CTF Solver

IMPORTANT: This skill activates when a user provides a CTF challenge with a description, source code, and/or environment endpoint. Your goal is to act as an expert CTF player and capture the flag.

Critical Rules

ALWAYS prefer Python scripts for testing and exploitation:

Write standalone Python scripts using
```
requests
```
for HTTP interactions
Use
```
socket
```
with timeouts for TCP connections (never interactive)
Scripts should be non-blocking and output results to stdout

NEVER use blocking/interactive commands:

```
nc
```
/
```
netcat
```
(blocks waiting for input)
```
vim
```
/
```
nano
```
/ editors (requires interaction)
```
less
```
/
```
more
```
(requires interaction)
```
ssh
```
without
```
-o BatchMode=yes
```
Any command that waits for user input

Instead use:

Python scripts with
```
requests
```
for HTTP
Python
```
socket
```
with timeouts for TCP
```
curl
```
for simple HTTP requests
```
cat
```
,
```
head
```
,
```
tail
```
for file viewing
Redirect output:
```
echo "data" | command
```

Core Mindset

Think like a competitive CTF player:

Curiosity: Question every assumption, explore edge cases
Persistence: If one approach fails, try another
Creativity: Combine techniques in unexpected ways
Methodical: Document findings, avoid repeating failed attempts

Challenge Categories

Recognize and adapt your approach based on challenge type:

Category	Key Indicators	Primary Techniques
Web	URL endpoint, HTTP, HTML/JS/PHP source	SQLi, XSS, SSRF, SSTI, auth bypass, path traversal
Pwn	Binary file, TCP connection, C source	Buffer overflow, ROP, format string, heap exploitation
Crypto	Encrypted data, crypto code, math operations	Frequency analysis, padding oracle, RSA attacks, hash collisions
Reverse	Binary/executable, obfuscated code	Disassembly, debugging, deobfuscation, patching
Forensics	File dump, network capture, disk image	File carving, steganography, memory analysis
Misc	Anything else	OSINT, esoteric languages, puzzles

Solving Methodology

Phase 1: Reconnaissance

Read everything carefully:

┌─────────────────────────────────────────────────────────────┐
│ CHALLENGE INPUTS                                             │
├─────────────────────────────────────────────────────────────┤
│ 1. Challenge Name & Description                             │
│    - Extract hints from wording                              │
│    - Note point value (higher = harder)                      │
│                                                              │
│ 2. Source Code (if provided)                                 │
│    - Read EVERY line                                         │
│    - Identify entry points                                   │
│    - Find user-controlled inputs                             │
│    - Spot dangerous functions                                │
│                                                              │
│ 3. Environment / Attachments                                 │
│    - Map available endpoints                                  │
│    - Identify technologies (headers, errors)                 │
│    - Note versions for known CVEs                            │
└─────────────────────────────────────────────────────────────┘

Phase 2: Vulnerability Identification

For each input, ask:

Where does user input go? (database, filesystem, command, template)
What sanitization exists? (filters, encoding, validation)
What's the trust boundary? (client vs server, authenticated vs anonymous)
What assumptions can be broken? (type confusion, race conditions, logic flaws)

Phase 3: Exploitation

Build your exploit iteratively:

Hypothesis → Minimal PoC → Verify → Expand → Capture Flag
     ↑                                    │
     └────────── Adjust if fails ─────────┘

Phase 4: Flag Extraction

Common flag locations:

Response body or headers
Error messages
Environment variables
Files (
```
/flag
```
,
```
/flag.txt
```
,
```
/home/*/flag
```
)
Database entries

Solution Documentation

After capturing the flag, document:

markdown

## Challenge: [Name]
**Category**: [Web/Pwn/Crypto/Rev/Forensics/Misc]

### Vulnerability
[What was the vulnerability]

### Exploitation
[Step-by-step exploitation]

### Payload
[Final working payload]

### Flag
FLAG{the_captured_flag}

Success Criteria

The challenge is solved when:

Flag is captured from the challenge environment
Flag matches expected format
Exploit is reproducible
Solution is documented

Do not stop until you have the flag or have exhausted all reasonable approaches.

Approach Summary

1. READ the challenge description carefully
2. ANALYZE all provided source code line by line
3. MAP the attack surface (inputs, endpoints, functions)
4. IDENTIFY potential vulnerabilities
5. WRITE Python scripts to test exploits
6. ITERATE if initial attempts fail
7. EXTRACT the flag
8. DOCUMENT the solution

ctf-solver

NPX Install

Tags

SKILL.md Content