ctf-pwn
The ctf-pwn skill provides a reference for binary exploitation techniques in CTF challenges, including buffer overflows, ROP, heap exploitation, and kernel-level attacks. It offers command-line snippets for analysis, gadget discovery, and debugging, alongside documentation for specific exploit patterns.
Is ctf-pwn safe to install?
Review the source first: our audit of ctf-pwn's source files found 16 shell commands, 1 external URL, file reads and writes (high risk). Every command and URL listed appears verbatim in the skill's source. The skill provides instructions to execute shell commands, install system packages, and interact with network services via netcat, which carries significant security risk.
How we audit skills: our security review methodology.
Who is this skill for?
CTF participants and security researchers working on binary exploitation challenges.
What can you do with it?
- Identifying binary protections with checksec
- Finding ROP gadgets in binaries
- Debugging binaries with gdb
- Exploiting stack and heap vulnerabilities
- Performing kernel exploitation
- Bypassing security mitigations like PIE, RELRO, and canaries
How good is this skill?
Quality score: 5/10. The skill is well-structured, provides clear prerequisites, and offers specific, actionable commands for common CTF exploitation scenarios.
What does the skill file contain?
# CTF Binary Exploitation (Pwn) Quick reference for binary exploitation (pwn) CTF challenges. Each technique has a one-liner here; see supporting files for full details. ## Prerequisites **Python packages (all platforms):** ```bash pip install pwntools ropper ROPgadget ``` **Linux (apt):** ```bash apt install gdb binutils strace ltrace qemu-system-x86 ``` **macOS (Homebrew):** ```bash brew install gdb binutils qemu ``` **Ruby gems (all platforms):** ```bash gem install one_gadget seccomp-tools ``` **Manual install:** - pwndbg — Linux: [GitHub](https://github.com/pwndbg/pwndbg), macOS: `...
Frequently asked questions
When should I use this skill?
Use this skill when you have a vulnerable native target or service and need to perform memory corruption or low-level exploitation.
What should I do if I do not understand the binary?
Switch to the /ctf-reverse skill to perform reverse engineering before attempting exploitation.
Does this skill handle web or crypto challenges?
No. Use /ctf-web for web-based vulnerabilities and /ctf-crypto for cryptographic challenges.
Related skills
openclaw-secure-linux-cloud
270.1KUsers deploying OpenClaw on remote Linux cloud servers or VMs who require secure, hardened configurations
This skill provides a secure deployment and hardening framework for self-hosting OpenClaw on Linux cloud servers. It prioritizes private control planes, loopback binding, and SSH tunneling over public exposure.
find-skills
225.2KUsers and AI agents seeking to discover, evaluate, and install third-party agent skills from public registries
The find-skills skill searches multiple agent skill registries (skills.sh, clawhub.ai, and GitHub) in parallel to help users discover, vet, and install relevant agent capabilities. It provides a comparative report based on native popularity metrics, performs a heuristic security scan on top candidates, and flags skills already present on the user's system.
supabase
153.8KDevelopers building applications with Supabase who require assistance with database schema design, security policy implementation, CLI operations, and integration troubleshooting
The Supabase skill provides guidance for developing with the Supabase platform, including database management, authentication, RLS policies, CLI usage, and MCP server integration. It emphasizes verifying implementation against current documentation, following security checklists, and using specific CLI commands for schema migrations.
firebase-auth-basics
98.6KDevelopers building applications with Firebase who need to implement user sign-in, management, or secure data access
This skill provides guidance for configuring and managing Firebase Authentication, including user identity providers, token handling, and deployment of authentication settings via the Firebase CLI.