 03 | ProtocolloDatagrammaUtente | UDP 流重组 | [EN](Olicyber/OIC/Network%20Security/03%20-%20ProtocolloDatagrammaUtente/writeup-en.md) · [IT](Olicyber/OIC/Network%20Security/03%20-%20ProtocolloDatagrammaUtente/writeup-it.md) | | 04 | G4tto | HTTP 对象导出 (JPEG) | [EN](Olicyber/OIC/Network%20Security/04%20-%20G4tto/writeup-en.md) · [IT](Olicyber/OIC/Network%20Security/04%20-%20G4tto/writeup-it.md) | | 05 | EasyStream | HTTP 对象导出 (HTML) | [EN](Olicyber/OIC/Network%20Security/05%20-%20EasyStream/writeup-en.md) · [IT](Olicyber/OIC/Network%20Security/05%20-%20EasyStream/writeup-it.md) | | 06 | PocaCola's Recipe | HTTP multipart + AES ZIP | [EN](Olicyber/OIC/Network%20Security/06%20-%20PocaCola%27sRecipe/writeup-en.md) · [IT](Olicyber/OIC/Network%20Security/06%20-%20PocaCola%27sRecipe/writeup-it.md) | | 07 | Wordwang | 输入模式发现，自动化 | [EN](Olicyber/OIC/Network%20Security/07%20-%20Wordwang/writeup-en.md) · [IT](Olicyber/OIC/Network%20Security/07%20-%20Wordwang/writeup-it.md) | | 08 | SicurezzaDeiTrasporti | TLS 1.3 解密 (SSLKEYLOG) | [EN](Olicyber/OIC/Network%20Security/08%20-%20SicurezzaDeiTrasporti/writeup-en.md) · [IT](Olicyber/OIC/Network%20Security/08%20-%20SicurezzaDeiTrasporti/writeup-it.md) | | 09 | That's A Lot Of F's | MAC/EtherType 中的隐蔽通道 | [EN](Olicyber/OIC/Network%20Security/09%20-%20That%27sALotOfF%27S/writeup-en.md) · [IT](Olicyber/OIC/Network%20Security/09%20-%20That%27sALotOfF%27S/writeup-it.md) | | 10 | CHAOS | TCP 混乱，时间戳排序 | [EN](Olicyber/OIC/Network%20Security/10%20-%20CHAOS/writeup-en.md) · [IT](Olicyber/OIC/Network%20Security/10%20-%20CHAOS/writeup-it.md) | | 11 | AMelodyInMyHead | 弱 nonce，重放攻击 | [EN](Olicyber/OIC/Network%20Security/11%20-%20AMelodyInMyHead/writeup-en.md) · [IT](Olicyber/OIC/Network%20Security/11%20-%20AMelodyInMyHead/writeup-it.md) | | 12 | SuperSecretAgent0x42 | XOR 挑战-响应，密钥提取 | [EN](Olicyber/OIC/Network%20Security/12%20-%20SuperSecretAgent0x42/writeup-en.md) · [IT](Olicyber/OIC/Network%20Security/12%20-%20SuperSecretAgent0x42/writeup-it.md) | | 13 | YouCompleteMe | 侧信道 (响应大小，ECB 泄露) | [EN](Olicyber/OIC/Network%20Security/13%20-%20YouCompleteMe/writeup-en.md) · [IT](Olicyber/OIC/Network%20Security/13%20-%20YouCompleteMe/writeup-it.md) | | 14 | DNSE-MailSecurity | DNS SPF CNAME 枚举 | [EN](Olicyber/OIC/Network%20Security/14%20-%20DNSE-MailSecurity/writeup-en.md) · [IT](Olicyber/OIC/Network%20Security/14%20-%20DNSE-MailSecurity/writeup-it.md) | | 15 | QuantumTransportLayer | TLS SNI/ALPN，SAN 分析 | [EN](Olicyber/OIC/Network%20Security/15%20-%20QuantumTransportLayer/writeup-en.md) · [IT](Olicyber/OIC/Network%20Security/15%20-%20QuantumTransportLayer/writeup-it.md) |

杂项

| # | 挑战 | 技术 | 题解 | |----|--------------|-------------------------------|---------| | 01 | Bright Sun | 视觉隐写术 (高亮) | [EN](Olicyber/OIC/Misc/01%20-%20BrightSun/writeup-en.md) · [IT](Olicyber/OIC/Misc/01%20-%20BrightSun/writeup-it.md) | | 03 | Dashed | 多层编码 (Morse → hex/binary → Base64 → ROT13) | [EN](Olicyber/OIC/Misc/03%20-%20Dashed/writeup-en.md) · [IT](Olicyber/OIC/Misc/03%20-%20Dashed/writeup-it.md) |

密码学

| # | 挑战 | 技术 | 题解 | |----|--------------------------------------|---------------------------|---------| | 02 | TutteLeStradePortanoARoma | 凯撒密码 (ROT 位移) | [EN](Olicyber/OIC/Crypto/02%20-%20TutteLeStradePortanoARoma/writeup-en.md) · [IT](Olicyber/OIC/Crypto/02%20-%20TutteLeStradePortanoARoma/writeup-it.md) | | 03 | CryptingOnStructure | 培根密码 (A/B) | [EN](Olicyber/OIC/Crypto/03%20-%20CryptingOnStructure/writeup-en.md) · [IT](Olicyber/OIC/Crypto/03%20-%20CryptingOnStructure/writeup-it.md) | | 04 | CorruptedKeyExchange | DH 参数注入 (g=1) | [EN](Olicyber/OIC/Crypto/04%20-%20CorruptedKeyExchange/writeup-en.md) · [IT](Olicyber/OIC/Crypto/04%20-%20CorruptedKeyExchange/writeup-it.md) | | 05 | 1337_XOR | 重复 key XOR (已知明文) | [EN](Olicyber/OIC/Crypto/05%20-%201337_XOR/writeup-en.md) · [IT](Olicyber/OIC/Crypto/05%20-%201337_XOR/writeup-it.md) | | 06 | SecureKeyGenerator | 弱 PRNG (时间戳) + AES-OFB | [EN](Olicyber/OIC/Crypto/06%20-%20SecureKeyGenerator/writeup-en.md) · [IT](Olicyber/OIC/Crypto/06%20-%20SecureKeyGenerator/writeup-it.md) | | 07 | RSALaPrimaChiave | 教科书 RSA (码本) | [EN](Olicyber/OIC/Crypto/07%20-%20RSALaPrimaChiave/writeup-en.md) · [IT](Olicyber/OIC/Crypto/07%20-%20RSALaPrimaChiave/writeup-it.md) | | 08 | Classic Cipher | 类转子演化密钥 | [EN](Olicyber/OIC/Crypto/08%20-%20ClassicCipher/writeup-en.md) · [IT](Olicyber/OIC/Crypto/08%20-%20ClassicCipher/writeup-it.md) | | 11 | VeryStrongVigenere | 维吉尼亚密码 (已知明文) | [EN](Olicyber/OIC/Crypto/11%20-%20VeryStrongVigenere/writeup-en.md) · [IT](Olicyber/OIC/Crypto/11%20-%20VeryStrongVigenere/writeup-it.md) | | 18 | I like hashes | 按字符 SHA-256 (彩虹表) | [EN](Olicyber/OIC/Crypto/18%20-%20ILikeHashes/writeup-en.md) · [IT](Olicyber/OIC/Crypto/18%20-%20ILikeHashes/writeup-it.md) |

软件

| # | 挑战 | 技术 / 备注 | 题解 | |----|---------------|-------------------------------------------|---------| | 01 | Super Market | 整数溢出；通过 `flag()` ret2win | [EN](Olicyber/OIC/Software/01%20-%20SuperMarket/writeup-en.md) · [IT](Olicyber/OIC/Software/01%20-%20SuperMarket/writeup-it.md) | | 02 | Hidden Variable | 隐藏在 `.data` 中的 `int[]` flag | [EN](Olicyber/OIC/Software/02%20-%20HiddenVariable/writeup-en.md) · [IT](Olicyber/OIC/Software/02%20-%20HiddenVariable/writeup-it.md) |

### ITSCyberGame

ITASEC 2025

| 类别 | 挑战 | 技术 / 备注 | 题解 | |------------|-------------------|--------------------------|---------| | 杂项 | Decode | 图像中隐藏的 QR 码 | [EN](ITSCyberGame/ITASEC_2025/Misc/Decode/writeup-en.md) · [IT](ITSCyberGame/ITASEC_2025/Misc/Decode/writeup-it.md) | | 杂项 | The Legend of the Hidden Code | 元数据 (Exif) | [EN](ITSCyberGame/ITASEC_2025/Misc/TheLegendOfTheHiddenCode/writeup-en.md) · [IT](ITSCyberGame/ITASEC_2025/Misc/TheLegendOfTheHiddenCode/writeup-it.md) | | 杂项 | Misty Morning | 位平面 (蓝色通道) | [EN](ITSCyberGame/ITASEC_2025/Misc/MistyMorning/writeup-en.md) · [IT](ITSCyberGame/ITASEC_2025/Misc/MistyMorning/writeup-it.md) | | 密码学 | Mystery Code | ROT13 替换 | [EN](ITSCyberGame/ITASEC_2025/Crypto/MisteryCode/writeup-en.md) · [IT](ITSCyberGame/ITASEC_2025/Crypto/MisteryCode/writeup-it.md) | | 杂项 | Dreams Within Dreams | 图像文件中的字符串 | [EN](ITSCyberGame/ITASEC_2025/Misc/DreamsWithinDreams/writeup-en.md) · [IT](ITSCyberGame/ITASEC_2025/Misc/DreamsWithinDreams/writeup-it.md) | | 密码学 | Grand Valse | T9 预测文本密码| [EN](ITSCyberGame/ITASEC_2025/Crypto/GrandValse/writeup-en.md) · [IT](ITSCyberGame/ITASEC_2025/Crypto/GrandValse/writeup-it.md) | | Web | There Is No Spoon | HTML 注释中的藏头诗 | [EN](ITSCyberGame/ITASEC_2025/Web/ThereIsNoSpoon/writeup-en.md) · [IT](ITSCyberGame/ITASEC_2025/Web/ThereIsNoSpoon/writeup-it.md) | | 密码学 | The Signal | 二进制 Morse，Base64，ROT47 | [EN](ITSCyberGame/ITASEC_2025/Crypto/TheSignal/writeup-en.md) · [IT](ITSCyberGame/ITASEC_2025/Crypto/TheSignal/writeup-it.md) | | 杂项 | The 1337 Vault | 嵌套 7z 解压 | [EN](ITSCyberGame/ITASEC_2025/Misc/The1337Vault/writeup-en.md) · [IT](ITSCyberGame/ITASEC_2025/Misc/The1337Vault/writeup-it.md) | | 杂项 | Corrupted Memories | 损坏的 PNG 文件头修复 | [EN](ITSCyberGame/ITASEC_2025/Misc/CorruptedMemories/writeup-en.md) · [IT](ITSCyberGame/ITASEC_2025/Misc/CorruptedMemories/writeup-it.md) | | 密码学 | The Answer to the Ultimate Question of File | 单字节 XOR (key=42) | [EN](ITSCyberGame/ITASEC_2025/Crypto/TheAnswerToTheUltimateQuestionOfFile/writeup-en.md) · [IT](ITSCyberGame/ITASEC_2025/Crypto/TheAnswerToTheUltimateQuestionOfFile/writeup-it.md) | | Web | Stairway to Flag | 客户端源代码检查 | [EN](ITSCyberGame/ITASEC_2025/Web/StairwayToFlag/writeup-en.md) · [IT](ITSCyberGame/ITASEC_2025/Web/StairwayToFlag/writeup-it.md) |

Girone 2026

1a_Giornata

| 类别 | 挑战 | 技术 / 备注 | 题解 | |----------|-----------|------------------|---------| | 杂项 | Fischietto | PNG 隐写 + WAV (Morse) | [EN](ITSCyberGame/Girone_2026/1a_Giornata/Misc/Fischietto/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/1a_Giornata/Misc/Fischietto/writeup-it.md) | | OSINT | SubWaySurfer | Google 收录的评论；Base64 然后 ROT13 | [EN](ITSCyberGame/Girone_2026/1a_Giornata/OSINT/SubWaySurfer/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/1a_Giornata/OSINT/SubWaySurfer/writeup-it.md) | | Web | BZZZZZ! | API 链式调用；会话 cookie 和请求头操纵 | [EN](ITSCyberGame/Girone_2026/1a_Giornata/Web/BZZZZZ!/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/1a_Giornata/Web/BZZZZZ!/writeup-it.md) | | SSH | Bosh | Bash 别名误导；使用绝对路径绕过；隐藏的点文件 | [EN](ITSCyberGame/Girone_2026/1a_Giornata/SSH/Bosh/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/1a_Giornata/SSH/Bosh/writeup-it.md) | | SSH | FollowTheRainbow | `PROMPT_COMMAND` 检查；调查非标准二进制文件 (`/usr/local/bin/color-changer`) | [EN](ITSCyberGame/Girone_2026/1a_Giornata/SSH/FollowTheRainbow/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/1a_Giornata/SSH/FollowTheRainbow/writeup-it.md) | | OSINT | Deep Dive | SQLite 取证；hex + Base64 解码 | [EN](ITSCyberGame/Girone_2026/1a_Giornata/OSINT/DeepDive/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/1a_Giornata/OSINT/DeepDive/writeup-it.md) | | Web | IlPiccoloNegozioOnline | Base64 cookie 篡改 / 客户端 cookie 操纵 | [EN](ITSCyberGame/Girone_2026/1a_Giornata/Web/IlPiccoloNegozioOnline/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/1a_Giornata/Web/IlPiccoloNegozioOnline/writeup-it.md) | | 杂项 | Ma che bello era il 2013... | Zip 密码破解 (rockyou)；hex 解码 | [EN](ITSCyberGame/Girone_2026/1a_Giornata/Misc/MaCheBelloEraIl2013/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/1a_Giornata/Misc/MaCheBelloEraIl2013/writeup-it.md) | | 软件| OrbitalDecay | .rodata 中的 UTF-16LE | [EN](ITSCyberGame/Girone_2026/1a_Giornata/Software/OrbitalDecay/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/1a_Giornata/Software/OrbitalDecay/writeup-it.md) | | 软件| WhoAreYou | 缓冲区溢出 + null 字节注入 | [EN](ITSCyberGame/Girone_2026/1a_Giornata/Software/WhoAreYou/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/1a_Giornata/Software/WhoAreYou/writeup-it.md) | | 网络 | NetworkSpy | 题解即将推出 | [EN](ITSCyberGame/Girone_2026/1a_Giornata/Network/NetworkSpy/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/1a_Giornata/Network/NetworkSpy/writeup-it.md) |

2a_Giornata

| 类别 | 挑战 | 技术 / 备注 | 题解 | |----------|-----------|------------------|---------| | 密码学 | TheGroceryLeak | 重复 key XOR；隐藏在 ODS 价格中的 key | [EN](ITSCyberGame/Girone_2026/2a_Giornata/Crypto/TheGroceryLeak/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/2a_Giornata/Crypto/TheGroceryLeak/writeup-it.md) | | 杂项 | Six76Seven | 音频隐写 / LSB 或附加数据 | [EN](ITSCyberGame/Girone_2026/2a_Giornata/Misc/Six76Seven/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/2a_Giornata/Misc/Six76Seven/writeup-it.md) | | 杂项 | IlBackupSbagliato | 加密备份 / 硬编码凭据 | [EN](ITSCyberGame/Girone_2026/2a_Giornata/Misc/IlBackupSbagliato/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/2a_Giornata/Misc/IlBackupSbagliato/writeup-it.md) | | Pwn | CorruptedCode | 带噪文本解析；正则表达式 + 自动化 | [EN](ITSCyberGame/Girone_2026/2a_Giornata/Pwn/CorruptedCode/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/2a_Giornata/Pwn/CorruptedCode/writeup-it.md) | | SSH | GhostInTheLogs | 日志泄露；syslog 中的 base64 | [EN](ITSCyberGame/Girone_2026/2a_Giornata/SSH/GhostInTheLogs/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/2a_Giornata/SSH/GhostInTheLogs/writeup-it.md) | | SSH | HawkinsLab | 颠倒的 SSH 密钥；unicode 修复 [EN](ITSCyberGame/Girone_2026/2a_Giornata/SSH/HawkinsLab/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/2a_Giornata/SSH/HawkinsLab/writeup-it.md) | | Web | PlayStation.Store | 客户端促销 + cookie 篡改 | [EN](ITSCyberGame/Girone_2026/2a_Giornata/Web/PlaystationStore/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/2a_Giornata/Web/PlaystationStore/writeup-it.md) | | 软件 | TheSecretShop | PCAP 获取凭据；隐藏的开发者 endpoint | [EN](ITSCyberGame/Girone_2026/2a_Giornata/Software/TheSecretShop/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/2a_Giornata/Software/TheSecretShop/writeup-it.md) | | 软件 | WhoAreYou2 | 带 null 字节技巧的 Ret2win | [EN](ITSCyberGame/Girone_2026/2a_Giornata/Software/WhoAreYou2/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/2a_Giornata/Software/WhoAreYou2/writeup-it.md) | | 软件 | FerrisWheel | 循环加法密码 (Rust) | [EN](ITSCyberGame/Girone_2026/2a_Giornata/Software/FerrisWheel/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/2a_Giornata/Software/FerrisWheel/writeup-it.md) |

3a_Giornata

| 类别 | 挑战 | 技术 / 备注 | 题解 | |----------|-----------|------------------|---------| | Web | Your money are safe (Bank) | SQL 注入 + IDOR | [EN](ITSCyberGame/Girone_2026/3a_Giornata/Web/YourMoneyAreSafe(Bank)/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/3a_Giornata/Web/YourMoneyAreSafe(Bank)/writeup-it.md) | | Web | Enterprise Access Gateway v2.1 | `alg=none` token 伪造 | [EN](ITSCyberGame/Girone_2026/3a_Giornata/Web/EnterpriseAccessGatewayv2.1/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/3a_Giornata/Web/EnterpriseAccessGatewayv2.1/writeup-it.md) | | 密码学 | Fish | 多次填充 (XOR 重用) + 弱密码 | [EN](ITSCyberGame/Girone_2026/3a_Giornata/Crypto/Fish/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/3a_Giornata/Crypto/Fish/writeup-it.md) | | 网络 | But it was cheap! | PCAP 分析；ONVIF / Base64 数据渗出 | [EN](ITSCyberGame/Girone_2026/3a_Giornata/Network/ButItWasCheap/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/3a_Giornata/Network/ButItWasCheap/writeup-it.md) | | 软件 | BackupUnlocker | 静态二进制分析；运行时字符串编码器 + 类维吉尼亚转换 | [EN](ITSCyberGame/Girone_2026/3a_Giornata/Software/BackupUnlocker/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/3a_Giornata/Software/BackupUnlocker/writeup-it.md) | | 软件 | EmojiCipher | — | [EN](ITSCyberGame/Girone_2026/3a_Giornata/Software/EmojiCipher/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/3a_Giornata/Software/EmojiCipher/writeup-it.md) | | 杂项 | Emergency Access | 受限 shell；隐藏的 DEBUG 命令和简单的算术解锁 | [EN](ITSCyberGame/Girone_2026/3a_Giornata/Misc/EmergencyAccess/writeup-en.md) · [IT](ITSCyberGame/Girone_2026/3a_Giornata/Misc/EmergencyAccess/writeup-it.md) |

In presenza 2026 PADOVA

四分之一决赛

| 类别 | 挑战 | 技术 / 备注 | 题解 | |----------|-----------|------------------|---------| | OSINT | Girolamo Trombetta | 卫星图像地理定位 → 局部灭绝 | [EN](ITSCyberGame/InPresenza_2026_Padova/QuartiDiFinale/OSINT/GirolamoTrombetta/writeup-en.md) · [IT](ITSCyberGame/InPresenza_2026_Padova/QuartiDiFinale/OSINT/GirolamoTrombetta/writeup-it.md) | | 杂项 | The Insider Threat | 取证数据库分析 (SQLite) | [EN](ITSCyberGame/InPresenza_2026_Padova/QuartiDiFinale/Misc/TheInsiderThreat/writeup-en.md) · [IT](ITSCyberGame/InPresenza_2026_Padova/QuartiDiFinale/Misc/TheInsiderThreat/writeup-it.md) | | Web | Workflow Runner | 不安全的 Python pickle 反序列化 → RCE | [EN](ITSCyberGame/InPresenza_2026_Padova/QuartiDiFinale/Web/WorkflowRunner/writeup-en.md) · [IT](ITSCyberGame/InPresenza_2026_Padova/QuartiDiFinale/Web/WorkflowRunner/writeup-it.md) | | 软件 | Labyrinth Protocol | 自定义验证逆向 → 块枚举 | [EN](ITSCyberGame/InPresenza_2026_Padova/QuartiDiFinale/Software/LabyrinthProtocol/writeup-en.md) · [IT](ITSCyberGame/InPresenza_2026_Padova/QuartiDiFinale/Software/LabyrinthProtocol/writeup-it.md) | | 网络 | We Are Under Attack! | PCAP 分析；盲注布尔型 SQL 提取 | [EN](ITSCyberGame/InPresenza_2026_Padova/QuartiDiFinale/Network/WeAreUnderAttack/writeup-en.md) · [IT](ITSCyberGame/InPresenza_2026_Padova/QuartiDiFinale/Network/WeAreUnderAttack/writeup-it.md) | | SSH | Internal Service | SSH 密钥破解 → 内部 HTTP 访问 | [EN](ITSCyberGame/InPresenza_2026_Padova/QuartiDiFinale/SSH/InternalService/writeup-en.md) · [IT](ITSCyberGame/InPresenza_2026_Padova/QuartiDiFinale/SSH/InternalService/writeup-it.md) | | 密码学 | Shuffled Snapshot | 教科书 RSA 按块加密 (无填充) + 块洗牌 | [EN](ITSCyberGame/InPresenza_2026_Padova/QuartiDiFinale/Crypto/ShuffledSnapshot/writeup-en.md) · [IT](ITSCyberGame/InPresenza_2026_Padova/QuartiDiFinale/Crypto/ShuffledSnapshot/writeup-it.md) |

半决赛

| 类别 | 挑战 | 技术 / 备注 | 题解 | |----------|-----------|------------------|---------| | Web | HOLD IT! | 分数预言机 → 贪心暴力破解，存储型 XSS 窃取管理员 cookie，通过编码斜杠进行路径穿越 | [EN](ITSCyberGame/InPresenza_2026_Padova/Semifinale/Web/HoldIt/writeup-en.md) · [IT](ITSCyberGame/InPresenza_2026_Padova/Semifinale/Web/HoldIt/writeup-it.md) | | 密码学 | Is that a...? | 伪造扩展名 (魔术字节)，PNG 块元数据，IEND 之后追加的 AES-ZIP，LSB 隐写 | [EN](ITSCyberGame/InPresenza_2026_Padova/Semifinale/Crypto/IsThatA/writeup-en.md) · [IT](ITSCyberGame/InPresenza_2026_Padova/Semifinale/Crypto/IsThatA/writeup-it.md) | | 杂项 | Broken | 隐藏的 `.git/` + HEAD 被重命名；QR 码因单像素翻转而降级 | [EN](ITSCyberGame/InPresenza_2026_Padova/Semifinale/Misc/Broken/writeup-en.md) · [IT](ITSCyberGame/InPresenza_2026_Padova/Semifinale/Misc/Broken/writeup-it.md) | | 杂项 | The Data Exfiltration | 意外提交 API 密钥 → 大规模数据渗出；关联 git/日志/S3/账单 | [EN](ITSCyberGame/InPresenza_2026_Padova/Semifinale/Misc/TheDataExfiltration/writeup-en.md) · [IT](ITSCyberGame/InPresenza_2026_Padova/Semifinale/Misc/TheDataExfiltration/writeup-it.md) | | 杂项 | Matrix | 混淆的客户端 JS；硬编码数组揭示 flag | [EN](ITSCyberGame/InPresenza_2026_Padova/Semifinale/Misc/Matrix/writeup-en.md) · [IT](ITSCyberGame/InPresenza_2026_Padova/Semifinale/Misc/Matrix/writeup-it.md) |

决赛

| 类别 | 挑战 | 技术 / 备注 | 题解 | |----------|-----------|------------------|---------|

### FCSC

FCSC 2022 — 杂项

| # | 挑战 | 技术 / 备注 | 题解 | |-----|-------------|---------------------------------|--------| | 01 | A l'envers | 自动化 / 字符串反转 | [EN](FCSC/2022/Misc/AL'Envers/writeup-en.md) · [IT](FCSC/2022/Misc/AL'Envers/writeup-it.md) | | 02 | QRCode | QR 修复 — 恢复定位图案中心 | [EN](FCSC/2022/Misc/QRCode/writeup-en.md) · [IT](FCSC/2022/Misc/QRCode/writeup-it.md) | | 03 | Wi‑Fi | WPA2 解密 / Wireshark (pcapng) | [EN](FCSC/2022/Misc/Wi-Fi/writeup-en.md) · [IT](FCSC/2022/Misc/Wi-Fi/writeup-it.md) |

FCSC 2022 — Web

| # | 挑战 | 技术 / 备注 | 题解 | |----|-----------|------------------|--------| | 01 | Header | 通过自定义 HTTP 请求头认证 | [EN](FCSC/2022/Web/Header/writeup-en.md) · [IT](FCSC/2022/Web/Header/writeup-it.md) |

FCSC 2022 — 密码学

| # | 挑战 | 技术 / 备注 | 题解 | |-----|-------------|---------------------------------|--------| | 01 | A l'aise | 维吉尼亚密码 (已知密钥) | [EN](FCSC/2022/Crypto/Al'Aise/writeup-en.md) · [IT](FCSC/2022/Crypto/Al'Aise/writeup-it.md) |

## 仓库结构 ``` / └── / └── / └── / ├── writeup-en.md └── writeup-it.md ``` 每个挑战文件夹都包含**英语**和**意大利语**的题解。 ## 许可证 本仓库仅供教育目的使用。所有挑战的版权归各自的组织者所有。

标签：ASCII, Base64, CryptoHack, CyberChallenge, DNS 反向解析, FSCS, Hex, OliCyber, pwntools, Python, Writeup, 可视化界面, 多线程, 安全学习, 安全竞赛, 密码学, 应用安全, 手动系统调用, 技术文档, 教程, 无后门, 漏洞分析, 编码转换, 网络安全, 解题报告, 路径探测, 逆向工具, 隐私保护