Ctf Misc

Name: Ctf Misc
Author: ljagiello

ljagiello/ctf-skills

Escape bash jails and restricted shells during CTF misc challenges with documented bypass patterns, privilege escalation checklists, and minimal-command exfiltration tricks.

Overview

CTF Misc is an agent skill for the Ship phase that documents bash jail and restricted-shell bypass techniques for authorized CTF and lab misc challenges.

Install

npx skills add https://github.com/ljagiello/ctf-skills --skill ctf-misc

What is this skill?

Table of contents covering jail ID, eval context, and character-restricted bash (#, $, \)
Techniques: $# / ${##} number building, PID digits, octal ANSI-C quoting, dollar-zero variants
Named writeups: HISTFILE reads, $'...' octal bypass, LD_PRELOAD via rbash, /dev/tcp exfil, echo-only layer escape
Post-shell internal service discovery and privilege escalation checklist
Closed-stdout and \r truncation jail patterns from competition scenarios
Documented technique families include HISTFILE, octal $'...' encoding, LD_PRELOAD, and /dev/tcp exfiltration patterns

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 4.3k installs on skills.sh; 2.3k GitHub stars; 1/3 security scanners passed (skills.sh audits).

What problem does it solve?

You are stuck in a restricted bash or rbash jail in a CTF and need a structured catalog of bypass tricks instead of guessing one-off payloads.

Who is it for?

Solo CTF players and security hobbyists working misc/pwn-adjacent shell challenges in controlled environments.

Skip if: Production DevOps shell scripting, legitimate admin hardening without authorization, or general productivity terminal use.

When should I use this skill?

User is solving CTF misc challenges involving bash jails, rbash, or restricted character sets and needs structured bypass guidance.

What do I get? / Deliverables

You apply the matching jail pattern—octal quoting, HISTFILE reads, LD_PRELOAD, or /dev/tcp exfil—and follow the post-shell privilege escalation checklist.

Selected bypass technique steps matched to jail constraints
Post-shell discovery and privilege escalation checklist actions

Recommended Skills

Azure Compliancemicrosoft/azure-skills

Azure Compliance is a Microsoft agent skill for solo builders and small teams who need structured security and complianc…373k installs·1.2k stars

Openclaw Secure Linux Cloudxixu-me/skills

OpenClaw Secure Linux Cloud guides a hardened VPS deployment—rootless Podman, loopback-only gateway, SSH-tunneled Contro…201k installs·61 stars

Entra Agent Idmicrosoft/azure-skills

entra-agent-id is a Microsoft-authored agent skill for provisioning and operating OAuth-capable identities tailored to A…99.1k installs·1.2k stars

Firebase Security Rules Auditorfirebase/agent-skills

Firebase Security Rules Auditor turns your agent into a senior penetration-style reviewer for Firestore rulesets. Solo b…40.3k installs·345 stars

Firestore Security Rules Auditorfirebase/agent-skills

Firestore-security-rules-auditor is a checker skill for solo builders and small teams shipping Firebase-backed apps who …20.3k installs·345 stars

Skill Vetteruseai-pro/openclaw-skills-security

Skill Vetter is a security-first OpenClaw agent skill that makes your coding agent behave like a pre-install auditor for…19.2k installs·62 stars

Journey fit

Primary fit

Canonical shelf is Ship → security because the skill addresses exploitation and hardening patterns under constrained execution—offensive security practice aligned with review and breakout testing. Subphase security captures jail identification, eval context detection, and post-shell privilege escalation—not general shell scripting tutorials.

How it compares

Use as a CTF technique playbook, not as a substitute for formal secure-shell configuration guides for production servers.

Common Questions / FAQ

Who is ctf-misc for?

Capture-the-flag competitors and learners who need agent-assisted recall of jail bypass methods under character or command restrictions.

When should I use ctf-misc?

During Ship security practice when solving authorized misc challenges involving rbash, echo-only layers, or minimal builtins.

Is ctf-misc safe to install?

The skill describes offensive breakout patterns; only use on targets you own or that explicitly permit testing, and review the Security Audits panel on this Prism page.

SKILL.md

READMESKILL.md - Ctf Misc

# CTF Misc - Bash Jails & Restricted Shells

## Table of Contents
- [Identifying the Jail](#identifying-the-jail)
- [Eval Context Detection](#eval-context-detection)
- [Character-Restricted Bash: Only #, $, \](#character-restricted-bash-only---)
- [Internal Service Discovery (Post-Shell)](#internal-service-discovery-post-shell)
- [Other Restricted Character Set Tricks](#other-restricted-character-set-tricks)
  - [Building numbers from $# and ${##}](#building-numbers-from--and-)
  - [Using PID digits](#using-pid-digits)
  - [Octal in ANSI-C quoting](#octal-in-ansi-c-quoting)
  - [Dollar-zero variants](#dollar-zero-variants)
- [Privilege Escalation Checklist (Post-Shell)](#privilege-escalation-checklist-post-shell)
- [HISTFILE Trick for Restricted Shell File Reads (BCTF 2016)](#histfile-trick-for-restricted-shell-file-reads-bctf-2016)
- [Bash Jail Bypass via $'...' Octal Encoding (34C3 CTF 2017)](#bash-jail-bypass-via--octal-encoding-34c3-ctf-2017)
- [LD_PRELOAD Hook via rbash-Allowed Variable Set (OTW Advent 2018)](#ld_preload-hook-via-rbash-allowed-variable-set-otw-advent-2018)
- [/dev/tcp Exfiltration from Minimal Command Set (OTW Advent 2018)](#devtcp-exfiltration-from-minimal-command-set-otw-advent-2018)
- [Layer-by-Layer Echo-Only Bash Escape (Insomnihack 2019)](#layer-by-layer-echo-only-bash-escape-insomnihack-2019)
- [Closed-Stdout Jail with \r Truncation (Insomnihack 2019)](#closed-stdout-jail-with-r-truncation-insomnihack-2019)
- [References](#references)

---

## Identifying the Jail

**Methodology:** Send test inputs and observe error messages to determine:
1. What characters are allowed (whitelist vs blacklist)
2. Whether input is `eval`'d, passed to `bash -c`, or something else
3. Whether input is wrapped in quotes (double-quoted eval context)

**Test for character filtering:**
```python
from pwn import *
import time

# Send each char combined with a known-good payload
for c in range(32, 127):
    r = remote(host, port, level='error')
    r.sendline(b'$#' + bytes([c]) + b'$#')
    time.sleep(0.3)
    try:
        data = r.recv(timeout=1)
        if data:
            print(f'{chr(c)!r}: {data.decode().strip()[:60]}')
    except:
        pass
    r.close()
```

**Silent rejection = character not allowed.** Error output = character passed the filter.

**Key insight:** Systematically probe each printable character to map the allowed set before crafting payloads. Silent rejection means the character is filtered; any error output means it passed the filter and reached the shell.

---

## Eval Context Detection

**Double-quoted eval** (`eval "$input"`):
- Trailing `\` causes: `unexpected EOF while looking for matching '"'`
- `$#` expands to `0` (inside double-quotes, `$` still expands)
- `\$` gives literal `$` (backslash escapes dollar in double-quotes)
- `\#` gives `\#` literally (backslash doesn't escape `#` in double-quotes, but eval then interprets `\#` as literal `#`)

**Bare eval** (`eval $input`):
- Word splitting applies
- Backslash escapes work differently

**Read behavior:**
- `read -r`: backslashes preserved literally
- `read` (without -r): backslash is escape character (strips backslashes)

**Key insight:** Distinguish between `eval "$input"` (double-quoted) and `eval $input` (bare) by sending a trailing backslash. Double-quoted eval produces an "unexpected EOF" error because the backslash escapes the closing quote; bare eval does not. This determines which escape sequences are available for exploitation.

---

## Character-Restricted Bash: Only `#`, `$`, `\`

**Pattern (HashCashSlash):** Filter regex `^[\\#\$]+$` allows only hash, dollar, backslash.

**Available expansions:**
| Construct | Result | Notes |
|-----------|--------|-------|
| `$#` | `0` | Number of positional parameters |
| `$$` | PID | Current process ID (multi-digit number) |
| `\$` | literal `$` | In double-quoted eval context |
| `\\` | literal `\` | In double-quoted eval context |
| `\#` | literal `#` | Via eval's second-pass interpretation

What is this skill?

Table of contents covering jail ID, eval context, and character-restricted bash (#, $, \)

Techniques: $# / ${##} number building, PID digits, octal ANSI-C quoting, dollar-zero variants

Named writeups: HISTFILE reads, $'...' octal bypass, LD_PRELOAD via rbash, /dev/tcp exfil, echo-only layer escape

Post-shell internal service discovery and privilege escalation checklist

Closed-stdout and \r truncation jail patterns from competition scenarios

Documented technique families include HISTFILE, octal $'...' encoding, LD_PRELOAD, and /dev/tcp exfiltration patterns

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 4.3k installs on skills.sh; 2.3k GitHub stars; 1/3 security scanners passed (skills.sh audits).

Journey fit

Primary fit

SKILL.md

READMESKILL.md - Ctf Misc

# CTF Misc - Bash Jails & Restricted Shells

## Table of Contents
- [Identifying the Jail](#identifying-the-jail)
- [Eval Context Detection](#eval-context-detection)
- [Character-Restricted Bash: Only #, $, \](#character-restricted-bash-only---)
- [Internal Service Discovery (Post-Shell)](#internal-service-discovery-post-shell)
- [Other Restricted Character Set Tricks](#other-restricted-character-set-tricks)
  - [Building numbers from $# and ${##}](#building-numbers-from--and-)
  - [Using PID digits](#using-pid-digits)
  - [Octal in ANSI-C quoting](#octal-in-ansi-c-quoting)
  - [Dollar-zero variants](#dollar-zero-variants)
- [Privilege Escalation Checklist (Post-Shell)](#privilege-escalation-checklist-post-shell)
- [HISTFILE Trick for Restricted Shell File Reads (BCTF 2016)](#histfile-trick-for-restricted-shell-file-reads-bctf-2016)
- [Bash Jail Bypass via $'...' Octal Encoding (34C3 CTF 2017)](#bash-jail-bypass-via--octal-encoding-34c3-ctf-2017)
- [LD_PRELOAD Hook via rbash-Allowed Variable Set (OTW Advent 2018)](#ld_preload-hook-via-rbash-allowed-variable-set-otw-advent-2018)
- [/dev/tcp Exfiltration from Minimal Command Set (OTW Advent 2018)](#devtcp-exfiltration-from-minimal-command-set-otw-advent-2018)
- [Layer-by-Layer Echo-Only Bash Escape (Insomnihack 2019)](#layer-by-layer-echo-only-bash-escape-insomnihack-2019)
- [Closed-Stdout Jail with \r Truncation (Insomnihack 2019)](#closed-stdout-jail-with-r-truncation-insomnihack-2019)
- [References](#references)

---

## Identifying the Jail

**Methodology:** Send test inputs and observe error messages to determine:
1. What characters are allowed (whitelist vs blacklist)
2. Whether input is `eval`'d, passed to `bash -c`, or something else
3. Whether input is wrapped in quotes (double-quoted eval context)

**Test for character filtering:**
```python
from pwn import *
import time

# Send each char combined with a known-good payload
for c in range(32, 127):
    r = remote(host, port, level='error')
    r.sendline(b'$#' + bytes([c]) + b'$#')
    time.sleep(0.3)
    try:
        data = r.recv(timeout=1)
        if data:
            print(f'{chr(c)!r}: {data.decode().strip()[:60]}')
    except:
        pass
    r.close()
```

**Silent rejection = character not allowed.** Error output = character passed the filter.

**Key insight:** Systematically probe each printable character to map the allowed set before crafting payloads. Silent rejection means the character is filtered; any error output means it passed the filter and reached the shell.

---

## Eval Context Detection

**Double-quoted eval** (`eval "$input"`):
- Trailing `\` causes: `unexpected EOF while looking for matching '"'`
- `$#` expands to `0` (inside double-quotes, `$` still expands)
- `\$` gives literal `$` (backslash escapes dollar in double-quotes)
- `\#` gives `\#` literally (backslash doesn't escape `#` in double-quotes, but eval then interprets `\#` as literal `#`)

**Bare eval** (`eval $input`):
- Word splitting applies
- Backslash escapes work differently

**Read behavior:**
- `read -r`: backslashes preserved literally
- `read` (without -r): backslash is escape character (strips backslashes)

**Key insight:** Distinguish between `eval "$input"` (double-quoted) and `eval $input` (bare) by sending a trailing backslash. Double-quoted eval produces an "unexpected EOF" error because the backslash escapes the closing quote; bare eval does not. This determines which escape sequences are available for exploitation.

---

## Character-Restricted Bash: Only `#`, `$`, `\`

**Pattern (HashCashSlash):** Filter regex `^[\\#\$]+$` allows only hash, dollar, backslash.

**Available expansions:**
| Construct | Result | Notes |
|-----------|--------|-------|
| `$#` | `0` | Number of positional parameters |
| `$$` | PID | Current process ID (multi-digit number) |
| `\$` | literal `$` | In double-quoted eval context |
| `\\` | literal `\` | In double-quoted eval context |
| `\#` | literal `#` | Via eval's second-pass interpretation

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is ctf-misc for?

When should I use ctf-misc?

Is ctf-misc safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is ctf-misc for?

When should I use ctf-misc?

Is ctf-misc safe to install?

SKILL.md