← ClaudeAtlas

pentest-ctflisted

CTF (Capture the Flag) challenge solving advisory — HackTheBox, TryHackMe, PicoCTF, web/pwn/rev/crypto/forensics. Triggers on CTF, HackTheBox, HTB, TryHackMe, THM, PicoCTF, OverTheWire, pwn, reverse engineering, crypto challenge, forensics challenge, stego.
fatihkan/badi · ★ 5 · AI & Automation · score 76
Install: claude install-skill fatihkan/badi
# pentest-ctf CTF (Capture the Flag) challenge solving. **Authorization: CTF platforms authorize attacks on their own platforms** (in HackTheBox, THM, etc. ROEs). Use against any other platform counts as a violation. ## Triggers - "HackTheBox machine" - "TryHackMe room" - "PicoCTF challenge" - "pwn challenge" - "reverse engineering challenge" - "crypto challenge" - "stego challenge" ## Category-Based Approach ### Web ```bash # Typical flag: HTB{...}, picoCTF{...}, flag.txt # Approach: 1. Nmap full TCP (-p-) 2. HTTP banner + tech detect (whatweb) 3. Content discovery (ffuf / gobuster) 4. Parameter discovery (paramspider, Arjun) 5. SQL injection (sqlmap test but LOUD) 6. SSRF / XXE / SSTI / template injection 7. Source code reveal (.git, .env, backup files) ``` ### Pwn (Binary Exploitation) ```bash # Typical: ELF binary + nc <host> <port> # Approach: 1. `file ./challenge` + checksec 2. Strings + disassemble the main function (Ghidra) 3. Detect the vulnerability class: - Buffer overflow (stack) - Format string - Use-after-free - Heap overflow / off-by-one 4. ROP gadget search (ROPgadget / rp++) 5. Write the exploit (pwntools) 6. Local test -> remote ``` ```python # Pwntools template from pwn import * context.arch = 'amd64' context.log_level = 'debug' # Local vs remote local = True if local: p = process('./challenge') else: p = remote('host', port) # Exploit payload = b'A'*40 + p64(0xdeadbeef) p.sendline(payload) p.interactive() ``` ### Reverse En