��] CTF��ȫ��ِ��T

��ߣ��ǳ��W(w��ng)�j(lu��)��g��ȫ�W(xu��)Ժ �� (zh��n) ��

��磺��A��W(xu��)��r(sh��)�g��2020-10-01

�_�� �� 퓔�(sh��)�� 464

���Σ�Ӌ(j��)��C(j��)/�W(w��ng)�j(lu��)�N��

�� D �r(ji��):¥49.9(5.0��) ��r(ji��) ~~¥99.8~~ ��䛺�ɿ��T�r(ji��)

��ُ��܇ �ղ�

�_��٣� ȫ��]

?�½��س��

��Ǖ��>

>
ȫ��Ӌ(j��)��C(j��)�ȼ��ԇ��濼�}��ģ�M��Ԕ�⡤��MSOffice�߼��(y��ng)��

ȫ��Ӌ(j��)��C(j��)�ȼ��ԇ��濼�}��ģ�M��Ԕ�⡤��MSOffice�߼��(y��ng)��

¥14.4¥45
>
�Q��(zh��n)�Мy5000�}(��Z��c��_(d��))

�Q��(zh��n)�Мy5000�}(��Z��c��_(d��))

¥44.1¥88
>
ܛ��ܜyԇ.��c�{(di��o)��(y��u)��(sh��)�`֮·

ܛ��ܜyԇ.��c�{(di��o)��(y��u)��(sh��)�`֮·

¥56.2¥69
>
��һ�д��aAndroid

��һ�д��aAndroid

¥55.4¥99
>
JAVA��m(x��)��

JAVA��m(x��)��

¥58.1¥119
>
EXCEL�(qi��ng)�̿ƕ�(��ȫ��)(ȫ��ӡˢ)

EXCEL�(qi��ng)�̿ƕ�(��ȫ��)(ȫ��ӡˢ)

¥31.1¥69.9
>
��ȌW(xu��)��(x��)

��ȌW(xu��)��(x��)

¥92.4¥168

��ƷԔ��
��Ʒ�uՓ(0�l)

�ЈD�r(ji��):¥49.9 ��ُ��܇

��(qu��n)��Ϣ
��ɫ
��(n��i)�ݺ��
Ŀ�
��ߺ��

CTF��ȫ��ِ��T ��(qu��n)��Ϣ

ISBN��9787302556275
�l�δa��9787302556275 ; 978-7-302-55627-5
�b��һ��z�漈
�Ԕ�(sh��)��o
��o
��ٷ��
Ӌ(j��)��C(j��)/�W(w��ng)�j(lu��)
>
��Ϣ��ȫ

CTF��ȫ��ِ��T ��ɫ

��CTF��ȫ��ِ��T��ǆ��ǳ��W(w��ng)�j(lu��)��g��ȫ�W(xu��)Ժ��λ��I(y��)�v��(j��ng)�^��CTF��(sh��)�`�e�ۣ��Ĵ�ĥ��ɵ��Tָ����֪�R�c(di��n)ȫ�棬��(sh��)�(y��n)�v��ͨ��׶��Ԏ��x��ѿ��Web��ȫ��Ϣ�[��ܴa�W(xu��)��PWN�c��ȸ��(g��)��Ļ��A(ch��)֪�R��Ը��ݵؑ�(y��ng)��W(w��ng)�j(lu��)��ȫِ�¡�

CTF��ȫ��ِ��T ��(n��i)�ݺ��

��CTF��ȫ��ِ��T��Ҫ��BĿǰ��CTF(�Z��ِ)�ı�ِ��(n��i)�ݺͳ�Ҋ��}Ŀ��ͣ��Web��ȫ��ܴa�W(xu��)��Ϣ�[��򹤳̡�PWN�ȷ��}ĿҪ�󲢽o��}��ɡ� ��CTF��ȫ��ِ��T��}��S��(sh��)��ԏ�(qi��ng)��ɹ��(zh��n)�䅢��CTF��Ҫ�˽ⰲȫ��(sh��)��(zh��n)��ܵĸ�У�W(xu��)��IT��ȫ�ˆT��\(y��n)�S�ˆT��x��

CTF��ȫ��ِ��T Ŀ�

��1�� CTF�� 1
1.1 CTF��Դ 1
1.2 CTFģʽ 2
1.3 CTF��A(ch��)�� 3
1.3.1 �W(w��ng)�j(lu��) 3
1.3.2 ��ϵ�y(t��ng) 3
1.3.3 �� 4
1.3.4 ��(sh��)��(j��)�� 4
1.4 CTF�h(hu��n)�� 4
1.4.1 CTFd 4
1.4.2 Mellivora 9
��2�� Web��ȫ 13
2.1 Web��ȫ�� 13
2.2 Web��ȫ�Č�(sh��)�(y��n)�h(hu��n)�� 15
2.2.1 PHP�h(hu��n)�� 15
2.2.2 Java�h(hu��n)�� 16
2.2.3 Python�h(hu��n)�� 17
2.3 ��ȫ��ߵ�ʹ�� 19
2.3.1 sqlmap 19
2.3.2 Burp Suite 21
2.3.3 Firefox 23
2.3.4 ��蹤�� 23
2.4 Web��ȫ��(sh��)��(zh��n) 23
2.4.1 ��Ϣ�ռ� 24
2.4.2 HTTP 29
2.4.3 SQLע�� 34
2.4.4 ��a��Ӌ(j��) 41
2.4.5 ��(y��ng)�íh(hu��n)�� 70
��3�� ܴa�W(xu��) 73
3.1 �ܴa�W(xu��)��A(ch��)֪�R 73
3.1.1 ��a/��a�vʷ 73
3.1.2 �ܴa�W(xu��)�vʷ 76
3.2 �ܴa�W(xu��)�}Ŀ�� 77
3.2.1 ��a/��a�� 77
3.2.2 �ܴa�㷨�� 77
3.3 �ܴa�W(xu��)��(sh��)��(zh��n) 78
3.3.1 ��a/��a 78
3.3.2 �ŵ��ܴa�W(xu��) 93
3.3.3 ��Q�ܴa 104
3.3.4 �ǌ��Q�ܴa 111
3.3.5 ��ϣ�㷨 122
��4�� Ϣ�[�� 125
4.1 �[��g(sh��)��B 125
4.1.1 �[��g(sh��)�� 125
4.1.2 �[��g(sh��)��(y��ng)�� 125
4.1.3 CTF�[��g(sh��)�� 126
4.1.4 CTF�[��g(sh��)�F(xi��n)�� 126
4.1.5 �[��g(sh��)��A(ch��)֪�R 127
4.2 �[��(sh��)��(zh��n) 129
4.2.1 �DƬ�[�� 129
4.2.2 �ı��ļ��[�� 168
4.2.3 ��l�ļ��[�� 182
4.2.4 ��ļ��[�� 191
4.2.5 �C��Ӗ(x��n)�� 198
��5�� 򹤳� 213
5.1 ��򹤳̸�� 213
5.1.1 ʲô��򹤳� 213
5.1.2 ܛ��򹤳̵Ěvʷ 215
5.1.3 ܛ��򹤳̵đ�(y��ng)�� 216
5.1.4 ܛ��򹤳̵ĳ��ֶ� 216
5.1.5 ��ΌW(xu��)��(x��)�� 217
5.2 �W(xu��)��(x��)��Ļ��A(ch��)֪�R 218
5.2.1 C�Z�Ի��A(ch��) 218
5.2.2 Ӌ(j��)��C(j��)�Y(ji��)��(g��u) 219
5.2.3 �R��ָ�� 224
5.2.4 ��(sh��)��(j��)�Y(ji��)��(g��u) 227
5.2.5 Windows PE 228
5.2.6 Linux ELF 229
5.2.7 �� 230
5.3 ��ù��߼��ʹ�÷�� 231
5.3.1 PE�� 231
5.3.2 ��g�� 232
5.3.3 �{(di��o)ԇ�� 234
5.3.4 �o�� 236
5.4 ��(sh��)��(zh��n) 238
5.4.1 ��}˼· 238
5.4.2 �@�^��o(h��)� 240
5.4.3 �ƽ�� 256
5.4.4 �㷨�� 261
��6�� ȡ�C 271
6.1 ȡ�C�� 271
6.2 ȡ�C�ĳ�Ҏ(gu��)˼· 272
6.2.1 ��־��˼· 272
6.2.2 ��(sh��)��(j��)��˼· 272
6.2.3 ��(n��i)��˼· 273
6.3 ȡ�C��(sh��)��(zh��n) 274
6.3.1 ��־�� 274
6.3.2 ��(sh��)��(j��)�� 277
6.3.3 ��(n��i)�� 305
��7�� s�(xi��ng) 317
7.1 �s�(xi��ng)��(sh��)��(zh��n)1 317
7.2 �s�(xi��ng)��(sh��)��(zh��n)2 321
7.3 �s�(xi��ng)��(sh��)��(zh��n)3 336
��8�� PWN 359
8.1 PWN�� 359
8.2 PWN��(sh��)�(y��n)�h(hu��n)��c��A(ch��)�� 360
8.2.1 ��bpwntools 360
8.2.2 pwntools��÷� 361
8.2.3 �P(gu��n)��shellcode 363
8.2.4 ��bPeda��qira 364
8.2.5 ��b��**�M�� 366
8.2.6 ��gpwn1 367
8.2.7 ��o(h��)�C(j��)��cchecksec�_�� 367
8.2.8 socat 369
8.2.9 objdump 369
8.3 GDB�{(di��o)ԇ 370
8.3.1 GDB��A(ch��)�� 370
8.3.2 Peda 372
8.3.3 GDB��(x��) 373
8.4 ��ԭ��c��(sh��)�� 377
8.4.1 ��ԭ�� 378
8.4.2 ��(sh��)�� 383
8.4.3 ׃��w 385
8.4.4 ret2libc��g(sh��) 386
8.5 ��ʽ��ַ��©�� 391
8.5.1 printf��(sh��) 391
8.5.2 pwntools�е�fmtstrģ�K 394
8.5.3 ��ʽ��ַ��ʾ�� 395
8.6 PWN��(sh��)��(zh��n) 398
8.6.1 pwn-easy 398
8.6.2 pwnme2 399
8.6.3 pwnme3 402
8.6.4 pwn4 406
8.6.5 pwnable.kr-input 406
��9�� 409
9.1 �� 409
9.2 ��ِҎ(gu��)�t��ע��(xi��ng) 409
9.3 �� 410
9.3.1 ��ز�� 410
9.3.2 ��· 420
9.3.3 ��ٶ�λĿ��(bi��o) 421
9.3.4 ��T�� 423
9.3.5 ��(y��ng)�� 428
9.4 ��(sh��)��(zh��n) 432
9.4.1 PHP�ЙC(j��)�h(hu��n)��(sh��)�` 432
9.4.2 Java�ЙC(j��)�h(hu��n)��(sh��)�` 440
�� ׌W(xu��)��(x��)�YԴ�f�� 447

չ�_ȫ��

CTF��ȫ��ِ��T ��ߺ��

��(zh��n)CISI�J(r��n)�C��Ϣ��ȫ�߼��v��Ї�ͨ��I(y��)�f(xi��)��W(w��ng)�j(lu��)��ȫ�ˆT��J(r��n)�C��v��W(w��ng)�j(lu��)��ȫ��Ӗ(x��n)��I��匧(d��o)��ܛ��O(sh��)Ӌ(j��)��CWASP-L2 Web��ȫ��ң��@��^��@��(ji��ng)(��ȫ��Ӗ(x��n))�Լ�CISA��CISD��CCSK��ISO 27001 Foundation��Cobit5��OCP��J(r��n)�C��cOWASP Top ten 2017-RC1��İ�ķ��g��2003��_ʼ�M(j��n)��Ϣ��ȫ�I(l��ng)��Ϥ��ȫ��ĸ���g(sh��)��(x��)��(ji��)��S��ĝB͸�yԇ��(j��ng)�(y��n)��_�l(f��)�^��ȫ��(��ߏ�(qi��ng)�Ȱ�ȫ��ڶ��(w��)��R�ɹ��ߵ�)��o��ҽ��ڙC(j��)��(g��u)��I(y��)��λ��^�B͸�yԇ�c��ȫ�ӹ̷��(w��)��F(xi��n)��ؓ(f��)؟(z��)��ǳ��W(w��ng)�j(lu��)��g��ȫ�W(xu��)Ժ�Č�(sh��)Ӗ(x��n)ƽ�_�c��ȫ��Ӗ(x��n)�I(y��)��(w��)��l(w��i)CISI�J(r��n)�C��Ϣ��ȫ�߼��v��Ї�ͨ��I(y��)�f(xi��)��W(w��ng)�j(lu��)��ȫ�ˆT��J(r��n)�C��v��ѫ@��CISP��CCSK��Cobit5�Ȱ�ȫ�J(r��n)�C��2014��M(j��n)��Ϣ��ȫ�I(l��ng)��Ϥ��W(w��ng)�j(lu��)��ȫ�O(sh��)��cԭ��S��ĝB͸�yԇ��(j��ng)�(y��n)��LWeb��ȫ�c��ȫ©��о��F(xi��n)ؓ(f��)؟(z��)��ǳ��W(w��ng)�j(lu��)��g��ȫ�W(xu��)Ժ��n��_�l(f��)�̌W(xu��)��UNIXϵ�y(t��ng)��̎��ϵ�y(t��ng)��ɸ߼��(xi��ng)Ŀ��(j��ng)��L�ڏ��¾W(w��ng)�j(lu��)��ȫϵ�y(t��ng)��O(sh��)Ӌ(j��)��_�l(f��)��yԇ��̌�(sh��)ʩ�ȹ��1994�걱��պ��W(xu��)�Ԅӿ��ϵ�Tʿ��I(y��)��F(xi��n)�Ά��ǳ��W(w��ng)�j(lu��)��g��ȫ�W(xu��)Ժ��(w��)��Ժ�L��

��Ʒ�uՓ(0�l)

��u ٍ��

��o�uՓ��

��]