Home/安全与合规/solve-challenge
S

solve-challenge

by @ljagiellov
4.7(5)

Solve CTF challenges by analyzing files, connecting to servers, etc., to enhance offensive and defensive security skills.

CTFProblem SolvingSecurity ChallengesReverse EngineeringGitHub
Installation
npx skills add ljagiello/ctf-skills --skill solve-challenge
compare_arrows

Before / After Comparison

1
Before

Facing CTF challenges, manually analyzing files and connecting to services is extremely time-consuming, leading to slow progress in solving problems. The lack of systematic methods makes it easy to get stuck in complex scenarios.

After

Automated skill analysis and interaction significantly boost CTF problem-solving speed and success rate. It provides efficient strategies, helping to quickly overcome difficulties and gain a competitive edge.

description SKILL.md

name: solve-challenge description: Solves CTF challenges by analyzing files, connecting to services, and applying exploitation techniques. Orchestrates category-specific CTF skills for pwn, crypto, web, reverse engineering, forensics, OSINT, malware analysis, and miscellaneous challenges. license: MIT compatibility: Requires filesystem-based agent (Claude Code or similar) with bash, Python 3, and internet access. Orchestrates other ctf-* skills. allowed-tools: Bash Read Write Edit Glob Grep Task WebFetch WebSearch Skill metadata: user-invocable: "true" argument-hint: "[category] [challenge-file-or-url]"

CTF Challenge Solver

You're a skilled CTF player. Your goal is to solve the challenge and find the flag.

Workflow

Step 1: Recon

  1. Explore files -- List the challenge directory, run file * on everything
  2. Triage binaries -- strings, xxd | head, binwalk, checksec on binaries
  3. Fetch links -- If the challenge mentions URLs, fetch them FIRST for context
  4. Connect -- Try remote services (nc) to understand what they expect
  5. Read hints -- Challenge descriptions, filenames, and comments often contain clues

Step 2: Categorize

Determine the primary category, then invoke the matching skill.

By file type:

  • .pcap, .pcapng, .evtx, .raw, .dd, .E01 -> forensics
  • .elf, .exe, .so, .dll, binary with no extension -> reverse or pwn (check if remote service provided -- if yes, likely pwn)
  • .py, .sage, .txt with numbers -> crypto
  • .apk, .wasm, .pyc -> reverse
  • Web URL or source code with HTML/JS/PHP/templates -> web
  • Images, audio, PDFs with no obvious content -> forensics (steganography)

By challenge description keywords:

  • "buffer overflow", "ROP", "shellcode", "libc", "heap" -> pwn
  • "RSA", "AES", "cipher", "encrypt", "prime", "modulus", "lattice", "LWE", "GCM" -> crypto
  • "XSS", "SQL", "injection", "cookie", "JWT", "SSRF" -> web
  • "disk image", "memory dump", "packet capture", "registry", "power trace", "side-channel", "spectrogram", "audio tracks", "MKV" -> forensics
  • "find", "locate", "identify", "who", "where" -> osint
  • "obfuscated", "packed", "C2", "malware", "beacon" -> malware
  • "jail", "sandbox", "escape", "encoding", "signal", "game", "Nim", "commitment", "Gray code" -> misc

By service behavior:

  • Port with interactive prompt, crash on long input -> pwn
  • HTTP service -> web
  • netcat with math/crypto puzzles -> crypto
  • netcat with restricted shell or eval -> misc (jail)

Step 3: Invoke the Category Skill

Once you identify the category, invoke the matching skill to get specialized techniques:

CategoryInvokeWhen to Use
Web/ctf-webXSS, SQLi, SSTI, SSRF, JWT, file uploads, prototype pollution
Pwn/ctf-pwnBuffer overflow, format string, heap, ROP, sandbox escape
Crypto/ctf-cryptoRSA, AES, ECC, PRNG, ZKP, classical ciphers
Reverse/ctf-reverseBinary analysis, game clients, VMs, obfuscated code
Forensics/ctf-forensicsDisk images, memory dumps, event logs, stego, network captures
OSINT/ctf-osintSocial media, geolocation, DNS, public records
Malware/ctf-malwareObfuscated scripts, C2 traffic, PE/.NET analysis
Misc/ctf-miscJails, encodings, RF/SDR, esoteric languages, constraint solving

You can also invoke /ctf-<category> to load the full skill instructions with detailed techniques.

Step 4: Pivot When Stuck

If your first approach doesn't work:

  1. Re-examine assumptions -- Is this really the category you think? A "web" challenge might need crypto for JWT forgery. A "forensics" PCAP might contain a pwn exploit to replay.
  2. Try a different category skill -- Many challenges span multiple categories. Invoke a second skill for the cross-cutting technique.
  3. Look for what you missed -- Hidden files, alternate ports, response headers, comments in source, metadata in images.
  4. Simplify -- If an exploit is too complex, check if there's a simpler path (default creds, known CVE, logic bug).
  5. Check edge cases -- Off-by-one, race conditions, integer overflow, encoding mismatches.

Common multi-category patterns:

  • Forensics + Crypto: encrypted data in PCAP/disk image, need crypto to decrypt
  • Web + Reverse: WASM or obfuscated JS in web challenge
  • Web + Crypto: JWT forgery, custom MAC/signature schemes
  • Reverse + Pwn: reverse the binary first, then exploit the vulnerability
  • Forensics + OSINT: recover data from dump, then trace it via public sources
  • Misc + Crypto: jail escape requires building crypto primitives under constraints
  • OSINT + Stego: social media posts with unicode homoglyph steganography (Cyrillic lookalikes encode bits)
  • Web + Forensics: paywall bypass (curl reveals content hidden by CSS overlays)
  • Misc + Crypto + Game Theory: multi-phase interactive challenges with AES decryption → HMAC commitment → combinatorial game solving (GF(256) Nim)
  • Crypto + Geometry + Lattice: multi-layer challenges progressing from spatial reconstruction → subspace recovery → LWE solving → AES-GCM decryption
  • Forensics + Signal Processing: power traces / side-channel analysis requiring statistical analysis of measurement data
  • Forensics + Network + Encoding: timing-based encoding in PCAP (inter-packet intervals encode binary data)

Flag Formats

Flags vary by CTF. Common formats:

  • flag{...}, FLAG{...}, CTF{...}, TEAM{...}
  • Custom prefixes: check the challenge description or CTF rules for the format (e.g., ENO{...}, HTB{...}, picoCTF{...})
  • Sometimes just a plaintext string with no wrapper

Validation rule (important):

  • If you find multiple flag-like strings, treat them as candidates and validate before finalizing.
  • Prefer the token tied to the intended artifact/workflow (not random metadata noise or obvious decoys).
  • Do a corpus-wide uniqueness check and include the source file/path when reporting.
# Search for common flag patterns in files
grep -rniE '(flag|ctf|eno|htb|pico)\{' .
# Search in binary/memory output
strings output.bin | grep -iE '\{.*\}'

Quick Reference

# Recon
file *                                    # Identify file types
strings binary | grep -i flag             # Quick string search
xxd binary | head -20                     # Hex dump header
binwalk -e firmware.bin                   # Extract embedded files
checksec --file=binary                    # Check binary protections

# Connect
nc host port                              # Connect to challenge
echo -e "answer1\nanswer2" | nc host port # Scripted input
curl -v http://host:port/                 # HTTP recon

# Python exploit template
python3 -c "
from pwn import *
r = remote('host', port)
r.interactive()
"

Challenge

$ARGUMENTS

forumUser Reviews (0)

Write a Review

Effect
Usability
Docs
Compatibility

No reviews yet

Statistics

Installs200
Rating4.7 / 5.0
Version
Updated2026年3月17日
Comparisons1

User Rating

4.7(5)
5
0%
4
0%
3
0%
2
0%
1
0%

Rate this Skill

0.0

Compatible Platforms

🔧Claude Code
🔧OpenClaw
🔧OpenCode
🔧Codex
🔧Gemini CLI
🔧GitHub Copilot
🔧Amp
🔧Kimi CLI

Timeline

Created2026年3月17日
Last Updated2026年3月17日