nhh9905/CTF
GitHub: nhh9905/CTF
一个CTF Pwn方向赛题源码与题解的集合,覆盖栈溢出、格式化字符串、堆利用等多种漏洞类型的解题思路。
Stars: 1 | Forks: 0
# 题解
- 您可以在这里查看:[题解](https://hackmd.io/@nhh/By1X6rkIgg)
# 总结
## PTIT CTF 2024
- pwn1: ret2win
- pwn2: ret2shellcode
- pwn3: 格式化字符串
- pwn5: tcache poisoning
## Approval CTF 2025
- first_visit: ret2win
- secret_blend: 格式化字符串
## BitsCTF 2025
- baby pwn: ret2shellcode
- biscuits: 绕过 `rand()`
## EHAX CTF 2025
- cash: tcache poisoning
- fantastic doom: 绕过 `rand()` + ret2libc
## nullcon HackIM CTF Goa 2025
- hateful: ret2libc
- hateful2: tcache poisoning + stack pivot
- Mr Unlucky: 绕过 `rand()`
## PatriotCTF 2024
- Not So Shrimple Is It: Off-by-one
## PearlCTF 2025
- mrropot: ret2libc
- treasurehunt: ret2win
## PwnME CTF 2025
- got: 越界访问
## UofTCTF 2025
- baby-pwn: ret2win
- baby-pwn-2: ret2shellcode
## Tex SAW 2025
- ez printf: 格式化字符串
- ez ROP: ROPchain + ret2libc
## scriptCTF 2025
- vault3: Unlink Attack
## HolaCTF 2025
- babyheap: House of Kiwi
- login: ret2libc (困难)
## Full Week Engineering CTF 2025
- guide_to_heap: Tcache Poisoning
- iconv_service: ret2libc
## Nullcon HackIM CTF Berlin 2025
- Fotispy 1: 栈溢出
- Fotispy 4: Unlink Attack
- Fotispy 5: 堆溢出与释放后使用
- Fotispy 6: 攻击 `__free_hook`
- Fotispy 7:
- solve.py: ret2libc
- solve1.py: FSOP (攻击 `___printf_chk`)
## ImaginaryCTF 2025
- cascade: Stack Pivot + ret2libc
- fiumicino: 格式化字符串 (使用 pwntools 的 `fmtstr_payload()`)
## FortID CTF 2025
- Reverse Polish Pwn: ret2libc
## Quals Securinet CTF 2025
- zip++: ret2win
- spell manager: 堆利用 + ret2libc
## Quals CSCV CTF 2025
- RacehorseS: 格式化字符串
- HeapnoteS: 堆溢出
- SudokuS: 缓冲区溢出 + ret2shellcode
- Hanoi Convention: 缓冲区溢出 + 格式化字符串
## V1t CTF 2025
- 缓冲区溢出 + 格式化字符串
- 无堆利用挑战
标签:Bypass rand, C/C++, CISA项目, CTF Writeup, CTF 解题脚本, Exploit Development, FSOP, Go语言工具, Heap Exploitation, House of Kiwi, Linux 安全, Off-by-one, Pwn, pwntools, Python3.6, ret2libc, ret2shellcode, ret2win, ROPchain, Stack Pivot, tcache poisoning, Unlink Attack, Use-After-Free, Web报告查看器, XXE攻击, 事务性I/O, 二进制安全, 二进制漏洞利用, 堆溢出, 安全竞赛, 栈溢出, 栈迁移, 格式化字符串漏洞, 漏洞分析, 缓冲区溢出, 网络安全, 赛题复现, 路径探测, 逆向工具, 隐私保护