Description Link to heading
That’s a big blacklist for a pyjail challenge, don’t you think? Author: NoobMaster
nc challs.n00bzunit3d.xyz 8412
Solving Link to heading
Once connected on the server, we can find the code of the PyJail.
blacklist = ["/","0","1","2","3","4","5","6","7","8","9","setattr","compile","globals", \
"os","import","_","breakpoint","exit","lambda","eval","exec","read","print", \
"open","'","=",'"',"x","builtins","clear"]
print("="*25)
print(open(__file__).read())
print("="*25)
print("Welcome to the jail!")
print("="*25)
for i in range(2):
x = input('Enter command: ')
for c in blacklist:
if c in x:
print("Blacklisted word found! Exiting!")
exit(0)
exec(x)
We can see that there is a big blacklist array. But in the same time we are able to send two different input in the same code execution.
Then first, we will clear all the array by using a special font that is recognize by the system. This will bypass the blacklist because it is not in the array. Once the array is empty, we can call any python functions.
Enter command: ๐๐ฉ๐๐ ๐จ๐ฉ๐ฆ๐ฐ๐ฑ.๐ ๐ฉ๐ข๐๐ฏ()
Enter command: print(open('flag.txt').read())
Result Link to heading
n00bz{blacklist.pop()_ftw!_7a5d2f8b}