Exploits

Running Exploits

Run exploits with `ckc exploit test/run`, including tick/thread tuning and submit mode.

Running Exploits

Test mode (always first)

ckc exploit test -e my_exploit -n CookieService -t 30 -T 5

test enables Python runtime -x mode: execution only on NOP team.

exploit test

Run mode (competition)

ckc exploit run -e my_exploit -n CookieService -t 60 -T 20

exploit run

Main flags

-e, --exploit: exploit path or name
-n, --name: service name
-t, --tick: seconds between rounds
-T, --thread: target concurrency
-d, --detach: start in background
-S, --submit: direct HTTP submit instead of CKP

Practical tuning

Competition start baseline: -t 60, -T 10..20
Unstable services: lower -T
Saturated checker: increase -t
Many failed without error: verify regex/shared config alignment

Stop and list

ckc exploit list      # local exploit templates
ckc exploit listrun   # running exploits with PID
ckc exploit stop -p <pid>

Manual single-flag submit

ckc exploit submit -f 'FLAG{...}' -n CookieService -t 7 -m 'manual retry'

How is this guide?

Creating Exploits

How to create Python exploits compatible with CookieFarm.

Exploiter Library

Internals of the Python `cookiefarm` runtime used by exploits.

On this page

Running Exploits Test mode (always first)Run mode (competition)Main flags Practical tuning Stop and list Manual single-flag submit