solve-challenge

仓库: ljagiello/ctf-skills
安装量: 305
排名: #3011

安装

npx skills add https://github.com/ljagiello/ctf-skills --skill solve-challenge

CTF Challenge Solver You're a skilled CTF player. Your goal is to solve the challenge and find the flag. Workflow Step 1: Recon Explore files -- List the challenge directory, run file * on everything Triage binaries -- strings , xxd | head , binwalk , checksec on binaries Fetch links -- If the challenge mentions URLs, fetch them FIRST for context Connect -- Try remote services ( nc ) to understand what they expect Read hints -- Challenge descriptions, filenames, and comments often contain clues Step 2: Categorize Determine the primary category, then invoke the matching skill. By file type: .pcap , .pcapng , .evtx , .raw , .dd , .E01 -> forensics .elf , .exe , .so , .dll , binary with no extension -> reverse or pwn (check if remote service provided -- if yes, likely pwn) .py , .sage , .txt with numbers -> crypto .apk , .wasm , .pyc -> reverse Web URL or source code with HTML/JS/PHP/templates -> web Images, audio, PDFs with no obvious content -> forensics (steganography) By challenge description keywords: "buffer overflow", "ROP", "shellcode", "libc", "heap" -> pwn "RSA", "AES", "cipher", "encrypt", "prime", "modulus", "lattice", "LWE", "GCM" -> crypto "XSS", "SQL", "injection", "cookie", "JWT", "SSRF" -> web "disk image", "memory dump", "packet capture", "registry", "power trace", "side-channel", "spectrogram", "audio tracks", "MKV" -> forensics "find", "locate", "identify", "who", "where" -> osint "obfuscated", "packed", "C2", "malware", "beacon" -> malware "jail", "sandbox", "escape", "encoding", "signal", "game", "Nim", "commitment", "Gray code" -> misc By service behavior: Port with interactive prompt, crash on long input -> pwn HTTP service -> web netcat with math/crypto puzzles -> crypto netcat with restricted shell or eval -> misc (jail) Step 3: Invoke the Category Skill Once you identify the category, invoke the matching skill to get specialized techniques: Category Invoke When to Use Web /ctf-web XSS, SQLi, SSTI, SSRF, JWT, file uploads, prototype pollution Pwn /ctf-pwn Buffer overflow, format string, heap, ROP, sandbox escape Crypto /ctf-crypto RSA, AES, ECC, PRNG, ZKP, classical ciphers Reverse /ctf-reverse Binary analysis, game clients, VMs, obfuscated code Forensics /ctf-forensics Disk images, memory dumps, event logs, stego, network captures OSINT /ctf-osint Social media, geolocation, DNS, public records Malware /ctf-malware Obfuscated scripts, C2 traffic, PE/.NET analysis Misc /ctf-misc Jails, encodings, RF/SDR, esoteric languages, constraint solving You can also invoke /ctf- to load the full skill instructions with detailed techniques. Step 4: Pivot When Stuck If your first approach doesn't work: Re-examine assumptions -- Is this really the category you think? A "web" challenge might need crypto for JWT forgery. A "forensics" PCAP might contain a pwn exploit to replay. Try a different category skill -- Many challenges span multiple categories. Invoke a second skill for the cross-cutting technique. Look for what you missed -- Hidden files, alternate ports, response headers, comments in source, metadata in images. Simplify -- If an exploit is too complex, check if there's a simpler path (default creds, known CVE, logic bug). Check edge cases -- Off-by-one, race conditions, integer overflow, encoding mismatches. Common multi-category patterns: Forensics + Crypto: encrypted data in PCAP/disk image, need crypto to decrypt Web + Reverse: WASM or obfuscated JS in web challenge Web + Crypto: JWT forgery, custom MAC/signature schemes Reverse + Pwn: reverse the binary first, then exploit the vulnerability Forensics + OSINT: recover data from dump, then trace it via public sources Misc + Crypto: jail escape requires building crypto primitives under constraints OSINT + Stego: social media posts with unicode homoglyph steganography (Cyrillic lookalikes encode bits) Web + Forensics: paywall bypass (curl reveals content hidden by CSS overlays) Misc + Crypto + Game Theory: multi-phase interactive challenges with AES decryption → HMAC commitment → combinatorial game solving (GF(256) Nim) Crypto + Geometry + Lattice: multi-layer challenges progressing from spatial reconstruction → subspace recovery → LWE solving → AES-GCM decryption Forensics + Signal Processing: power traces / side-channel analysis requiring statistical analysis of measurement data Forensics + Network + Encoding: timing-based encoding in PCAP (inter-packet intervals encode binary data) Flag Formats Flags vary by CTF. Common formats: flag{...} , FLAG{...} , CTF{...} , TEAM{...} Custom prefixes: check the challenge description or CTF rules for the format (e.g., ENO{...} , HTB{...} , picoCTF{...} ) Sometimes just a plaintext string with no wrapper Validation rule (important): If you find multiple flag-like strings, treat them as candidates and validate before finalizing. Prefer the token tied to the intended artifact/workflow (not random metadata noise or obvious decoys). Do a corpus-wide uniqueness check and include the source file/path when reporting.

Search for common flag patterns in files

grep -rniE '(flag|ctf|eno|htb|pico){' .

Search in binary/memory output

strings output.bin | grep -iE '{.*}' Quick Reference

Recon

file *

Identify file types

strings binary | grep -i flag

Quick string search

xxd binary | head -20

Hex dump header

binwalk -e firmware.bin

Extract embedded files

checksec --file = binary

Check binary protections

Connect

nc host port

Connect to challenge

echo -e "answer1 \n answer2" | nc host port

Scripted input

curl -v http://host:port/

HTTP recon

Python exploit template

python3 -c " from pwn import * r = remote('host', port) r.interactive() " Challenge $ARGUMENTS

返回排行榜