{"id":20368524,"url":"https://github.com/rocketmadev/ctfwriteup","last_synced_at":"2025-04-11T13:08:17.975Z","repository":{"id":195742381,"uuid":"693454877","full_name":"RocketMaDev/CTFWriteup","owner":"RocketMaDev","description":"pwn writeups in ctf","archived":false,"fork":false,"pushed_at":"2025-03-31T03:38:26.000Z","size":38812,"stargazers_count":10,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-06T11:08:58.241Z","etag":null,"topics":["ctf","ctf-writeups","pwn"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RocketMaDev.png","metadata":{"files":{"readme":"README.md","changelog":"newstar2023/README.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-09-19T04:19:12.000Z","updated_at":"2025-03-31T03:38:29.000Z","dependencies_parsed_at":null,"dependency_job_id":"4db4cdf2-54a9-4430-9283-a4d4708b7ec5","html_url":"https://github.com/RocketMaDev/CTFWriteup","commit_stats":null,"previous_names":["rocketmadev/ctfwriteup"],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RocketMaDev%2FCTFWriteup","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RocketMaDev%2FCTFWriteup/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RocketMaDev%2FCTFWriteup/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RocketMaDev%2FCTFWriteup/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RocketMaDev","download_url":"https://codeload.github.com/RocketMaDev/CTFWriteup/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248404649,"owners_count":21097790,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ctf","ctf-writeups","pwn"],"created_at":"2024-11-15T00:41:35.449Z","updated_at":"2025-04-11T13:08:17.967Z","avatar_url":"https://github.com/RocketMaDev.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Pwn新手的成长之路\n\n这里是 *RocketDev* 的CTF Writeup仓库，你可以在这里找到我打过的比赛的wp，\n所有blog上的wp都来源于此，如果你想看的wp在blog上还没有的话，不妨先来这里找找\n\n`wp`中包含无处归档的wp  \n个人做pwn题的writeup分专题放在各文件夹中\n\n## short shellcode\n\n项目下有32位和64位比pwntools短的shellcode，建议搭配`:r shellcode??b`使用\n\n32位汇编后长20B  \n64位汇编后长22B\n\n## 关于exp\n\n除了最开始的几个新手赛的exp以外，其他的exp全都是按以下方式运行：\n\n1. 运行`ipython`\n2. 使用`%load xxx.py`加载exp\n3. 运行`payload(lo)`来运行exp\n\n关于`lo`有这样一些约定俗成的规律：\n\n1. `lo == 0`: 打远程\n2. `lo != 0`: 打本地的样本\n3. `lo \u0026 0b10`: 启动gdb附加调试器\n4. `lo \u0026 0b100`: 输入需要爆破的地址（一般是直接从gdb中拿，避免打本地时还需要反复爆破）\n\n例子： `payload(1)`是不开gdb，直接打本地；`payload(2)`是启动gdb打本地；`payload(6)`是启动gdb打本地并输入本地偏移\n（如果有相关代码）；使用`while payload(0): pass`可以一直打远程直到爆破成功\n\n实操如下：\n\n![example](./assets/expnote.png)\n\n这种方法的优点是适合命令行熟练并且使用tmux + vim套件的人高效运行代码，而且遇到什么错误时，往往tube还没关闭，\n可以很方便地使用`sh.recv()`来知晓剩下的错误信息（如果有），还可以跑一些python运算，如`hex(0x37 ^ 0x69)`等\n\n缺点就是调试过程中出错需要自己close对象，如果忘记，那么退出ipython的时候就会有一堆的进程结束，此外，\n门槛相较双击运行也稍高一番\n\n## Copyright\n\nDistributed under CC BY-NC 4.0  \nCopyright RocketDev 2023-2025\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frocketmadev%2Fctfwriteup","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frocketmadev%2Fctfwriteup","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frocketmadev%2Fctfwriteup/lists"}