一键在 Manus 中运行任何 Skill

write-exploit

星标1

分支0

更新时间2026年2月6日 23:54

Write, test, and iterate on CTF exploit scripts. Use when you need to develop a working exploit with a test-debug-fix loop against a live target.

安装

用 Codex 或 Claude 帮你安装复制这段 Prompt，粘贴到 Codex、Claude 或其他助手里，让它检查 Skill 页面并帮你完成安装。

在 Manus 中运行

来源

ramzxy

ramzxy/CTF

打开 GitHub 仓库查看创作者相关仓库

下载

在 Manus 中运行

Exploit Development Loop

Write exploits iteratively — run, observe, fix, repeat until the flag drops.

Workflow

Understand the vulnerability — Read challenge source/binary analysis first
Write initial exploit — Start simple, add complexity as needed
Test against target — Run locally first, then remote
Debug failures — Read output carefully, add debug prints, check assumptions
Iterate — Fix and re-run until flag captured
Clean up — Save working exploit as solve.py, flag to flag.txt

Exploit Templates

Binary Exploitation (pwntools)

#!/usr/bin/env python3
from pwn import *

context.binary = elf = ELF('./binary')
# context.log_level = 'debug'

def conn():
    if args.REMOTE:
        return remote('HOST', PORT)
    return process('./binary')

io = conn()

# === EXPLOIT HERE ===

io.interactive()

Web Exploitation (requests)

#!/usr/bin/env python3
import requests
import sys

TARGET = sys.argv[1] if len(sys.argv) > 1 else 'http://localhost:8080'
s = requests.Session()

# === EXPLOIT HERE ===

print(f"FLAG: {flag}")

Crypto Solve Script

#!/usr/bin/env python3
from Crypto.Util.number import *
from pwn import *

# === GIVEN VALUES ===

# === SOLVE ===

flag = long_to_bytes(m)
print(f"FLAG: {flag.decode()}")

Pwntools Remote Interaction

#!/usr/bin/env python3
from pwn import *

io = remote('HOST', PORT)

# Read until prompt
io.recvuntil(b'> ')

# Send payload
io.sendline(payload)

# Get response
response = io.recvline()
print(f"Response: {response}")

# Interactive mode for shell
io.interactive()

Debug Tips

Use context.log_level = 'debug' for full pwntools traffic
Add print(f"[*] payload: {payload.hex()}") before sends
Use io.recv(timeout=2) to see unexpected output
Check io.can_recv() before blocking reads
Use gdb.attach(io) for local debugging with breakpoints
For web: print(r.status_code, r.text[:500]) after every request

Common Pitfalls

Wrong endianness: Use p64() for little-endian, p64(val, endian='big') for big
Newline issues: sendline() adds \n, send() doesn't — know which the server expects
Timing: Add sleep(0.5) between sends if server is slow
Encoding: Web payloads may need URL encoding, base64, or hex
Stack alignment: x86-64 needs 16-byte alignment — add extra ret gadget
Python 2 vs 3: pwntools works with bytes in Python 3 — use b"string" not "string"

Iteration Pattern

1. Write exploit → run → "Connection refused"
   Fix: Check host/port, is service up?

2. Write exploit → run → "EOF in recv"
   Fix: Server closed connection — payload crashed it. Check offsets.

3. Write exploit → run → wrong output
   Fix: Add debug prints, check each step's output matches expectation.

4. Write exploit → run → "flag{...}"
   Done! Save to flag.txt

Target

$ARGUMENTS

同仓库更多 Skills

同仓库

ctf-crypto

ramzxy/CTF

Cryptography techniques for CTF challenges. Use when attacking encryption, hashing, ZKP, signatures, or mathematical crypto problems.

2026-02-061

ctf-forensics

ramzxy/CTF

Digital forensics and blockchain analysis for CTF challenges. Use when analyzing disk images, memory dumps, event logs, network captures, or cryptocurrency transactions.

2026-02-061

ctf-malware

ramzxy/CTF

Malware and network analysis techniques for CTF challenges. Use when analyzing obfuscated scripts, malicious packages, custom protocols, or C2 traffic.

2026-02-061

ctf-misc

ramzxy/CTF

Miscellaneous CTF challenge techniques. Use for trivia, automation scripts, encoding puzzles, RF/SDR signal processing, or challenges that don't fit other categories.

2026-02-061

ctf-osint

ramzxy/CTF

Open Source Intelligence techniques for CTF challenges. Use when gathering information from public sources, social media, geolocation, or identifying unknown data.

2026-02-061

ctf-pwn

ramzxy/CTF

Binary exploitation (pwn) techniques for CTF challenges. Use when exploiting buffer overflows, format strings, heap vulnerabilities, race conditions, or kernel bugs.

2026-02-061

name	write-exploit
description	Write, test, and iterate on CTF exploit scripts. Use when you need to develop a working exploit with a test-debug-fix loop against a live target.
user-invocable	true
argument-hint	[target info and vulnerability description]
allowed-tools	["Bash","Read","Write","Edit","Glob","Grep","Task","WebFetch","WebSearch"]

Exploit Development Loop

Write exploits iteratively — run, observe, fix, repeat until the flag drops.

Workflow

Understand the vulnerability — Read challenge source/binary analysis first
Write initial exploit — Start simple, add complexity as needed
Test against target — Run locally first, then remote
Debug failures — Read output carefully, add debug prints, check assumptions
Iterate — Fix and re-run until flag captured
Clean up — Save working exploit as solve.py, flag to flag.txt

Exploit Templates

Binary Exploitation (pwntools)

#!/usr/bin/env python3
from pwn import *

context.binary = elf = ELF('./binary')
# context.log_level = 'debug'

def conn():
    if args.REMOTE:
        return remote('HOST', PORT)
    return process('./binary')

io = conn()

# === EXPLOIT HERE ===

io.interactive()

Web Exploitation (requests)

#!/usr/bin/env python3
import requests
import sys

TARGET = sys.argv[1] if len(sys.argv) > 1 else 'http://localhost:8080'
s = requests.Session()

# === EXPLOIT HERE ===

print(f"FLAG: {flag}")

Crypto Solve Script

#!/usr/bin/env python3
from Crypto.Util.number import *
from pwn import *

# === GIVEN VALUES ===

# === SOLVE ===

flag = long_to_bytes(m)
print(f"FLAG: {flag.decode()}")

Pwntools Remote Interaction

#!/usr/bin/env python3
from pwn import *

io = remote('HOST', PORT)

# Read until prompt
io.recvuntil(b'> ')

# Send payload
io.sendline(payload)

# Get response
response = io.recvline()
print(f"Response: {response}")

# Interactive mode for shell
io.interactive()

Debug Tips

Use context.log_level = 'debug' for full pwntools traffic
Add print(f"[*] payload: {payload.hex()}") before sends
Use io.recv(timeout=2) to see unexpected output
Check io.can_recv() before blocking reads
Use gdb.attach(io) for local debugging with breakpoints
For web: print(r.status_code, r.text[:500]) after every request

Common Pitfalls

Wrong endianness: Use p64() for little-endian, p64(val, endian='big') for big
Newline issues: sendline() adds \n, send() doesn't — know which the server expects
Timing: Add sleep(0.5) between sends if server is slow
Encoding: Web payloads may need URL encoding, base64, or hex
Stack alignment: x86-64 needs 16-byte alignment — add extra ret gadget
Python 2 vs 3: pwntools works with bytes in Python 3 — use b"string" not "string"

Iteration Pattern

1. Write exploit → run → "Connection refused"
   Fix: Check host/port, is service up?

2. Write exploit → run → "EOF in recv"
   Fix: Server closed connection — payload crashed it. Check offsets.

3. Write exploit → run → wrong output
   Fix: Add debug prints, check each step's output matches expectation.

4. Write exploit → run → "flag{...}"
   Done! Save to flag.txt

Target

$ARGUMENTS