Agent Skillszhaoxuya520/reverse-skill › competition-container-runtime

competition-container-runtime

GitHub

用于CTF沙箱中分析容器运行时实际状态与清单差异。追踪挂载卷、Sidecar及Init Container对运行时环境的影响,定位Secret消费路径及路由解析,复现最小运行时攻击链。

CTF-Sandbox-Orchestrator/competition-container-runtime/SKILL.md zhaoxuya520/reverse-skill

Trigger Scenarios

用户询问为什么运行中的容器与清单文件不一致 需要确定挂载的Secret被哪个进程实际消费 分析Sidecar或Init Container如何改变运行时状态 查询路由如何解析到具体的运行中容器

Install

npx skills add zhaoxuya520/reverse-skill --skill competition-container-runtime -g -y
More Options

Non-standard path

npx skills add https://github.com/zhaoxuya520/reverse-skill/tree/main/CTF-Sandbox-Orchestrator/competition-container-runtime -g -y

Use without installing

npx skills use zhaoxuya520/reverse-skill@competition-container-runtime

指定 Agent (Claude Code)

npx skills add zhaoxuya520/reverse-skill --skill competition-container-runtime -a claude-code -g -y

安装 repo 全部 skill

npx skills add zhaoxuya520/reverse-skill --all -g -y

预览 repo 内 skill

npx skills add zhaoxuya520/reverse-skill --list

SKILL.md

Frontmatter
{
    "name": "competition-container-runtime",
    "description": "Internal downstream skill for ctf-sandbox-orchestrator. CTF-sandbox workflow for live container runtime analysis, mounted secrets, sidecars, namespaces, init containers, entrypoint drift, and route-to-container resolution. Use when the user asks why a live container differs from manifests, where a mounted secret is consumed, how a sidecar or init container changes runtime state, or which route resolves to which live container. Use only after `$ctf-sandbox-orchestrator` has already established sandbox assumptions and routed here."
}

Competition Container Runtime

Use this skill only as a downstream specialization after $ctf-sandbox-orchestrator is already active and has established sandbox assumptions, node ownership, and evidence priorities. If that has not happened yet, return to $ctf-sandbox-orchestrator first.

Use this skill when the challenge is really about what the live container or pod is doing now, not what the checked-in manifest claims it should do.

Reply in Simplified Chinese unless the user explicitly requests English.

Quick Start

  1. Split intent from reality: manifest, image, startup, live mount, live route, live process.
  2. Map host -> proxy -> container or pod -> mounted volume -> consuming process.
  3. Keep secrets, rendered config, init output, and sidecar output separate from static manifests.
  4. Prove one minimal live path from mounted or injected state to reachable behavior.
  5. Reproduce the effect with the smallest runtime-specific chain.

Workflow

1. Map The Live Runtime

  • Compare compose or kube manifests against running containers, pods, mounted volumes, env, sidecars, init containers, and entrypoints.
  • Identify which process actually consumes the mounted secret, rendered config, or shared volume output.

2. Trace Route And Mount Boundaries

  • Map virtual host, reverse proxy, service, container port, filesystem mount, and runtime-generated file paths together.
  • Record whether the decisive state is image-baked, env-injected, mounted later, or written by an init/sidecar process.

3. Report The Runtime Deviation

  • State the earliest point where live runtime diverges from checked-in intent.
  • Keep one compact evidence chain from manifest or compose intent to live consumer behavior.

Read This Reference

  • Load references/container-runtime.md for the runtime checklist, mount-chain checklist, and common live-vs-static pitfalls.
  • If the hard part is kube API permissions, service-account trust, RBAC edges, admission mutations, or controller-created workload drift, prefer $competition-k8s-control-plane.
  • If the hard part is Host-header routing, path-prefix rewriting, or route-to-service mapping across nodes, prefer $competition-runtime-routing.
  • If the hard part is proving container-to-host crossover, kernel attack-surface preconditions, or stable escape primitives, prefer $competition-kernel-container-escape.
  • If the hard part is replaying Linux secrets, socket trust edges, or host-to-host pivots after container foothold, prefer $competition-linux-credential-pivot.

What To Preserve

  • Compose/Kubernetes fragments tied to live mounts or routes
  • Container IDs, pod names, mount paths, sidecar outputs, rendered config paths, and consuming processes
  • The exact route or file path that becomes reachable only at runtime

Version History

  • 1bec1f2 Current 2026-07-05 18:44

Same Skill Collection

CTF-Sandbox-Orchestrator/competition-crypto-mobile/SKILL.md
CTF-Sandbox-Orchestrator/competition-reverse-pwn/SKILL.md
CTF-Sandbox-Orchestrator/competition-stego-media/SKILL.md
CTF-Sandbox-Orchestrator/competition-web-runtime/SKILL.md
CTF-Sandbox-Orchestrator/ctf-sandbox-orchestrator/SKILL.md
skills/apk-reverse/SKILL.md
skills/binary-diff/SKILL.md
skills/browser-automation/SKILL.md
skills/docs-generator/SKILL.md
skills/dotnet-reverse/SKILL.md
skills/firmware-pentest/SKILL.md
skills/js-reverse/SKILL.md
skills/patch-diff-exploit/SKILL.md
skills/pentest-tools/SKILL.md
skills/pentest-tools/src-hunter/SKILL.md
skills/pwn-chain/SKILL.md
skills/radare2/SKILL.md
CTF-Sandbox-Orchestrator/competition-ad-certificate-abuse/SKILL.md
CTF-Sandbox-Orchestrator/competition-agent-cloud/SKILL.md
CTF-Sandbox-Orchestrator/competition-android-hooking/SKILL.md
CTF-Sandbox-Orchestrator/competition-browser-persistence/SKILL.md
CTF-Sandbox-Orchestrator/competition-bundle-sourcemap-recovery/SKILL.md
CTF-Sandbox-Orchestrator/competition-cloud-metadata-path/SKILL.md
CTF-Sandbox-Orchestrator/competition-custom-protocol-replay/SKILL.md
CTF-Sandbox-Orchestrator/competition-dpapi-credential-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-file-parser-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-firmware-layout/SKILL.md
CTF-Sandbox-Orchestrator/competition-forensic-timeline/SKILL.md
CTF-Sandbox-Orchestrator/competition-graphql-rpc-drift/SKILL.md
CTF-Sandbox-Orchestrator/competition-identity-windows/SKILL.md
CTF-Sandbox-Orchestrator/competition-ios-runtime/SKILL.md
CTF-Sandbox-Orchestrator/competition-jwt-claim-confusion/SKILL.md
CTF-Sandbox-Orchestrator/competition-k8s-control-plane/SKILL.md
CTF-Sandbox-Orchestrator/competition-kerberos-delegation/SKILL.md
CTF-Sandbox-Orchestrator/competition-kernel-container-escape/SKILL.md
CTF-Sandbox-Orchestrator/competition-linux-credential-pivot/SKILL.md
CTF-Sandbox-Orchestrator/competition-lsass-ticket-material/SKILL.md
CTF-Sandbox-Orchestrator/competition-mailbox-abuse/SKILL.md
CTF-Sandbox-Orchestrator/competition-malware-config/SKILL.md
CTF-Sandbox-Orchestrator/competition-oauth-oidc-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-pcap-protocol/SKILL.md
CTF-Sandbox-Orchestrator/competition-prompt-injection/SKILL.md
CTF-Sandbox-Orchestrator/competition-queue-worker-drift/SKILL.md
CTF-Sandbox-Orchestrator/competition-race-condition-state-drift/SKILL.md
CTF-Sandbox-Orchestrator/competition-relay-coercion-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-request-normalization-smuggling/SKILL.md
CTF-Sandbox-Orchestrator/competition-runtime-routing/SKILL.md
CTF-Sandbox-Orchestrator/competition-ssrf-metadata-pivot/SKILL.md
CTF-Sandbox-Orchestrator/competition-supply-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-template-render-path/SKILL.md
CTF-Sandbox-Orchestrator/competition-websocket-runtime/SKILL.md
CTF-Sandbox-Orchestrator/competition-windows-pivot/SKILL.md
skills/diagram-generator/SKILL.md
skills/edr-bypass-re/SKILL.md
skills/ida-reverse/SKILL.md
skills/reverse-engineering/SKILL.md

Metadata

Files
0
Version
1bec1f2
Hash
87412c06
Indexed
2026-07-05 18:44

Главная - Вики-сайт
Copyright © 2011-2026 iteam. Current version is 2.155.2. UTC+08:00, 2026-07-09 04:36
浙ICP备14020137号-1 $Гость$