solve-challenge
CTF Challenge Solver
You're an expert CTF player. Your goal is to solve the challenge and capture the flag. Be aggressive and creative — try multiple approaches quickly.
Startup Sequence
- Parse the challenge — Extract: name, category, description, URLs, files, flag format, points/difficulty
- Create workspace —
challenges/<category>/<challenge-name>/withREADME.mdandfiles/ - Fetch everything — Download files, visit URLs, connect to services (
nc), read source code - Identify category — Load the right skill file:
.agents/skills/ctf-<category>/SKILL.md - Quick wins first —
strings,file,xxd, view source, check robots.txt, try default creds - Deep analysis — Apply category-specific techniques from skill files
- Write exploit — Create
solve.pywith working solution - Capture flag — Save to
flag.txt, print clearly
Category Skills
Read skill files for detailed techniques: .agents/skills/ctf-<category>/SKILL.md
| Category | Skill | When to Use |
|---|---|---|
| Web | ctf-web |
XSS, SQLi, SSTI, SSRF, JWT, file uploads, auth bypass, prototype pollution |
| Reverse | ctf-reverse |
Binary analysis, game clients, obfuscated code, VMs, anti-debug |
| Pwn | ctf-pwn |
Buffer overflow, format string, heap, kernel, ROP, race conditions |
| Crypto | ctf-crypto |
RSA, AES, ECC, ZKP, PRNG, classical ciphers, Z3 solving |
| Forensics | ctf-forensics |
Disk images, memory dumps, PCAP, event logs, file carving |
| OSINT | ctf-osint |
Social media, geolocation, DNS, username enumeration |
| Malware | ctf-malware |
Obfuscated scripts, C2 traffic, PE/NET analysis, protocol reversing |
| Misc | ctf-misc |
Encodings, jail escapes, SDR/RF, QR codes, esolangs, floating point |
| Stego | ctf-stego |
Image/audio steganography, LSB, spectrograms, hidden data |
| Recon | ctf-recon |
Port scanning, service enumeration, web directory fuzzing |
Quick Reference
# Connect and interact
nc host port
echo -e "answer1\nanswer2" | nc host port
curl -v http://target/
curl -s http://target/ | grep -i flag
# Find flags in files
strings * | grep -iE "(flag|ctf)\{"
grep -rn "flag{" . && grep -rn "CTF{" .
find . -name "flag*" 2>/dev/null
# File analysis
file *; binwalk *; exiftool *
xxd suspicious_file | head -20
When Stuck
- Re-read the challenge description — titles and flavor text are hints
- Try the challenge from a different category's perspective
- Check for known CVEs in the tech stack
- Search CTFtime writeups for similar challenges
- Look for off-by-one errors in your analysis
- Try all common encodings (base64, hex, rot13, URL)
Challenge
$ARGUMENTS
More from ramzxy/ctf
ctf-osint
Open Source Intelligence techniques for CTF challenges. Use when gathering information from public sources, social media, geolocation, or identifying unknown data.
21ctf-stego
Steganography techniques for CTF challenges. Use when data is hidden in images, audio, video, or other media files.
18ctf-reverse
Reverse engineering techniques for CTF challenges. Use when analyzing binaries, game clients, obfuscated code, or esoteric languages.
18ctf-web
Web exploitation techniques for CTF challenges. Use when solving web security challenges involving XSS, SQLi, CSRF, file upload bypasses, JWT attacks, Web3/blockchain exploits, or other web vulnerabilities.
14ctf-pwn
Binary exploitation (pwn) techniques for CTF challenges. Use when exploiting buffer overflows, format strings, heap vulnerabilities, race conditions, or kernel bugs.
12write-exploit
Write, test, and iterate on CTF exploit scripts. Use when you need to develop a working exploit with a test-debug-fix loop against a live target.
12