by ljagiello
Agent skills for solving CTF challenges - web exploitation, binary pwn, crypto, reverse engineering, forensics, OSINT, and more
# Add to your Claude Code skills
git clone https://github.com/ljagiello/ctf-skillsAgent Skills for solving CTF challenges — web exploitation, binary pwn, crypto, reverse engineering, forensics, OSINT, and more. Works with any tool that supports the Agent Skills spec, including Claude Code.
npx skills add ljagiello/ctf-skills
| Skill | Files | Description |
|-------|-------|-------------|
| ctf-web | 7 | SQLi, XSS, SSTI, SSRF (Host header, DNS rebinding), JWT (JWK/JKU/KID injection), prototype pollution, file upload RCE, Node.js VM escape, XXE, JSFuck, Web3/Solidity, delegatecall abuse, transient storage clearing collision, Groth16 proof forgery, phantom market unresolve, HAProxy bypass, polyglot XSS, CVEs, HTTP TRACE bypass, LLM jailbreak, Tor fuzzing, SSRF→Docker API RCE, PHP type juggling, PHP LFI / php://filter, DOM XSS jQuery hashchange, XML entity WAF bypass, React Server Components Flight RCE (CVE-2025-55182), XS-Leak timing oracle, GraphQL CSRF, Unicode case folding XSS (long-s U+017F), CSS font glyph container query exfiltration, Hyperscript CDN CSP bypass, PBKDF2 prefix timing oracle, SSTI __dict__.update() quote bypass, ERB SSTI Sequel bypass, affine cipher OTP brute-force, Express.js %2F middleware bypass, IDOR on WIP endpoints, OAuth/OIDC exploitation, CORS misconfiguration, Thymeleaf SpEL SSTI + Spring FileCopyUtils WAF bypass |
| ctf-pwn | 9 | Buffer overflow, ROP chains, ret2csu, ret2vdso, bad char XOR bypass, exotic gadgets (BEXTR/XLAT/STOSB/PEXT), stack pivot (xchg rax,esp, double leave;ret to BSS), SROP with UTF-8 constraints, format string, heap exploitation (unlink, House of Apple 2, Einherjar, signed/unsigned char underflow, tcache pointer decryption, unsorted bin promotion, XOR keystream brute-force write), FSOP (stdout TLS leak, TLS destructor __call_tls_dtors hijack, leakless libc via multi-fgets stdout overwrite), RETF x64→x32 architecture switch seccomp bypass, GC null-ref cascading corruption, stride-based OOB leak, canary byte-by-byte brute force, seccomp bypass, sandbox escape, custom VMs, VM UAF slab reuse, io_uring UAF SQE injection, integer truncation int32→int16, musl libc heap (meta pointer + atexit), custom shadow stack pointer overflow bypass, signed int overflow negative OOB heap write, XSS-to-binary pwn bridge, Linux kernel exploitation (ret2usr, kernel ROP prepare_kernel_cred/commit_creds, modprobe_path, core_pattern, tty_struct kROP, userfaultfd race, SLUB heap spray, KPTI trampoline/signal handler bypass, KASLR/FGKASLR __ksymtab bypass, SMEP/SMAP, GDB module debugging, initramfs/virtio-9p workflow, MADV_DONTNEED race window extension, cross-cache CPU-split attack, PTE overlap file write) |
| ctf-crypto | 9 | RSA (small e, common modulus, Wiener, Fermat, Pollard p-1, Hastad broadcast, Coppersmith, Manger, Manger OAEP timing, p=q bypass, cube root CRT, phi multiple factoring), AES, ECC (Ed25519 torsion side channel), ECDSA nonce reuse, PRNG ...
No comments yet. Be the first to share your thoughts!