首页/安全与合规/solve-challenge
S

solve-challenge

by @ljagiellov1.0.0
0.0(0)

Solves CTF challenges by analyzing files, connecting to services, and applying exploitation techniques. Orchestrates category-specific CTF skills for pwn, crypto, web, reverse engineering, forensics, OSINT, malware analysis, and miscellaneous challenges.

CTFProblem SolvingSecurity ChallengesReverse EngineeringGitHub
安装方式
npx skills add ljagiello/ctf-skills --skill solve-challenge
compare_arrows

Before / After 效果对比

0

description 文档

name: solve-challenge description: Solves CTF challenges by analyzing files, connecting to services, and applying exploitation techniques. Orchestrates category-specific CTF skills for pwn, crypto, web, reverse engineering, forensics, OSINT, malware analysis, and miscellaneous challenges. license: MIT compatibility: Requires filesystem-based agent (Claude Code or similar) with bash, Python 3, and internet access. Orchestrates other ctf-* skills. allowed-tools: Bash Read Write Edit Glob Grep Task WebFetch WebSearch Skill metadata: user-invocable: "true" argument-hint: "[category] [challenge-file-or-url]"

CTF Challenge Solver

You're a skilled CTF player. Your goal is to solve the challenge and find the flag.

Workflow

Step 1: Recon

  1. Explore files -- List the challenge directory, run file * on everything
  2. Triage binaries -- strings, xxd | head, binwalk, checksec on binaries
  3. Fetch links -- If the challenge mentions URLs, fetch them FIRST for context
  4. Connect -- Try remote services (nc) to understand what they expect
  5. Read hints -- Challenge descriptions, filenames, and comments often contain clues

Step 2: Categorize

Determine the primary category, then invoke the matching skill.

By file type:

  • .pcap, .pcapng, .evtx, .raw, .dd, .E01 -> forensics
  • .elf, .exe, .so, .dll, binary with no extension -> reverse or pwn (check if remote service provided -- if yes, likely pwn)
  • .py, .sage, .txt with numbers -> crypto
  • .apk, .wasm, .pyc -> reverse
  • Web URL or source code with HTML/JS/PHP/templates -> web
  • Images, audio, PDFs with no obvious content -> forensics (steganography)

By challenge description keywords:

  • "buffer overflow", "ROP", "shellcode", "libc", "heap" -> pwn
  • "RSA", "AES", "cipher", "encrypt", "prime", "modulus", "lattice", "LWE", "GCM" -> crypto
  • "XSS", "SQL", "injection", "cookie", "JWT", "SSRF" -> web
  • "disk image", "memory dump", "packet capture", "registry", "power trace", "side-channel", "spectrogram", "audio tracks", "MKV" -> forensics
  • "find", "locate", "identify", "who", "where" -> osint
  • "obfuscated", "packed", "C2", "malware", "beacon" -> malware
  • "jail", "sandbox", "escape", "encoding", "signal", "game", "Nim", "commitment", "Gray code" -> misc

By service behavior:

  • Port with interactive prompt, crash on long input -> pwn
  • HTTP service -> web
  • netcat with math/crypto puzzles -> crypto
  • netcat with restricted shell or eval -> misc (jail)

Step 3: Invoke the Category Skill

Once you identify the category, invoke the matching skill to get specialized techniques:

| Category | Invoke | When to Use | |----------|--------|-------------| | Web | /ctf-web | XSS, SQLi, SSTI, SSRF, JWT, file uploads, prototype pollution | | Pwn | /ctf-pwn | Buffer overflow, format string, heap, ROP, sandbox escape | | Crypto | /ctf-crypto | RSA, AES, ECC, PRNG, ZKP, classical ciphers | | Reverse | /ctf-reverse | Binary analysis, game clients, VMs, obfuscated code | | Forensics | /ctf-forensics | Disk images, memory dumps, event logs, stego, network captures | | OSINT | /ctf-osint | Social media, geolocation, DNS, public records | | Malware | /ctf-malware | Obfuscated scripts, C2 traffic, PE/.NET analysis | | Misc | /ctf-misc | Jails, encodings, RF/SDR, esoteric languages, constraint solving |

You can also invoke /ctf-<category> to load the full skill instructions with detailed techniques.

Step 4: Pivot When Stuck

If your first approach doesn't work:

  1. Re-examine assumptions -- Is this really the category you think? A "web" challenge might need crypto for JWT forgery. A "forensics" PCAP might contain a pwn exploit to replay.
  2. Try a different category skill -- Many challenges span multiple categories. Invoke a second skill for the cross-cutting technique.
  3. Look for what you missed -- Hidden files, alternate ports, response headers, comments in source, metadata in images.
  4. Simplify -- If an exploit is too complex, check if there's a simpler path (default creds, known CVE, logic bug).
  5. Check edge cases -- Off-by-one, race conditions, integer overflow, encoding mismatches.

Common multi-category patterns:

  • Forensics + Crypto: encrypted data in PCAP/disk image, need crypto to decrypt
  • Web + Reverse: WASM or obfuscated JS in web challenge
  • Web + Crypto: JWT forgery, custom MAC/signature schemes
  • Reverse + Pwn: reverse the binary first, then exploit the vulnerability
  • Forensics + OSINT: recover data from dump, then trace it via public sources
  • Misc + Crypto: jail escape requires building crypto primitives under constraints
  • OSINT + Stego: social media posts with unicode homoglyph steganography (Cyrillic lookalikes encode bits)
  • Web + Forensics: paywall bypass (curl reveals content hidden by CSS overlays)
  • Misc + Crypto + Game Theory: multi-phase interactive challenges with AES decryption → HMAC commitment → combinatorial game solving (GF(256) Nim)
  • Crypto + Geometry + Lattice: multi-layer challenges progressing from spatial reconstruction → subspace recovery → LWE solving → AES-GCM decryption
  • Forensics + Signal Processing: power traces / side-channel analysis requiring statistical analysis of measurement data
  • Forensics + Network + Encoding: timing-based encoding in PCAP (inter-packet intervals encode binary data)

Flag Formats

Flags vary by CTF. Common formats:

  • flag{...}, FLAG{...}, CTF{...}, TEAM{...}
  • Custom prefixes: check the challenge description or CTF rules for the format (e.g., ENO{...}, HTB{...}, picoCTF{...})
  • Sometimes just a plaintext string with no wrapper

Validation rule (important):

  • If you find multiple flag-like strings, treat them as candidates and validate before finalizing.
  • Prefer the token tied to the intended artifact/workflow (not random metadata noise or obvious decoys).
  • Do a corpus-wide uniqueness check and include the source file/path when reporting.
# Search for common flag patterns in files
grep -rniE '(flag|ctf|eno|htb|pico)\{' .
# Search in binary/memory output
strings output.bin | grep -iE '\{.*\}'

Quick Reference

# Recon
file *                                    # Identify file types
strings binary | grep -i flag             # Quick string search
xxd binary | head -20                     # Hex dump header
binwalk -e firmware.bin                   # Extract embedded files
checksec --file=binary                    # Check binary protections

# Connect
nc host port                              # Connect to challenge
echo -e "answer1\nanswer2" | nc host port # Scripted input
curl -v http://host:port/                 # HTTP recon

# Python exploit template
python3 -c "
from pwn import *
r = remote('host', port)
r.interactive()
"

Challenge

$ARGUMENTS

forum用户评价 (0)

发表评价

效果
易用性
文档
兼容性

暂无评价,来写第一条吧

统计数据

安装量0
评分0.0 / 5.0
版本1.0.0
更新日期2026年3月17日
对比案例0 组

用户评分

0.0(0)
5
0%
4
0%
3
0%
2
0%
1
0%

为此 Skill 评分

0.0

兼容平台

🔧Claude Code

时间线

创建2026年3月17日
最后更新2026年3月17日