Agent Skillszhaoxuya520/reverse-skill › competition-linux-credential-pivot

competition-linux-credential-pivot

GitHub

用于CTF沙箱中Linux凭据横向移动分析。追踪SSH密钥、令牌及Socket信任链,复现从凭证恢复至权限提升的完整路径,区分本地提权与主机间跳转,为攻击链提供最小化可复现证据。

CTF-Sandbox-Orchestrator/competition-linux-credential-pivot/SKILL.md zhaoxuya520/reverse-skill

Trigger Scenarios

用户要求追踪Linux认证 artifacts 或接受的 token/key 重放 需要解释基于 socket 或服务账户信任边界的 Linux 挑战节点间的横向移动

Install

npx skills add zhaoxuya520/reverse-skill --skill competition-linux-credential-pivot -g -y
More Options

Non-standard path

npx skills add https://github.com/zhaoxuya520/reverse-skill/tree/main/CTF-Sandbox-Orchestrator/competition-linux-credential-pivot -g -y

Use without installing

npx skills use zhaoxuya520/reverse-skill@competition-linux-credential-pivot

指定 Agent (Claude Code)

npx skills add zhaoxuya520/reverse-skill --skill competition-linux-credential-pivot -a claude-code -g -y

安装 repo 全部 skill

npx skills add zhaoxuya520/reverse-skill --all -g -y

预览 repo 内 skill

npx skills add zhaoxuya520/reverse-skill --list

SKILL.md

Frontmatter
{
    "name": "competition-linux-credential-pivot",
    "description": "Internal downstream skill for ctf-sandbox-orchestrator. CTF-sandbox workflow for Linux credential artifacts, service tokens, SSH material, cloud and container secrets, socket-level trust, and host-to-host pivot chains. Use when the user asks to trace Linux auth artifacts, accepted token or key replay, socket or service-account trust edges, sudo or capability abuse, or explain lateral movement across Linux challenge nodes. Use only after `$ctf-sandbox-orchestrator` has already established sandbox assumptions and routed here."
}

Competition Linux Credential Pivot

Use this skill only as a downstream specialization after $ctf-sandbox-orchestrator is already active and has established sandbox assumptions, node ownership, and evidence priorities. If that has not happened yet, return to $ctf-sandbox-orchestrator first.

Use this skill when the decisive edge is Linux credential material and where that material is accepted.

Reply in Simplified Chinese unless the user explicitly requests English.

Quick Start

  1. Separate credential storage from accepted privilege.
  2. Record user, process, namespace, socket, key file, and service trust boundary before conclusions.
  3. Keep artifact recovery, replay path, and resulting capability in one chain.
  4. Distinguish local escalation from lateral host pivot.
  5. Reproduce one minimal artifact-to-accepted-access path.

Workflow

1. Map Credential And Trust Artifacts

  • Record SSH keys, agent sockets, kubeconfigs, cloud tokens, service-account secrets, env vars, config files, and process memory clues.
  • Note sudoers rules, capabilities, setuid binaries, systemd unit context, and namespace boundaries.
  • Keep each artifact tied to owner, scope, and expected accepting service.

2. Prove Replay And Pivot

  • Show where key, token, socket, or secret is accepted: SSH, API, Unix socket, container runtime, or control-plane endpoint.
  • Record host target, protocol, principal, and resulting session or privilege.
  • Distinguish authentication success from useful capability gain.

3. Reduce To Decisive Linux Pivot Chain

  • Compress to: recovered artifact -> accepted replay path -> pivot host or privilege transition -> resulting capability.
  • State whether root cause is weak key handling, token leakage, socket trust, sudo or capability abuse, or namespace crossover.
  • If the chain pivots into kernel exploit boundaries, hand off to kernel container escape skill.

Read This Reference

  • Load references/linux-credential-pivot.md for artifact checklists, replay matrix, and evidence packaging.

What To Preserve

  • Artifact path, owner, scope, accepting service, and resulting principal
  • Exact pivot order with protocol and target host or namespace
  • One minimal replayable chain proving capability gain

Version History

  • 1bec1f2 Current 2026-07-05 18:45

Same Skill Collection

CTF-Sandbox-Orchestrator/competition-crypto-mobile/SKILL.md
CTF-Sandbox-Orchestrator/competition-reverse-pwn/SKILL.md
CTF-Sandbox-Orchestrator/competition-stego-media/SKILL.md
CTF-Sandbox-Orchestrator/competition-web-runtime/SKILL.md
CTF-Sandbox-Orchestrator/ctf-sandbox-orchestrator/SKILL.md
skills/apk-reverse/SKILL.md
skills/binary-diff/SKILL.md
skills/browser-automation/SKILL.md
skills/docs-generator/SKILL.md
skills/dotnet-reverse/SKILL.md
skills/firmware-pentest/SKILL.md
skills/js-reverse/SKILL.md
skills/patch-diff-exploit/SKILL.md
skills/pentest-tools/SKILL.md
skills/pentest-tools/src-hunter/SKILL.md
skills/pwn-chain/SKILL.md
skills/radare2/SKILL.md
CTF-Sandbox-Orchestrator/competition-ad-certificate-abuse/SKILL.md
CTF-Sandbox-Orchestrator/competition-agent-cloud/SKILL.md
CTF-Sandbox-Orchestrator/competition-android-hooking/SKILL.md
CTF-Sandbox-Orchestrator/competition-browser-persistence/SKILL.md
CTF-Sandbox-Orchestrator/competition-bundle-sourcemap-recovery/SKILL.md
CTF-Sandbox-Orchestrator/competition-cloud-metadata-path/SKILL.md
CTF-Sandbox-Orchestrator/competition-container-runtime/SKILL.md
CTF-Sandbox-Orchestrator/competition-custom-protocol-replay/SKILL.md
CTF-Sandbox-Orchestrator/competition-dpapi-credential-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-file-parser-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-firmware-layout/SKILL.md
CTF-Sandbox-Orchestrator/competition-forensic-timeline/SKILL.md
CTF-Sandbox-Orchestrator/competition-graphql-rpc-drift/SKILL.md
CTF-Sandbox-Orchestrator/competition-identity-windows/SKILL.md
CTF-Sandbox-Orchestrator/competition-ios-runtime/SKILL.md
CTF-Sandbox-Orchestrator/competition-jwt-claim-confusion/SKILL.md
CTF-Sandbox-Orchestrator/competition-k8s-control-plane/SKILL.md
CTF-Sandbox-Orchestrator/competition-kerberos-delegation/SKILL.md
CTF-Sandbox-Orchestrator/competition-kernel-container-escape/SKILL.md
CTF-Sandbox-Orchestrator/competition-lsass-ticket-material/SKILL.md
CTF-Sandbox-Orchestrator/competition-mailbox-abuse/SKILL.md
CTF-Sandbox-Orchestrator/competition-malware-config/SKILL.md
CTF-Sandbox-Orchestrator/competition-oauth-oidc-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-pcap-protocol/SKILL.md
CTF-Sandbox-Orchestrator/competition-prompt-injection/SKILL.md
CTF-Sandbox-Orchestrator/competition-queue-worker-drift/SKILL.md
CTF-Sandbox-Orchestrator/competition-race-condition-state-drift/SKILL.md
CTF-Sandbox-Orchestrator/competition-relay-coercion-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-request-normalization-smuggling/SKILL.md
CTF-Sandbox-Orchestrator/competition-runtime-routing/SKILL.md
CTF-Sandbox-Orchestrator/competition-ssrf-metadata-pivot/SKILL.md
CTF-Sandbox-Orchestrator/competition-supply-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-template-render-path/SKILL.md
CTF-Sandbox-Orchestrator/competition-websocket-runtime/SKILL.md
CTF-Sandbox-Orchestrator/competition-windows-pivot/SKILL.md
skills/diagram-generator/SKILL.md
skills/edr-bypass-re/SKILL.md
skills/ida-reverse/SKILL.md
skills/reverse-engineering/SKILL.md

Metadata

Files
0
Version
1bec1f2
Hash
f00c32a3
Indexed
2026-07-05 18:45

Главная - Вики-сайт
Copyright © 2011-2026 iteam. Current version is 2.155.2. UTC+08:00, 2026-07-08 20:19
浙ICP备14020137号-1 $Гость$