

LoRexxar's Blog | 信息技术分享

LoRexxar's Blog | 信息技术分享

hctf_game_week1_writeup



hctf_game_week1_writeup

ctf Blogs

 2016/02/18   Share

• 
• 
• 
• 
• 

假期难得有时间空闲下来，就和协会的小伙伴组织了一次比较简单的ctf比赛针对学校的学弟学妹们，这里就贴上每一次的writeup，以供整理复习用。

WEB

WEB从0开始之PHP代码审计0 POINT: 100 DONE

题目ID： 55
题目描述： http://ctf.lazysheep.cc:8081/web1.php
Hint: 前置技能：PHP

题目的原题是出在hctf2015的fuck===，出题思路来自http://www.secbox.cn/hacker/1889.html.
payload: ?a[]=adsa&b[]=dsadsa
这里之所以===能过，是因为在php中，md5不能加密数组，会返回null，null==null返回flag

MISC

MISC 驾驶技术科目一 POINT: 100 DONE

题目ID： 36
题目描述： 如果玩转 MISC 快来开始你的科目一吧！ 链接: http://pan.baidu.com/s/1c1c7fiC 密码: cyyd
Hint: 噫 都上些啥站呀

科目一比较简单，和之前的流量分析类似，大概就是一个http明文请求，仔细找找很快就能找到。flag中顺便找到科目二的入口。

MISC 驾驶技术科目二 POINT: 100 DONE

题目ID： 37
题目描述： 考完科目一的小伙伴快过来科目二啦，早上上路，争当中国好司机。
Hint: 无

科目二找到后发现是一张图片，这里使用到一个linux下的工具，binwalk，可以发现图片是由多个文件合并的，使用foremost就可以把所有的东西拆开来，得到flag的二维码，扫码getflag。

MISC从0开始之编码1 POINT: 75 DONE

题目ID： 49
题目描述： 老司机的题目做不出来？丢一题简单的给你们做。。
http://ctf.lazysheep.cc:8081/misc1.html
Hint: base全家桶，老司机们别抢新生的前三血啊～

这里就是base全家桶了，目前好像没见过用python以外的方式做的，不过如果自己写代码实现应该也是可以的。

import base64
bb64=base64.b64encode('xxxxx')
bb32=base64.b32encode(bb64)
b=base64.b16endcode(bb32)
print b

大概就是这样…

MISC从0开始之流量分析1 POINT: 75 DONE

题目ID： 53
题目描述： http://ctf.lazysheep.cc:8081/misc1.pcap
Hint: 暂无HINT

比较接近一般题目的流量分析了，可以看到在最后一个http请求中请求了一个flag的zip文件。那么就需要wireshark加一个16进制编辑器把这个文件扣出来了，一般网上还是能搜到教程的，懒得赘述了。

CTF coding step1 POINT: 50 DONE

题目ID： 47
题目描述： 打CTF就是拿工具？ 不不不，也要写很多代码的。这个系列就是让你熟悉CTF风格的编程题目，具体的要求见题目吧のの 就是让你们多看点英文：
nc 115.29.77.78 9979
Hint: repr

nc连上发现是计算数学式子，那么开始写代码吧。

import socket
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect(('115.29.77.78',9979))
import time
sock11=sock.recv(1024)
print sock11
sock11=sock.recv(1024)
print sock11
pos2=sock11.find('=',950)
sendr = eval(sock11[945:pos2])
print sendr
sock.send(repr(sendr)+'\n')
while 1:
	sock11=sock.recv(1024)
	print sock11
	pos=sock11.find('=')
	i=sock11.find(']')
	if(i!=-1):
		sendr=eval(sock11[i+2:pos].replace('\xc3\x97','*'))
		print sendr
		sock.send(repr(sendr)+'\n')
	else:
		sendr=eval(sock11[:pos])
		print sendr
		sock.send(repr(sendr)+'\n')
sock.close()

因为是第一次写socket，所以还是踩了不少坑，首先这个文件不能叫做socket.py否则不能通过编译，其次就是每一个send必须在后面加上’\n’否则不会有下一步，自己试试吧。。。

crypto

密码学从0开始之1 POINT: 20 DONE

题目ID： 50
题目描述： http://ctf.lazysheep.cc:8081/cry1.html
flag不是标准格式，提交你解出的明文就行，flag全是大写
Hint: 这个简单，应该不需要hint

打开看到一堆点啊横啊就知道是摩斯密码，随便一搜都能搜到各种解码

密码学从0开始之1.1 POINT: 150 DONE

题目ID： 54
题目描述： http://ctf.lazysheep.cc:8081/cry2.html
你知道01的奥秘么？
Hint: 这可不是啥古典密码了

打开看到0101，第一反应是看看有多少位，能除开8的话，八成是要转ascii码，那就写个代码吧

import binascii
f = file('./test','w+')  

str11 = '100010010101000001001110010001110000110100001010000110100000101000000000000000000000000000001101010010010100100001000100010100100000000000000000000000001011001000000000000000000000000000110010000010000000011000000000000000000000000011111000001110101000000110110000000000000000000000000101001111010100100101000100010000010101010001111000100111001110110110011100110011110100101110011011010010010001100011000111101111111101100111101110000111111010000011010000010010110010010010001011000111100000110010000010110101000100101100010111000101001101110100000101000011110101110100010110101101100000101010001101100100010001011001101111000000011011101111011000100000101011000010100110100001111110001000001010010110101000101000001101011101001001011100011110101101001000011110000010000110111001011001000000011011101010010101001011011011011000010001110101000011111010010100111101000010000101010101010001010110000010111101001010110000011001101001000011011001001100010101011100000010101111000100011111100100001110110011001100111110110010001100100110011011111101111010011000001101111111001111001110111110110011011000011001100111100000111100000100110110100011011111101111001111001110111101100100111001100011101111001111111100111001110101111001010010110000001110000101100100110100110000010001000001001101000111100010011111001111010110100101001110110100000000010000001100100010000000100001000100110100101001000000010000100010011010010100100000001000010001001100001010000000000100001001100110010101000000000010000100100011001010100001000001000010010001100100010000100000100101001000110010001000010000010010100100001001000000001001001001010010000000100001000100110100101001000000010000100010011010010100100000001000010001001100001010000000000100001001100110010101000000000010000100100011001010100001000001000010010001100100010000100000100101001000110010001000010000010010010010000001000111110010111101100110010000000100111011011001001100111001000110011010000101101100011010010101101111011011110000000100100010001000001111011000001101111101010001100001111010011101001101111101010011010110010010011101111110110100011110110110111001101100111000001111001101101110110100000100010100101111111001011100010111110001000110100011011111100011110110011010110000110100011111010100011001101110110110111100110111100001110111101111010000010010001100001111100100011010100001011001001100001100110101100001011110101111111010001101011101010111110100100101001000100110101000100110110111110111000111001001111110001110011001011111010001010011010011100001110001000111110011110011001001111110011110111011101110000000000110001100101111000111101100111011100010111010100000111100110111010001010100001100110111000101110011100111111101010011111110100100011011100011010010011100101001011100001010001011001100101011111110101000001011111110111111000110100001000001111010111010011111111001011101110010111101101000000110100010000111110011000000011001111010110101111110111011000111111001011000110001110010100000000011110111011110111110000011011001010111011101011110111000111011100111011111111011110111000001000100001001101110001100100100101011000001101011101101011010111111000011010110011111111100010101110001001101111001100111010100000111100000111111100011001010101111111101011110011110000111111110110010111000101001010011000011110010111011100010010000000010001010001011111001010001011100111011100110100001000010001011001011110001111000000000101010010111000111100111011000101011011000011001010011110110111111101000010000111010111100110001000101010101011100010111100111111010000000111000001111111000011001100100111000100011011101101100011110110101010010101101100110100100011011001000001101011100100111100111101100000101010101110101111100010011111101111100001111000000010010101110011101010111100000111101000110011100110110000101101110011000000011110001111000110101110111001100100110000111101000001000010011100010000000111101110110011000011110101101110011010000111111001110001011000100110111011110011011100011110001111101001000001101100010000101001000010000111111000011010010110001010110110010010110010100001011110100010011111011101001101010111101011001100101011001101100110111010010001111111000010010011101111001101110110100000000110100100011100010010010111011001001111001100100011000001010001001010101001011010111101111001000000010000010010011011001110001110110000100011101111100100110100101111101011111010000000111101010101101011110101011001001101010101101010111011111011010001101111010101110110111101101011111011011010011011010011001011010010111000101011010011101100110101110111111110000000111101111000110001000001011011110001010101001111111101100001110001011111110111011101000111001101110111000001111000000011101110101101110101100010100000000101110101101111000000001101010001000111111111000110111100100000011110001011010001111011100011010101101010010011011011010111011111110010001001001111110010010110111011100011100010011110000010110001111001110110001110001011101010101100101010011001110000100001101011011101100111010111101101111001001100001010100010111100001001010011001110110000000111000001100101011111010101111011101111101110000101110110000101111100110011110010100000111101010110100001101100110111010010011111001100111011001001000010111000111100100110001100101101101001001001011000100110010110001010000101111101001011000010110010011001001111000100011011101101010100001111011111001010110101110110110011101111101101010110100011100110011010100001101011010111110100001100100111001101101011011111111110111001100100100010011100011100101001011011111010011101011000000001111111011010101001011011010111011001010001101100100100101000111000110011000111011101001111110001101011001000101111011101111110001010111001101100101101110001111001000111001000100111001000000100110111001111001110000000111010010101000110111101010101001001111111110101111101111110000100100001101010110111011100111000010011000110000110001000111001010010010111110001001110010100001011100000011001110011011100000110100100011011101100101111101100000001000001111011100110110010110001111011010110101100110010101000010000001101111100101010110100001011110011100100001001010110110110011001010111000001010001110000001111011010001011110001111011000101101001111101101101001011101000000001011011101110110100111011110010111110110011000001001111101011111001111010011001110100110100101011101100010001101111001111001101111001101110010111011001111110010101100000101001110010111000110001110000010110011111110110001111001110100110010010101111001010000101110111011101100101011000011110101001001001101010100101010100010000010001111101001100110000001111111100001100111111101010100111111100111110110011110010010110010101111100101100100001001011111101000111100111011001111011000011001000101011100010111001110010100001001100001101010100111101011000101110110000000010101011000110110101100111000110000011100110110101100001011000011011101110100101100100001111000000110100111000011000001111111111100000110110010001101111101100011101111111100101110001011110100101000101111100100110111011110110001011011001110111011101100011101011000011110010000010001101110010001101011110111011010000000011000011100110000111100110101010000111111000011010001100000111010010111000100001000111000001010100010101001101000101100010011100011100110111010010100011101111001101110111001001010100000001101010000101101100001100100110111100111110011000100100011011001110000110001111100011111010010110011101011111101111001101001010101110110110111110110000001011011010011001100101000000101011001101111111101111101000101101010100111000000011101111111000001000110110010010101100101011010000000100000111101001100010011001110011111000110101110000011110011001101011111100101101100010100100111001011110100101101101001011100000000001010011011110111001010001101110010010011111100100100000100111101010100110010110100001001000000101011000110110100011100010110010000101010010110110001100111011001000110101111101011001110000110011001001111100110011100110001111011011111101100000010001000101000000000111011000011101000010101101001010110010010110011111100011101100100100101000101001001011101011100101100110100100001101100100001110101111101111010000111101100111100000100010111001000101001101000111111011010010010101000110101010111100101000001010101101110000100111010110001100101110001101011100111011000111011010011110110100001111010111100010110010010011111111000100101111011011111110101101101100011000010001001010001101101110000010011100011111100011001011100001001101100110101011001100110110000110111101000111001100111111010111001100111011011011000110110110000011100000111110101111110011100001101101011000011100111110001000101001011111011100110001011101000111101001000010111110001111110110111010011110101111010101101110111101001110011110011101111011100110101011100110111000100100100100110010001111101111110110110001010000011111000110011000001011100110110010111101011111000000000101100011111001010110101010111110000111111010010010011100001011000111010101110001011111100011101011000001111111011001111101110001100100000110110011111111000010110010100001111101111100010011010100001110110001011011001001001111001000000011000010001110111101100001010000101010010111100111011100111001110000010110110011111010010100100001110110010111000010010010001101101010000100000000010010100011111001100001010110111111110000100110111111000001100011101011101110001100011000111011011101101011001011111110110011110101001010111101101101110001011010100111010001110100101110101000000011110000111101000000000011100011110001110001110001010011001011111100101010110101111011110101111101011111101000100111011001101111100111010101100110011001101001011000101000101111101101011111100011101001011000100111111111110001011010110001011000101000010011111010000100010101111111110001001101000011101011101111110100010111001000000001111101011110011010011011111010011011110011100110000101111111111101000101011000001100011110101111000111100111110100101011011010001101001011011001011001101111110100001100101010111101111000110010101011001100010001100011010110011111011101000100010100110001000101100100111011010011111011100100101001010111011111101000111010011111001110110010101011101100101100101110001111111001000111011101101100101101110110010111111111011111011000011000101011111000111110011011000101000111111100000101101100110011001000100111001111110100000101011010111111111111111000110001011100010001000010100100000111111001000001110111111000001010000110000110011101110110010011101100010110100011001110011010010101100100100001000100110100010000111001001011010111011100001110010011001001000001110110000100000001000010001001101001010010000000100001000100110100101001000000010000100010011000010100000000001000010011001100101010000000000100001001000110010101000010000010000100100011001000100001000001001010010001100100010000100000100101001000010010000000010010010010100100000001000010001001101001010010000000100001000100110100101001000000010000100010011000010100000000001000010011001100101010000000000100001001000110010101000010000010000100100011001000100001000001001010010001100100010000100000100101001000010010000000010010010010111111000000111110010101111000111110000110011110111101010111110101111011100011110000000000000000000000000000000000100100101000101010011100100010010101110010000100110000010000010'

for k in xrange (0,11184,8):
       stt=str11[k:k+8]
       f.write(chr(int(stt,2)))

f.close()

突然发现好长啊。。。出来时一张图片，get！

pentest

lightless&aklis的渗透教室-2 POINT: 75 DONE

题目ID： 45
题目描述： http://120.27.53.238/pentest/02/http-header.php
Hint: Mozilla/5.0 (iPhone; CPU iPhone OS 9_0 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13A344 Safari/601.1
xff: 127.0.0.1

坑已经被踩完了还所做不出那就没办法了，记得要改ios99啊，hint中的是ios9的…

记得看文档啊！！！

原文作者：LoRexxar

原文链接：https://lorexxar.cn/2016/02/18/hctfgame_week1_writeup/

发表日期：February 18th 2016, 10:25:35 am

更新日期：September 29th 2020, 2:11:23 pm

版权声明：本文采用知识共享署名-非商业性使用 4.0 国际许可协议进行许可

• Next Post
  hctf_game_week2_writeup
• Previous Post
  hctf_game_week0_writeup

Powered by Hexotheme Archer

京ICP备2021004652号-1

PV: :)

CATALOG

1. 1. WEB
   1. 1.1. WEB从0开始之PHP代码审计0 POINT: 100 DONE
2. 2. MISC
   1. 2.1. MISC 驾驶技术科目一 POINT: 100 DONE
   2. 2.2. MISC 驾驶技术科目二 POINT: 100 DONE
   3. 2.3. MISC从0开始之编码1 POINT: 75 DONE
   4. 2.4. MISC从0开始之流量分析1 POINT: 75 DONE
   5. 2.5. CTF coding step1 POINT: 50 DONE
3. 3. crypto
   1. 3.1. 密码学从0开始之1 POINT: 20 DONE
   2. 3.2. 密码学从0开始之1.1 POINT: 150 DONE
4. 4. pentest
   1. 4.1. lightless&aklis的渗透教室-2 POINT: 75 DONE

• Archive
• Tag
• Cate

Total : 206

2024

• 06/11 PHP CGI Windows平台远程代码执行漏洞（CVE-2024-4577）分析与复现

2023

• 12/18 人与代码的桥梁-聊聊SAST
• 11/21 Joern In RealWorld (3) - 致远OA A8 SSRF2RCE
• 10/26 Joern In RealWorld (2) - Jumpserver随机数种子泄露导致账户劫持漏洞（CVE-2023-42820）
• 10/20 深入浅出Joern（四）不常用语法大全
• 08/31 Joern In RealWorld (1) - Acutators + CVE-2022-21724
• 08/24 深入浅出Joern（三）Joern和Neo4j常用语法大全
• 08/22 深入浅出Joern（二）CPG与图数据库
• 08/21 深入浅出Joern（一）Joern与CPG是什么？
• 07/19 打造自己的AIGC应用（一）入门篇
• 06/21 赛博偶像速成指南（三）- Midjourney
• 06/02 赛博偶像速成指南（二）- SD进阶篇
• 05/25 从0到1的ChatGPT - 进阶篇（五）- Embeddings
• 05/19 从0到1的ChatGPT - 进阶篇（四）- 训练自己的ChatGPT
• 05/08 看上去不起眼的微信机器人以及公众号爬虫
• 04/28 从0到1的ChatGPT - 进阶篇（三）- ChatGPT+？
• 04/26 从0到1的ChatGPT - 入门篇（二） - 如何与ChatGPT对话？
• 04/14 从0到1的ChatGPT - 入门篇
• 02/21 赛博偶像速成指南

2022

• 11/02 CS Xss2Rce CVE-2022-39197分析与复现
• 04/14 SCA的困境和出路
• 03/21 人生的第二个可能~

2021

• 12/10 log4j2 JNDI注入漏洞速通~
• 08/17 从0开始入门Chrome Ext安全（三） -- 你所未知的角落 - Chrome Ext安全
• 08/17 DevSecOps 究竟需要怎样的白盒？
• 08/06 区块链安全罪与罚 -- 浅谈区块链与安全发展史
• 05/19 创宇四年
• 04/16 反制Webdriver - 从Bot到RCE进发
• 03/09 通达OA代码审计篇二 - 11.8 后台Getshell
• 03/03 通达OA代码审计篇 - 11.7 有条件的任意命令执行
• 02/05 如何自动化挖掘php反序列化链 - phpunserializechain诞生记
• 01/28 为被动扫描器量身打造一款爬虫-LSpider

2020

• 10/30 构造一个CodeDB来探索全新的白盒静态扫描方案
• 09/21 从0开始聊聊自动化静态代码审计工具
• 07/14 Geekpwn 2020云端挑战赛 Noxss & umsg
• 07/08 从反序列化到类型混淆漏洞 -- 记一次ecshop实例利用
• 06/10 Roundcube mail 3 Xss
• 05/29 Roundcube mail代码审计笔记
• 05/11 空指针-Base on windows Writeup -- 最新版DZ3.4实战渗透
• 02/03 从0开始入门Chrome Ext安全（番外篇） -- Zoomeye Tools
• 01/14 CSS-T | Mysql Client 任意文件读取攻击链拓展

2019

• 12/30 pwnhub 被污染的Jade
• 12/05 从0开始入门Chrome Ext安全（二） -- 安全的Chrome Ext
• 11/22 从0开始入门Chrome Ext安全（一） -- 了解一个Chrome Ext
• 10/25 PHP-fpm 远程代码执行漏洞(CVE-2019-11043)分析
• 09/23 从零开始学java web - struts2 RCE分析
• 07/23 CVE-2019-11229详细分析 --git config可控-RCE
• 07/10 Redis 基于主从复制的RCE利用方式
• 06/12 Mybb 18.20 From Stored XSS to RCE 分析
• 05/28 MIMIC Defense CTF 2019 final writeup
• 04/19 Drupal 1-click to RCE分析
• 03/14 聊聊WordPress 5.1.1 CSRF to RCE漏洞
• 02/22 Wordpress 5.0 RCE详细分析

2018

• 12/07 Discuz x3.4前台SSRF分析
• 12/07 Code Breaking挑战赛 Writeup
• 12/01 以太坊智能合约审计CheckList
• 11/20 LCTF2018 ggbank 薅羊毛实战
• 11/16 从DVP GAME到变量覆盖问题
• 11/14 HCTF2018部分Web题目Writeup
• 11/12 HCTF2018智能合约两则Writeup
• 11/08 “以太坊智能合约编码隐患”影响分析报告
• 10/18 智能合约游戏之殇——Dice2win安全分析
• 09/25 “以太坊智能合约编码设计问题”影响分析报告
• 09/14 blockwell.ai 虚假转账 事件分析
• 09/06 “以太坊智能合约编码安全问题”影响分析报告
• 08/24 智能合约游戏之殇-类Fomo3D攻击分析
• 08/22 “以太坊智能合约设计缺陷问题”影响分析报告
• 08/14 “以太坊智能合约规范问题”影响分析报告
• 07/13 wctf2018 cyber mimic defence Writeup
• 05/31 0CTF/TCTF2018 Final Web Writeup
• 05/23 RCTF2018 Web Writeup
• 04/20 基于Service Worker 的XSS攻击面拓展
• 04/17 TCTF/0CTF2018 h4x0rs.space Writeup
• 04/10 TCTF/0CTF2018 h4xors.club2 Writeup
• 04/05 TCTF/0CTF2018 部分Web Writeup
• 04/05 TCTF/0CTF2018 XSS bl0g Writeup
• 03/26 强网杯2018 Web writeup
• 02/23 吐槽HCTF2017
• 02/07 从补丁到漏洞分析 --记一次joomla漏洞应急
• 01/19 DeDeCMS v5.7 密码修改漏洞分析
• 01/02 34c3 Web部分Writeup

2017

• 12/19 WordPress Updraftplus 插件漏洞2则以及一些有趣的故事
• 11/15 HCTF2017-Deserted place-Writeup
• 11/15 HCTF2017 babycrack Writeup
• 11/15 HCTF2017-A World Restored-Writeup
• 11/10 HITCON2017-writeup整理
• 10/26 typecho前台getshell漏洞分析
• 10/25 前端防御从入门到弃坑--CSP变迁
• 10/25 WordPress安全架构分析
• 09/30 Discuz!X 3.4 任意文件删除漏洞分析
• 08/31 阿里先知xss挑战赛 Writeup
• 08/31 Discuz_X authkey安全性漏洞分析
• 08/23 从瑞士军刀到变形金刚--XSS攻击面拓展
• 08/15 pwnhub 改行做前端
• 07/26 finecms分析
• 07/23 xssgame writeup
• 07/20 FineCMS multi vulnerablity before v5.0.9
• 07/11 Some Vulnerability for FineCMS through 2017.7.11
• 07/11 第十届信息安全国赛 Web MISC writeup
• 07/07 WordPress WP Statistics authenticated xss Vulnerability(WP Statistics <=12.0.9)
• 06/16 0ctf2017 final
• 05/23 RCTF2017 web writeup
• 05/16 通过浏览器缓存来bypass CSP script nonce
• 05/12 PlaidCTF 2017 web writeup
• 05/12 xss bot从入门到弃坑
• 05/09 CSP Is Dead, Long Live CSP! 翻译
• 04/24 pwnhub 绝对防御 出题思路和反思
• 04/21 Shadow Brokers大新闻整理
• 04/21 360春秋杯2017 writeup
• 04/18 bctf2017 web部分wp
• 03/27 pwnhub 之小m的复仇
• 03/21 0ctf201 web部分writeup
• 03/13 NJCTF Web部分writeup
• 03/05 pwnhub_another php web部分
• 02/27 zctf2017 writeup
• 02/20 pwnhub 打开电脑
• 02/16 有趣的cdn bypass CSP
• 01/26 聊聊hctf2016
• 01/17 pwnhub 深入敌后
• 01/03 33c32016 writeup

2016

• 12/28 phpmailer RCE漏洞分析
• 12/26 pwnhub_迷
• 12/24 浅谈xss的后台守护问题
• 12/18 pwnhub_找朋友
• 12/18 pwnhub_拍卖行
• 12/10 pwnhub_WTF_writeup
• 12/07 using polyglot JPEGs bypass CSP 分析
• 12/03 通过redis getshell的一些小问题
• 12/01 hctf2016 简单部分WEB && misc writeup
• 11/30 hctf2016 guestbook&secret area writeup
• 11/29 HCTF2016 ATField writeup
• 11/19 hctf2016 giligili writeup
• 10/31 CSP进阶-302 Bypass CSP
• 10/28 CSP进阶-link Bypass unsafe line
• 10/26 什么是ctf呢？
• 10/11 hitcon2016 misc writeup
• 10/10 hitcon2016 web writeup
• 10/03 L-ctf2016 Writeup
• 09/14 php 伪协议
• 09/11 华山杯2016_writeup
• 08/29 crypto 简单的RSA
• 08/18 sqlmap 源码分析（四）开始注入
• 08/16 sqlmap 源码分析（三）在注入之前
• 08/11 sqlmap 源码分析（二）初始化
• 08/09 sqlmap 源码分析（一）开始、参数解析
• 08/08 CSP Level 3浅析&简单的bypass
• 08/07 python virtualenv沙盒命令
• 08/01 XNUCA2016 Writeup
• 07/21 python tqdm模块分析
• 07/18 shell上一些有趣的命令
• 07/17 sangebaimao之火币网
• 07/12 信息安全国赛技能赛 Writeup
• 06/26 一个有趣的东西-cloudeye
• 06/17 sangebaimao之招聘又开始了，你怕了吗？
• 06/06 alictf2016_web_writeup
• 06/04 sangebaimao 寻找来自星星的你一
• 05/27 在php opcache检测隐藏的后门程序
• 05/12 php webshell 各种函数
• 05/10 Asis2016_Binary Cloud
• 05/09 sctf2016_writeup
• 05/05 dockerfile (・ω・)ノ
• 05/04 docker 基础操作
• 05/02 google_ctf2016_writeup
• 04/25 CCTF2016_writeup
• 04/20 gif bypass CSP?
• 04/11 j123jt的聊天板大型wp
• 04/11 sctfq1_Obfusion_writeup
• 04/08 input属性bypass csp
• 04/06 hctfgame_ll的流量分析题
• 04/04 is_numeric和trim导致的判断绕过
• 03/30 web_for_pentest_II writeup
• 03/22 bctf2016
• 03/14 hctf_game_week4+5_writeup
• 03/14 0ctf2016 && sunshinectf2016 writeup
• 03/07 bkp2016_writeup
• 03/05 hexo转移到coding配置
• 03/01 ssctf2015_writeup
• 02/29 hctf_game_week3_writeup
• 02/28 ldpa简单注入
• 02/28 titan souls 普通模式通关攻略
• 02/18 简单的git教程
• 02/18 hctf_game_week2_writeup
• 02/18 hctf_game_week1_writeup
• 02/18 hctf_game_week0_writeup

2015

• 12/21 《代码审计》一点儿笔记
• 12/19 hctf2015的一点儿记录
• 11/19 xss link&svg黑魔法
• 11/19 SQL 显错注入
• 11/17 ISG2015_writeup
• 11/17 RCTF2015_writeup
• 11/02 SPWC & 华山杯？ writeup
• 10/24 关于sqli注入的特殊函数
• 10/04 XDCTF2015-writeup
• 09/28 Nsctf2015_Writeup
• 07/02 xss无声挑战赛_writeup
• 06/11 ctf近期总结
• 05/22 Windows Hexo博客安装配置优化（小白篇）
• 05/21 Hduisa_ctf_wee4_fucksql
• 05/10 Web for pentester_writeup
• 02/26 Hduisa_ctf_writeup01
• 02/26 Hduisa_ctf_writeup02
• 02/26 （转）十年学会程序设计
• 01/22 0基础如何学好WEB（转）

2014

• 12/31 凤凰挽歌，黑客独白（作者：我是老鹰&炫凤舞）
• 12/29 （转）学长们给我们的书目（结尾附上PDF地址）
• 12/29 菜鸟小白的开始...

 ctf  Blogs  sqli  CSP  xss  postMessage  java  csp  ssrf  redis  opcache  nodejs  race  pdflatex  csrf  Hexo  cve  Shadow Brokers  0day  windows  aigc  php  c  curl  eth  blockchain  Reprint  bookshelf  chatgpt  llm  embeddings  chrome_ext  chrome  chrome ext  webdriver  dns  cloudeye  crypto  RSA  rabins  cmd  shell  linux  node  cs  CVE-2022-39197  contract  mysql  dedecms  逻辑漏洞  phpmailer  midjourney  智能合约  aicg  sd  devsecops  whitebox  book_notes  docker  ctf web  phar  rce  dvp  漏洞分析  git  反序列化漏洞  类型混淆漏洞  ecshop  dz  Fomo3D  access  伪协议  Essay  hctf  misc  php opcache  eassy  checklist  jsre  clrf  struts2  sast  joern  cpg  oa  neo4j  白盒  injection  随笔  django  LSpider  爬虫  mimic  log4j2  jndi  pwnhub  flask  格式化字符串  模板注入  js  weblogic  lfi  wget  pwn  LFI  win server信息收集  msf  lcx端口转发  IPC通道入侵  fastcgi  ssh_sock5  python  tqdm  virtualenv  open_basedir  crontab  sangebaimao  php伪协议  file_put_contents  参数污染  CBC  LD_PRELOAD  sca  roundcube  gopher  fcgi  Essry  sqlmap  game  titan_souls  tongda  blog  wechat  SAST  tools  静态分析  wordpress  代码审计  条件竞争



缺失模块，请参考主题文档进行安装配置：https://github.com/fi3ework/hexo-theme-archer#%E5%AE%89%E8%A3%85%E4%B8%BB%E9%A2%98

 Blogs  Reprint

