ctf-web
Web exploitation techniques for CTF challenges covering injection, authentication, access control, and client-side attacks.
- Covers 20+ attack categories: SQLi, XSS, SSTI, SSRF, XXE, command injection, path traversal, JWT/OAuth/SAML, prototype pollution, deserialization, file upload RCE, and race conditions
- Includes quick-reference payloads, filter bypasses, and multi-stage exploitation chains with real CTF examples (HTB, Pragyan, Nullcon)
- Supporting markdown files detail server-side attacks (ExifTool, Go rune bypass, Flask debug mode, Docker SSRF chains), client-side techniques (DOM clobbering, XS-Leak, Unicode case folding), and infrastructure auth (CI/CD credential theft, identity provider takeover)
- Requires filesystem agent with bash, Python 3, and internet access for tool installation (sqlmap, ffuf, hashcat, ysoserial)
CTF Web Exploitation
Use this skill as a routing and execution guide for web-heavy challenges. Keep the first pass short: map the app, confirm the trust boundary, and only then dive into the detailed technique notes.
Prerequisites
Python packages (all platforms):
pip install sqlmap flask-unsign requests
Linux (apt):
apt install hashcat jq curl
macOS (Homebrew):
brew install hashcat jq curl
More from ljagiello/ctf-skills
ctf-reverse
Provides reverse engineering techniques for CTF challenges. Use when the main job is to understand how a compiled, obfuscated, packed, or virtualized target works before exploiting or solving it, including binaries, APKs, WASM, firmware, custom VMs, bytecode, game clients, malware-like loaders, and anti-debug or anti-analysis logic. Do not use it when the vulnerability is already understood and the remaining task is exploitation; use pwn instead. Do not use it for pure web workflows, log or disk forensics, or standalone crypto problems unless reversing the implementation is the real blocker.
3.7Kctf-pwn
Provides binary exploitation techniques for CTF challenges. Use when you already have a vulnerable native target or service and need to turn memory corruption or low-level primitives into code execution or privilege escalation, such as buffer overflows, format strings, heap bugs, ROP, ret2libc, shellcode, kernel exploitation, seccomp bypass, sandbox escape, or Windows/Linux exploit chains. Do not use it when the main blocker is understanding what the binary does; use reverse engineering first. Do not use it for pure web bugs, disk or packet forensics, or standalone crypto/math challenges.
3.4Kctf-crypto
Provides cryptography attack techniques for CTF challenges. Use when attacking encryption, hashing, signatures, ZKP, PRNG, or mathematical crypto problems involving RSA, AES, ECC, lattices, LWE, CVP, number theory, Coppersmith, Pollard, Wiener, padding oracle, GCM, key derivation, or stream/block cipher weaknesses.
3.3Kctf-osint
Provides open source intelligence techniques for CTF challenges. Use when gathering information from public sources, social media, geolocation, DNS records, username enumeration, reverse image search, Google dorking, Wayback Machine, Tor relays, FEC filings, or identifying unknown data like hashes and coordinates.
3.2Kctf-forensics
Provides digital forensics and signal analysis techniques for CTF challenges. Use when analyzing disk images, memory dumps, event logs, network captures, cryptocurrency transactions, steganography, PDF analysis, Windows registry, Volatility, PCAP, Docker images, coredumps, side-channel power traces, DTMF audio spectrograms, packet timing analysis, CD audio disc images, or recovering deleted files and credentials.
3.2Kctf-misc
Provides miscellaneous CTF challenge techniques for problems that do not cleanly fit the main categories. Use for encoding puzzles, pyjails, bash jails, RF/SDR, DNS oddities, unicode tricks, esoteric languages, QR or audio puzzles, constraint solving, game theory, unusual sandbox escapes, and hybrid logic puzzles. Prefer a more specific skill first when the challenge is mainly web, pwn, reverse, forensics, malware, OSINT, or crypto. Treat this as the fallback skill for genuine cross-category or edge-case challenges, not the default starting point.
3.2K