数据库安装
- 作者仓库星标 2,276
- 许可证 MIT
- 作者更新于 实时读取
- 作者仓库 ctf-skills
- 领域
- 工程开发
- 兼容 Agent
-
- Claude Code
- Cursor
- Cline
- Codex
- Windsurf
- Gemini CLI
- +20
- 信任分
- 94 / 100 · 已通过审计
- 作者 / 版本 / 许可
- @ljagiello · MIT
- Token 消耗评级
- 低消耗
- 接入复杂程度
- 需手动接入
- 是否需要外部 API Key
- 不需要
- 兼容的系统
- macOS · Linux · Windows · Docker
- 底层运行要求
- Node.js · Python · Docker
- 文件与系统权限
-
- 只读
- 允许写入 / 修改
- Shell 执行
- 读取环境变量
- 网络行为
- 允许外网请求
- 安装命令数
- 26 条
档案由构建时根据 SKILL.md 与安装命令自动衍生,可能与作者实际意图存在差异。
需要注意: 未限定 allowed-tools,默认拥有全部工具权限。
---
name: ctf-web
description: Provides web exploitation techniques for CTF challenges. Use when the target is primarily an HTT…
category: 工程开发
runtime: Node.js / Python / Docker
---
# ctf-web 输出预览
## PART A: 任务判断
- 适用问题:代码实现、重构、调试或代码审查。
- 输入要求:目标材料、限制条件、期望输出和验收方式。
- 证据边界:围绕“Prerequisites / Additional Resources / When to Pivot”读取原文规则,不把推断写成作者承诺。
## PART B: 执行结果
- **01** 任务判断:确认你的需求是否属于代码实现、重构、调试或代码审查,并标出输入、限制和预期结果。
- **02** 执行计划:优先按“Prerequisites / Additional Resources / When to Pivot”拆成步骤,说明每一步会读取什么、修改什么、产出什么。
- **03** 交付结果:给出可复制的命令、文件改动、检查清单或内容草稿,并说明如何继续迭代。
- **04** 风险边界:结合 读取文件、写入/修改文件、执行终端命令、读取环境变量、会按任务需要访问外部网络、通常不需要额外 API Key 给出执行前确认项。
## Running Rules
- 读取文件、写入/修改文件、执行终端命令、读取环境变量;会按任务需要访问外部网络;通常不需要额外 API Key。
- 先小样例验证,再放大到真实任务。
- 交付时同时给结果、检查口径和下一步迭代建议。 原文出现了 `/ctf-reverse`、`/ctf-pwn`、`/ctf-crypto`、`/ctf-forensics`、`/ctf-osint` 这类斜杠命令;如果你的 Agent 支持命令触发,优先用命令开场,再补充目标和边界。
告诉 Agent 目标文件或材料、期望结果、不可改范围、是否允许联网或执行命令。本 Skill 的权限画像是:读取文件、写入/修改文件、执行终端命令、读取环境变量。
先用一个小任务确认它会围绕“Prerequisites / Additional Resources / When to Pivot”工作;涉及文件或命令时,先看 diff、日志、预览或测试结果。
检查最终产物是否包含明确结果、必要证据和下一步动作;如果输出泛泛而谈,就补充输入、边界和验收标准后重跑。
---
name: ctf-web
description: Provides web exploitation techniques for CTF challenges. Use when the target is primarily an HTT…
category: 工程开发
source: ljagiello/ctf-skills
---
# ctf-web
## 什么时候使用
- 把工程方向的常用动作沉淀成 Agent 可调用的技能 适合处理工程开发场景下的代码实现、调试、重构、测试或代码审查,核心价值是把输入、判断、执行、验证和交付边界固定下来,避免 Agent 泛泛回答。 把任务拆成可执行、可检查、可继续迭代…
- 面向代码实现、重构、调试或代码审查,优先处理能明确输入、步骤和验收标准的工作。
## 需要提供什么
- 目标材料、目录范围、期望结果和不可改动内容。
- 是否允许联网、执行命令、读写文件或调用外部服务。
## 执行规则
- 围绕「Prerequisites / Additional Resources / When to Pivot」组织步骤,不把推断写成作者事实。
- 读取文件、写入/修改文件、执行终端命令、读取环境变量;会按任务需要访问外部网络;通常不需要额外 API Key。
- 先跑小样例,确认结果可检查后再扩大任务范围。
## 输出要求
- 给出最终产物、关键证据、验证方式和下一步动作。
- 信息不足时标记 unknown,不编造命令、平台或依赖。 作者原文负责流程事实;仓库文件负责来源和命令;流狐只补充适用场景、限制和质量判断。
skill "ctf-web" {
输入层 -> 用户目标 + 目标文件 + 禁止范围 + 验收标准
上下文层 -> Prerequisites / Additional Resources / When to Pivot
规则层 -> SKILL.md 触发条件 / 执行顺序 / 输出格式
运行层 -> Node.js / Python / Docker | 读取文件、写入/修改文件、执行终端命令、读取环境变量 | 会按任务需要访问外部网络
安全层 -> 通常不需要额外 API Key + 小任务验证 + diff / 日志复核
输出层 -> 可复制结果 + 检查清单 + 下一步迭代
} CTF Web Exploitation
Use this skill as a routing and execution guide for web-heavy challenges. Keep the first pass short: map the app, confirm the trust boundary, and only then dive into the detailed technique notes.
Prerequisites
Python packages (all platforms):
pip install sqlmap flask-unsign requests
Linux (apt):
apt install hashcat jq curl
macOS (Homebrew):
brew install hashcat jq curl
Go tools (all platforms, requires Go):
go install github.com/ffuf/ffuf/v2@latest
Manual install:
- ysoserial — GitHub, requires Java (Java deserialization payloads)
Additional Resources
- sql-injection.md - SQL injection techniques: auth bypass, UNION extraction, filter bypasses, second-order SQLi, truncation, race-assisted leaks, INSERT ON DUPLICATE KEY UPDATE password overwrite, innodb_table_stats WAF bypass
- server-side.md - PHP type juggling, php://filter LFI, Python str.format traversal, SSTI (Jinja2, Twig, ERB, Mako, EJS, Vue.js, Smarty), SSRF (Host header, DNS rebinding, curl redirect, unescaped-dot regex, SNI FTP smuggling, mod_vhost_alias), PHP hash_hmac NULL
- server-side-2.md - XXE (basic, OOB, DOCX upload), XML injection via X-Forwarded-For, PHP variable variables, PHP uniqid predictable filename, sequential regex replacement bypass, command injection (newline, blocklist, sendmail CGI, multi-barcode, git CLI), GraphQL injection (introspection, batching, interpolation)
- server-side-exec.md - Direct code execution paths, upload-to-RCE, deserialization-adjacent execution, LaTeX injection, header and API abuses
- server-side-exec-2.md - More execution chains: SQLi fragmentation, path parser tricks, polyglot uploads, wrapper abuse, filename injection, BMP pixel webshell with filename truncation
- server-side-deser.md - Java/Python/PHP deserialization and race-condition playbooks, PHP SoapClient CRLF SSRF via deserialization
- server-side-advanced.md - Advanced SSRF, traversal, archive, parser, framework, and modern app-server issues, Nginx alias traversal
- server-side-advanced-2.md - Docker API SSRF, Castor/XML, Apache expression reads, parser discrepancies, Windows path tricks, rogue MySQL server file read
- server-side-advanced-3.md - Part 3 (CSAW/35C3/ASIS/PlaidCTF 2018): WAV polyglot upload, multi-slash URL
path.startswithbypass, Xalan XSLTmath:random()seed guess, SoapClient_user_agentCRLF method smuggling,gopher:///no-host URL scheme bypass, SSRF credential leak via attacker-specified outbound URL - server-side-advanced-4.md - Part 4: WeasyPrint SSRF/file read (CVE-2024-28184), MongoDB regex/$where blind oracle, Pongo2 Go template injection, ZIP PHP webshell, basename() bypass, wget CRLF SSRF→SMTP, Gopher SSRF to MySQL blind SQLi, React Server Components Flight RCE (CVE-2025-55182), AMQP/TLS interception via sslsplit+arpspoof, CairoSVG XXE, Bazaar repo reconstruction
- client-side.md - XSS, CSRF, cache poisoning, DOM tricks, admin bot abuse, request smuggling, paywall bypass
- client-side-advanced.md - CSP bypasses, Unicode tricks, XSSI, CSS exfiltration, browser normalization quirks, postMessage null origin bypass
- auth-and-access.md - Auth/authz bypasses, hidden endpoints, IDOR, redirect chains, subdomain takeover, AI chatbot jailbreaks
- auth-and-access-2.md - Part 2 (2018-era):
std::unordered_setbucket collision auth bypass,nodeprep.prepareUnicode homograph username collision, SRP A=0/A=N auth bypass, ArangoDB AQL MERGE privilege escalation - auth-jwt.md - JWT/JWE manipulation, weak secrets, header injection, key confusion, replay
- auth-infra.md - OAuth/OIDC, SAML, CORS, CI/CD secrets, IdP abuse, login poisoning
- node-and-prototype.md - Prototype pollution, JS sandbox escape, Node.js attack chains
- web3.md - Solidity and Web3 challenge notes
- cves.md - CVE-driven techniques you can match against challenge banners, headers, dependency leaks, or version strings
- field-notes.md - Long-form exploit notes: quick references for SQLi, XSS, LFI, JWT, SSTI, SSRF, command injection, XXE, deserialization, race conditions, auth bypass, and multi-stage chains
When to Pivot
- If the target is a native binary, custom VM, or firmware image, switch to
/ctf-reversefirst. - If the HTTP bug only gives you code execution and the hard part becomes memory corruption or seccomp escape, switch to
/ctf-pwn. - If the "web" challenge really turns on JWT math, custom MACs, or crypto primitives, switch to
/ctf-crypto. - If the web challenge involves analyzing logs, PCAPs, or recovering artifacts from a web server, switch to
/ctf-forensics. - If the challenge requires gathering intelligence from public web sources, DNS records, or social media before exploitation, switch to
/ctf-osint.
First-Pass Workflow
- Identify the real boundary: browser only, backend only, mixed app, or auth flow.
- Capture one normal request/response pair for every major feature before fuzzing.
- Enumerate hidden functionality from JS bundles, response headers, routes, and alternate methods.
- Classify the likely bug family: injection, authz, parser mismatch, upload, trust proxy, state machine, or client-side execution.
- Build the smallest proof first: leak, bypass, or primitive. Save full exploit chaining for later.
Quick Start Commands
# Recon
curl -sI https://target.com
ffuf -u https://target.com/FUZZ -w wordlist.txt
curl -s https://target.com/robots.txt
# SQLi quick test
sqlmap -u "https://target.com/page?id=1" --batch --dbs
# JWT decode (no verification)
echo '<token>' | cut -d. -f2 | base64 -d 2>/dev/null | jq .
# Cookie decode (Flask)
flask-unsign --decode --cookie '<cookie>'
flask-unsign --unsign --cookie '<cookie>' --wordlist rockyou.txt
# SSTI probes
curl "https://target.com/page?name={{7*7}}"
curl "https://target.com/page?name={{config}}"
# Request inspection
curl -v -X POST https://target.com/api -H "Content-Type: application/json" -d '{}'
First Questions to Answer
- Is the flag likely in the browser, an API response, a local file, a database row, or an internal service?
- Does the app trust user-controlled data in templates, redirects, file paths, headers, serialized objects, or background jobs?
- Are there multiple parsers disagreeing with each other: proxy vs app, URL parser vs fetcher, sanitizer vs browser, serializer vs filter?
- Can you turn the bug into a smaller primitive first: read one file, forge one token, call one internal endpoint, trigger one bot visit?
High-Value Recon Checks
- Read the HTML, inline scripts, and bundled JS before guessing the API surface.
- Compare what the UI submits with what the backend accepts; optional JSON fields often unlock hidden paths.
- Check obvious metadata and helper paths early:
/robots.txt,/sitemap.xml,/.well-known/,/admin,/debug,/.git/,/.env. - Try alternate verbs and content types on interesting routes:
GET,POST,PUT,PATCH,TRACE, JSON, form, multipart, XML. - Treat file upload, PDF/export, webhook, OAuth callback, and admin bot features as likely exploit multipliers.
Fast Pattern Map
- SQL errors, odd filtering, or state-dependent DB behavior: start with sql-injection.md.
- Templating, file reads, SSRF, command execution, XML, or parser bugs: start with server-side.md and server-side-exec.md.
- XSS, CSP bypass, admin bot, client routing, DOM issues, or scriptless exfiltration: start with client-side.md.
- Session forgery, hidden admin routes, JWT, OAuth, SAML, or weak trust boundaries: start with auth-and-access.md, auth-jwt.md, and auth-infra.md.
- Node.js apps, prototype pollution, VM sandboxes, or SSRF into internal services: add node-and-prototype.md.
- Smart contract frontends or blockchain-integrated apps: add web3.md.
Common Chain Shapes
- Recon -> hidden route -> auth bypass -> internal file read -> token or flag
- XSS or HTML injection -> admin bot -> privileged action -> secret leak
- Traversal or upload -> config/source leak -> secret recovery -> session forgery
- SSRF -> metadata or internal API -> credential leak -> code execution
- SQLi or NoSQL injection -> credential bypass -> second-stage template or upload abuse
Deep-Dive Notes
Use field-notes.md once you have confirmed the challenge is truly web-heavy and you need the long exploit catalog.
- Recon, SQLi, XSS, traversal, JWT, SSTI, SSRF, XXE, and command injection quick notes
- Deserialization, race conditions, file upload to RCE, and multi-stage chain examples
- Node, OAuth/SAML, CI/CD, Web3, bot abuse, CSP bypasses, and modern browser tricks
- CVE-shaped playbooks and older challenge patterns that still show up in modern CTFs
Common Flag Locations
- Files:
/flag.txt,/flag,/app/flag.txt,/home/*/flag* - Environment:
/proc/self/environ, process command line, debug config dumps - Database: tables named
flag,flags,secret, or seeded challenge content - HTTP: custom headers, archived responses, hidden routes, admin exports
- Browser: hidden DOM nodes,
data-*attributes, inline state objects, source maps
先判断是否适合
作者设计意图
作者的方法与取舍
边界和复核