hitchhike
A really cute Python escape:
#!/usr/bin/env python3.9
import os
def f(x):
print(f'value 1: {repr(x)}')
v = input('value 2: ')
if len(v) > 8: return
return eval(f'{x} * {v}', {}, {})
if __name__ == '__main__':
print("+---------------------------------------------------+")
print("| The Answer to the Ultimate Question of Life, |")
print("| the Universe, and Everything is 42 |")
print("+---------------------------------------------------+")
for x in [6, 6.6, '666', [6666], {b'6':6666}]:
if f(x) != 42:
print("Something is fundamentally wrong with your universe.")
exit(1)
else:
print("Correct!")
print("Congrats! Here is your flag:")
print(os.getenv("FLAG", "FAKECON{try it on remote}"))
Of course they’re all trivial (e.g. "0 or 42"
) except the last one, because
what can you really put in so that dict() * <anything>
doesn’t raise an
exception?
I thought: hmmmmmmm.
I tried some combos, thinking maybe there was a type that had an __rmul__
which handled dict()
s. Counter()
? (Then again, how would I import it?)
Sets, the (obscure) complex j
, etc. Nope.
Again I thought: hmmmmmmm. It has to be something syntactical or skips the evaluation entirely.
0 if 1 else 42
is too long!
eval(input())
is too long!
__impor...
, nah, forget it!
I started at the available functions in __builtins__
and thought: hmmmmmmm.
I know exit
is an object, does it provide some kind of trick that— no. Hey,
what about the other non-function function, help()
, does it… Oh!
Indeed, the help()
mini-shell invokes the external programs less
or more
which can then be used to execute shell commands with !
…