diff --git a/README.md b/README.md
index 54413b6..a1cad69 100644
--- a/README.md
+++ b/README.md
@@ -107,6 +107,7 @@
     - [6.1.6 pwn DefconCTF2015 fuckup](doc/6.1.6_pwn_defconctf2015_fuckup.md)
     - [6.1.7 pwn 0CTF2015 freenote](doc/6.1.7_pwn_0ctf2015_freenote.md)
     - [6.1.8 pwn DCTF2017 Flex](doc/6.1.8_pwn_dctf2017_flex.md)
+    - [6.1.9 pwn RHme3 Exploitation](doc/6.1.9_rhme3_exploitation.md)
   - re
     - [6.2.1 re XHPCTF2017 dont_panic](doc/6.2.1_re_xhpctf2017_dont_panic.md)
     - [6.2.2 re ECTF2016 tayy](doc/6.2.2_re_ectf2016_tayy.md)
diff --git a/SUMMARY.md b/SUMMARY.md
index ca11297..6fdd15c 100644
--- a/SUMMARY.md
+++ b/SUMMARY.md
@@ -97,6 +97,7 @@ GitHub 地址：https://github.com/firmianay/CTF-All-In-One
     * [6.1.6 pwn DefconCTF2015 fuckup](doc/6.1.6_pwn_defconctf2015_fuckup.md)
     * [6.1.7 pwn 0CTF2015 freenote](doc/6.1.7_pwn_0ctf2015_freenote.md)
     * [6.1.8 pwn DCTF2017 Flex](doc/6.1.8_pwn_dctf2017_flex.md)
+    * [6.1.9 pwn RHme3 Exploitation](doc/6.1.9_rhme3_exploitation.md)
   * re
     * [6.2.1 re XHPCTF2017 dont_panic](doc/6.2.1_re_xhpctf2017_dont_panic.md)
     * [6.2.2 re ECTF2016 tayy](doc/6.2.2_re_ectf2016_tayy.md)
diff --git a/doc/6.1.9_rhme3_exploitation.md b/doc/6.1.9_rhme3_exploitation.md
new file mode 100644
index 0000000..05f9886
--- /dev/null
+++ b/doc/6.1.9_rhme3_exploitation.md
@@ -0,0 +1,22 @@
+# 6.1.9 pwn RHme3 Exploitation
+
+- [题目解析](#题目解析)
+- [参考资料](#参考资料)
+
+
+[下载文件](../src/writeup/6.1.9_rhme3_exploitation)
+
+## 题目解析
+```
+$ file main.elf 
+main.elf: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=ec9db5ec0b8ad99b3b9b1b3b57e5536d1c615c8e, not stripped
+```
+```
+$ checksec -f main.elf 
+RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FORTIFY   Fortified Fortifiable  FILE
+Partial RELRO   Canary found      NX enabled    No PIE          No RPATH   No RUNPATH   Yes       0               10      main.elf
+```
+
+
+## 参考资料
+- [Exploitation](https://ctftime.org/task/4528)
diff --git a/doc/6_writeup.md b/doc/6_writeup.md
index f806ebe..36c00f6 100644
--- a/doc/6_writeup.md
+++ b/doc/6_writeup.md
@@ -9,6 +9,7 @@
   - [6.1.6 pwn DefconCTF2015 fuckup](6.1.6_pwn_defconctf2015_fuckup.md)
   - [6.1.7 pwn 0CTF2015 freenote](6.1.7_pwn_0ctf2015_freenote.md)
   - [6.1.8 pwn DCTF2017 Flex](6.1.8_pwn_dctf2017_flex.md)
+  - [6.1.9 pwn RHme3 Exploitation](6.1.9_rhme3_exploitation.md)
 - re
   - [6.2.1 re XHPCTF2017 dont_panic](6.2.1_re_xhpctf2017_dont_panic.md)
   - [6.2.2 re ECTF2016 tayy](6.2.2_re_ectf2016_tayy.md)
diff --git a/src/writeup/6.1.9_rhme3_exploitation/main.elf b/src/writeup/6.1.9_rhme3_exploitation/main.elf
new file mode 100644
index 0000000..a0c1d76
Binary files /dev/null and b/src/writeup/6.1.9_rhme3_exploitation/main.elf differ