Skip to content
Writeup oriented CTF
Python C Ruby Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Writeup oriented CTF skill improvement

The corresponding ctf problem and wargame will be curated based on each required skill. ❗️ You may need the login account for browsing each wargame properly.

[*] System hacking / Pwnable

Basic introduction

Wargames 📝

Difficulty Wargames
Easy (Exploit-exercise) Protostar
Medium (Root-me) App System, (PwnerRank) Binary Exploitation

[+] BoF (Buffer Overflow)

Overwrite EIP + shellCode injection

Technique Knowledge Best Training 👍
shellcode injection shellcode pico-ctf-2013/overflow-4

Ret2PLT, Ret2Libc, ROP

Threat Mitigation Bypass

ASLR : Mem Leak

Technique Knowledge Best Training 👍
ASLR Bypass ROP, Mem leak pico ctf 2013/rop3



Technique Knowledge Best Training 👍
Address Calac ROP, Mem Leak, Address offset defcon 2015 / r0pbaby

[+] Format String

Arbitrary memory read

Direct Parameter Access (n$)

Arbitrary memory write using %n

[+] Heap Exploitation

shellphish/how2heap: A repository for learning various heap exploitation techniques. 🌟

[+] Exploitation technique 🌟


@Pwning Pwnables

  • Jump to payload
    • ret2reg or jump to payload if the stack is executable and addresses aren’t randomized
  • GOT overwrite
    • Commonly used in format string exploitation
    • Overwrite pointer in GOT with pointer to another location
  • Code re-use (ret2libc, ret2plt, ROP)
    • Make use of existing code and instructions to exploit the binary

[+] TIP & Tools 👍

  • GDB enhancer : 2O2L2H/gdb-switcher
    • gef : Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers : :octocat:
    • peda: PEDA - Python Exploit Development Assistance for GDB :octocat:
    • pwndbg: Exploit Development and Reverse Engineering with GDB Made Easy :octocat:
  • Exploit frameworks
  • ROP tools
    • Ropper : find gadgets to build rop chains for different architectures (x86/x86_64, ARM/ARM64, MIPS, PowerPC) : Ropper
    • ROPGadget : search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures. : ROPGadget
  • LIBC database
    • niklasb/libc-database: Build a database of libc offsets to simplify exploitation : libc-database

[*] Cryptography

[+] Caesar cryptography

[+] AES

[+] RSA

[*] Forensics

[*] Web

[+] SQL Injection

[+] XSS (Cross-site Scripting)

You can’t perform that action at this time.