Description:
Solve level0 of the pyjail series!
Note: The server is running on Ubuntu 22.04.
Flag format: shakti{}
Author: Claire de lune
The intended solution is to use the __builtins__
module to access the import
function and read the flag.
Running the file gives us the following output:
On trying to import the os module, we get the following error:
Which means the import function has been blocked somehow.
So we try to access the __builtins__
module and import the os module from there.
__builtins__.__import__('os').system('cat flag.txt')
This gives us the flag: shakti{7h47_w45_7Un!3a36rgjsk9}
Description:
Solve level1 of the pyjail series!
Note: The server is running on Ubuntu 22.04.
Flag format: shakti{}
Author: Claire de lune
The intended solution is to use globals() to find the __builtins__
module and access the import
function to read the flag.
Running the file gives us the following output:
On trying to run the last exploit, we get the following error:
Which means the __builtins__
module has been blocked somehow.
So we try to access the __builtins__
module using globals().Running globals() gives us the following output:
We can see that the __builtins__.__import__
module is present in the globals() dictionary.
So we try to import the os module from there.
we_need_you_alive.('os').system('cat flag.txt')
This displays the message:
The flag is : shakti{7h47_W45_4_Cl053_C4ll!!!}
Description:
Solve endgame of the pyjail series!
Note: The server is running on Ubuntu 22.04.
Flag format: shakti{}
Author: Claire de lune
The intended solution is to use globals() to find the __builtins__
module and access the import os
function to read the flag.Also the exec function has been blocked.
Running the file gives us the following output:
Let's try using the helpline:
So the helpline id is the password in the message that was displayed at the end of the last game. The helpline is basically globals() function which shows the banned list containing the functions: print, exec, eval,read,open and globals(). It also shows the os module saved as 'sos' and exec function saved as 'beat_the_master'.
beat_the_master('sos.system("cat flag.txt")')
This displays the message:
The flag is: shakti{H0w_D0_y0u_L1k3_35c4p3_r00m5_n0W?}