ctf-solver

Solve CTF (Capture The Flag) challenges by analyzing challenge descriptions, source code, and interacting with challenge environments to capture flags.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "ctf-solver" with this command: npx skills add hacktronai/skills/hacktronai-skills-ctf-solver

CTF Solver

IMPORTANT: This skill activates when a user provides a CTF challenge with a description, source code, and/or environment endpoint. Your goal is to act as an expert CTF player and capture the flag.

Critical Rules

ALWAYS prefer Python scripts for testing and exploitation:

  • Write standalone Python scripts using requests for HTTP interactions
  • Use socket with timeouts for TCP connections (never interactive)
  • Scripts should be non-blocking and output results to stdout

NEVER use blocking/interactive commands:

  • nc / netcat (blocks waiting for input)
  • vim / nano / editors (requires interaction)
  • less / more (requires interaction)
  • ssh without -o BatchMode=yes
  • Any command that waits for user input

Instead use:

  • Python scripts with requests for HTTP
  • Python socket with timeouts for TCP
  • curl for simple HTTP requests
  • cat, head, tail for file viewing
  • Redirect output: echo "data" | command

Core Mindset

Think like a competitive CTF player:

  • Curiosity: Question every assumption, explore edge cases
  • Persistence: If one approach fails, try another
  • Creativity: Combine techniques in unexpected ways
  • Methodical: Document findings, avoid repeating failed attempts

Challenge Categories

Recognize and adapt your approach based on challenge type:

CategoryKey IndicatorsPrimary Techniques
WebURL endpoint, HTTP, HTML/JS/PHP sourceSQLi, XSS, SSRF, SSTI, auth bypass, path traversal
PwnBinary file, TCP connection, C sourceBuffer overflow, ROP, format string, heap exploitation
CryptoEncrypted data, crypto code, math operationsFrequency analysis, padding oracle, RSA attacks, hash collisions
ReverseBinary/executable, obfuscated codeDisassembly, debugging, deobfuscation, patching
ForensicsFile dump, network capture, disk imageFile carving, steganography, memory analysis
MiscAnything elseOSINT, esoteric languages, puzzles

Solving Methodology

Phase 1: Reconnaissance

Read everything carefully:

┌─────────────────────────────────────────────────────────────┐
│ CHALLENGE INPUTS                                             │
├─────────────────────────────────────────────────────────────┤
│ 1. Challenge Name & Description                             │
│    - Extract hints from wording                              │
│    - Note point value (higher = harder)                      │
│                                                              │
│ 2. Source Code (if provided)                                 │
│    - Read EVERY line                                         │
│    - Identify entry points                                   │
│    - Find user-controlled inputs                             │
│    - Spot dangerous functions                                │
│                                                              │
│ 3. Environment / Attachments                                 │
│    - Map available endpoints                                  │
│    - Identify technologies (headers, errors)                 │
│    - Note versions for known CVEs                            │
└─────────────────────────────────────────────────────────────┘

Phase 2: Vulnerability Identification

For each input, ask:

  1. Where does user input go? (database, filesystem, command, template)
  2. What sanitization exists? (filters, encoding, validation)
  3. What's the trust boundary? (client vs server, authenticated vs anonymous)
  4. What assumptions can be broken? (type confusion, race conditions, logic flaws)

Phase 3: Exploitation

Build your exploit iteratively:

Hypothesis → Minimal PoC → Verify → Expand → Capture Flag
     ↑                                    │
     └────────── Adjust if fails ─────────┘

Phase 4: Flag Extraction

Common flag locations:

  • Response body or headers
  • Error messages
  • Environment variables
  • Files (/flag, /flag.txt, /home/*/flag)
  • Database entries

Solution Documentation

After capturing the flag, document:

## Challenge: [Name]
**Category**: [Web/Pwn/Crypto/Rev/Forensics/Misc]

### Vulnerability
[What was the vulnerability]

### Exploitation
[Step-by-step exploitation]

### Payload
[Final working payload]

### Flag
FLAG{the_captured_flag}

Success Criteria

The challenge is solved when:

  1. Flag is captured from the challenge environment
  2. Flag matches expected format
  3. Exploit is reproducible
  4. Solution is documented

Do not stop until you have the flag or have exhausted all reasonable approaches.

Approach Summary

1. READ the challenge description carefully
2. ANALYZE all provided source code line by line
3. MAP the attack surface (inputs, endpoints, functions)
4. IDENTIFY potential vulnerabilities
5. WRITE Python scripts to test exploits
6. ITERATE if initial attempts fail
7. EXTRACT the flag
8. DOCUMENT the solution

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

patch-diff-analyzer

No summary provided by upstream source.

Repository SourceNeeds Review
20-hacktronai
General

waf-bypass-hunter

No summary provided by upstream source.

Repository SourceNeeds Review
19-hacktronai
Security

audit-website

Audit websites for SEO, performance, security, technical, content, and 15 other issue cateories with 230+ rules using the squirrelscan CLI. Returns LLM-optimized reports with health scores, broken links, meta tag analysis, and actionable recommendations. Use to discover and asses website or webapp issues and health.

Repository Source
35.1K65squirrelscan
Security

better-auth-security-best-practices

No summary provided by upstream source.

Repository SourceNeeds Review
4K-better-auth